feat: improve error handling and code format (#2682)

* feat: improve error process and code format

* feat: improve error process and code format

authz/authz.go

@@ -51,7 +51,8 @@ p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
 p, *, *, GET, /api/user, *, *
 p, *, *, GET, /api/health, *, *
-p, *, *, POST, /api/webhook, *, *
+p, *, *, *, /api/webhook, *, *
+p, *, *, GET, /api/get-qrcode, *, *
 p, *, *, GET, /api/get-webhook-event, *, *
 p, *, *, GET, /api/get-captcha-status, *, *
 p, *, *, *, /api/login/oauth, *, *
@@ -152,7 +153,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 
 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
-		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" || urlPath == "/api/verify-code" || urlPath == "/api/check-user-password" || strings.HasPrefix(urlPath, "/api/mfa/") {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" || urlPath == "/api/verify-code" || urlPath == "/api/check-user-password" || strings.HasPrefix(urlPath, "/api/mfa/") || urlPath == "/api/webhook" || urlPath == "/api/get-qrcode" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information

controllers/account.go

@@ -94,7 +94,7 @@ func (c *ApiController) Signup() {
 		return
 	}
 	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist")), authForm.Application)
+		c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
 		return
 	}
 
@@ -110,7 +110,7 @@ func (c *ApiController) Signup() {
 	}
 
 	if organization == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s does not exist")), authForm.Organization)
+		c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s does not exist"), authForm.Organization))
 		return
 	}
 

controllers/auth.go

@@ -24,7 +24,6 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
-	"sync"
 
 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/conf"
@@ -37,11 +36,6 @@ import (
 	"golang.org/x/oauth2"
 )
 
-var (
-	wechatScanType string
-	lock           sync.RWMutex
-)
-
 func codeToResponse(code *object.Code) *Response {
 	if code.Code == "" {
 		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
@@ -896,6 +890,7 @@ func (c *ApiController) GetSamlLogin() {
 	authURL, method, err := object.GenerateSamlRequest(providerId, relayState, c.Ctx.Request.Host, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
+		return
 	}
 	c.ResponseOk(authURL, method)
 }
@@ -906,6 +901,7 @@ func (c *ApiController) HandleSamlLogin() {
 	decode, err := base64.StdEncoding.DecodeString(relayState)
 	if err != nil {
 		c.ResponseError(err.Error())
+		return
 	}
 	slice := strings.Split(string(decode), "&")
 	relayState = url.QueryEscape(relayState)
@@ -919,49 +915,112 @@ func (c *ApiController) HandleSamlLogin() {
 // @Tag System API
 // @Title HandleOfficialAccountEvent
 // @router /webhook [POST]
-// @Success 200 {object} object.Userinfo The Response object
+// @Success 200 {object} controllers.Response The Response object
 func (c *ApiController) HandleOfficialAccountEvent() {
+	if c.Ctx.Request.Method == "GET" {
+		s := c.Ctx.Request.FormValue("echostr")
+		echostr, _ := strconv.Atoi(s)
+		c.SetData(echostr)
+		c.ServeJSON()
+		return
+	}
 	respBytes, err := io.ReadAll(c.Ctx.Request.Body)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-
+	signature := c.Input().Get("signature")
+	timestamp := c.Input().Get("timestamp")
+	nonce := c.Input().Get("nonce")
 	var data struct {
-		MsgType  string `xml:"MsgType"`
-		Event    string `xml:"Event"`
-		EventKey string `xml:"EventKey"`
+		MsgType      string `xml:"MsgType"`
+		Event        string `xml:"Event"`
+		EventKey     string `xml:"EventKey"`
+		FromUserName string `xml:"FromUserName"`
+		Ticket       string `xml:"Ticket"`
 	}
 	err = xml.Unmarshal(respBytes, &data)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-
-	lock.Lock()
-	defer lock.Unlock()
-	if data.EventKey != "" {
-		wechatScanType = data.Event
+	if strings.ToUpper(data.Event) != "SCAN" && strings.ToUpper(data.Event) != "SUBSCRIBE" {
 		c.Ctx.WriteString("")
+		return
 	}
+	if data.Ticket == "" {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	providerId := data.EventKey
+	provider, err := object.GetProvider(providerId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	if data.Ticket == "" {
+		c.ResponseError("empty ticket")
+		return
+	}
+	if !idp.VerifyWechatSignature(provider.Content, nonce, timestamp, signature) {
+		c.ResponseError("invalid signature")
+		return
+	}
+
+	idp.Lock.Lock()
+	if idp.WechatCacheMap == nil {
+		idp.WechatCacheMap = make(map[string]idp.WechatCacheMapValue)
+	}
+	idp.WechatCacheMap[data.Ticket] = idp.WechatCacheMapValue{
+		IsScanned:     true,
+		WechatUnionId: data.FromUserName,
+	}
+	idp.Lock.Unlock()
+
+	c.Ctx.WriteString("")
 }
 
 // GetWebhookEventType ...
 // @Tag System API
 // @Title GetWebhookEventType
 // @router /get-webhook-event [GET]
-// @Success 200 {object} object.Userinfo The Response object
+// @Param   ticket     query    string  true        "The eventId of QRCode"
+// @Success 200 {object} controllers.Response The Response object
 func (c *ApiController) GetWebhookEventType() {
-	lock.Lock()
-	defer lock.Unlock()
-	resp := &Response{
-		Status: "ok",
-		Msg:    "",
-		Data:   wechatScanType,
+	ticket := c.Input().Get("ticket")
+
+	idp.Lock.RLock()
+	_, ok := idp.WechatCacheMap[ticket]
+	idp.Lock.RUnlock()
+	if !ok {
+		c.ResponseError("ticket not found")
+		return
 	}
-	c.Data["json"] = resp
-	wechatScanType = ""
-	c.ServeJSON()
+
+	c.ResponseOk("SCAN", ticket)
+}
+
+// GetQRCode
+// @Tag System API
+// @Title GetWechatQRCode
+// @router /get-qrcode [GET]
+// @Param   id     query    string  true        "The id ( owner/name ) of provider"
+// @Success 200 {object} controllers.Response The Response object
+func (c *ApiController) GetQRCode() {
+	providerId := c.Input().Get("id")
+	provider, err := object.GetProvider(providerId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	code, ticket, err := idp.GetWechatOfficialAccountQRCode(provider.ClientId2, provider.ClientSecret2, providerId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(code, ticket)
 }
 
 // GetCaptchaStatus

controllers/mfa.go

@@ -19,6 +19,14 @@ import (
 
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
+	"github.com/google/uuid"
+)
+
+const (
+	MfaRecoveryCodesSession = "mfa_recovery_codes"
+	MfaCountryCodeSession   = "mfa_country_code"
+	MfaDestSession          = "mfa_dest"
+	MfaTotpSecretSession    = "mfa_totp_secret"
 )
 
 // MfaSetupInitiate
@@ -57,12 +65,20 @@ func (c *ApiController) MfaSetupInitiate() {
 		return
 	}
 
-	mfaProps, err := MfaUtil.Initiate(c.Ctx, user.GetId())
+	mfaProps, err := MfaUtil.Initiate(user.GetId())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
+	recoveryCode := uuid.NewString()
+	c.SetSession(MfaRecoveryCodesSession, recoveryCode)
+	if mfaType == object.TotpType {
+		c.SetSession(MfaTotpSecretSession, mfaProps.Secret)
+	}
+
+	mfaProps.RecoveryCodes = []string{recoveryCode}
+
 	resp := mfaProps
 	c.ResponseOk(resp)
 }
@@ -83,13 +99,39 @@ func (c *ApiController) MfaSetupVerify() {
 		c.ResponseError("missing auth type or passcode")
 		return
 	}
-	mfaUtil := object.GetMfaUtil(mfaType, nil)
+
+	config := &object.MfaProps{
+		MfaType: mfaType,
+	}
+	if mfaType == object.TotpType {
+		secret := c.GetSession(MfaTotpSecretSession)
+		if secret == nil {
+			c.ResponseError("totp secret is missing")
+			return
+		}
+		config.Secret = secret.(string)
+	} else if mfaType == object.EmailType || mfaType == object.SmsType {
+		dest := c.GetSession(MfaDestSession)
+		if dest == nil {
+			c.ResponseError("destination is missing")
+			return
+		}
+		config.Secret = dest.(string)
+		countryCode := c.GetSession(MfaCountryCodeSession)
+		if countryCode == nil {
+			c.ResponseError("country code is missing")
+			return
+		}
+		config.CountryCode = countryCode.(string)
+	}
+
+	mfaUtil := object.GetMfaUtil(mfaType, config)
 	if mfaUtil == nil {
 		c.ResponseError("Invalid multi-factor authentication type")
 		return
 	}
 
-	err := mfaUtil.SetupVerify(c.Ctx, passcode)
+	err := mfaUtil.SetupVerify(passcode)
 	if err != nil {
 		c.ResponseError(err.Error())
 	} else {
@@ -122,18 +164,58 @@ func (c *ApiController) MfaSetupEnable() {
 		return
 	}
 
-	mfaUtil := object.GetMfaUtil(mfaType, nil)
+	config := &object.MfaProps{
+		MfaType: mfaType,
+	}
+
+	if mfaType == object.TotpType {
+		secret := c.GetSession(MfaTotpSecretSession)
+		if secret == nil {
+			c.ResponseError("totp secret is missing")
+			return
+		}
+		config.Secret = secret.(string)
+	} else if mfaType == object.EmailType || mfaType == object.SmsType {
+		dest := c.GetSession(MfaDestSession)
+		if dest == nil {
+			c.ResponseError("destination is missing")
+			return
+		}
+		config.Secret = dest.(string)
+		countryCode := c.GetSession(MfaCountryCodeSession)
+		if countryCode == nil {
+			c.ResponseError("country code is missing")
+			return
+		}
+		config.CountryCode = countryCode.(string)
+	}
+	recoveryCodes := c.GetSession(MfaRecoveryCodesSession)
+	if recoveryCodes == nil {
+		c.ResponseError("recovery codes is missing")
+		return
+	}
+	config.RecoveryCodes = []string{recoveryCodes.(string)}
+
+	mfaUtil := object.GetMfaUtil(mfaType, config)
 	if mfaUtil == nil {
 		c.ResponseError("Invalid multi-factor authentication type")
 		return
 	}
 
-	err = mfaUtil.Enable(c.Ctx, user)
+	err = mfaUtil.Enable(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
+	c.DelSession(MfaRecoveryCodesSession)
+	if mfaType == object.TotpType {
+		c.DelSession(MfaTotpSecretSession)
+	} else {
+		c.DelSession(MfaCountryCodeSession)
+		c.DelSession(MfaDestSession)
+	}
+
 	c.ResponseOk(http.StatusText(http.StatusOK))
 }
 

controllers/verification.go

@@ -161,7 +161,7 @@ func (c *ApiController) SendVerificationCode() {
 				vform.Dest = mfaProps.Secret
 			}
 		} else if vform.Method == MfaSetupVerification {
-			c.SetSession(object.MfaDestSession, vform.Dest)
+			c.SetSession(MfaDestSession, vform.Dest)
 		}
 
 		provider, err := application.GetEmailProvider()
@@ -198,8 +198,8 @@ func (c *ApiController) SendVerificationCode() {
 			}
 
 			if vform.Method == MfaSetupVerification {
-				c.SetSession(object.MfaCountryCodeSession, vform.CountryCode)
-				c.SetSession(object.MfaDestSession, vform.Dest)
+				c.SetSession(MfaCountryCodeSession, vform.CountryCode)
+				c.SetSession(MfaDestSession, vform.Dest)
 			}
 		} else if vform.Method == MfaAuthVerification {
 			mfaProps := user.GetPreferredMfaProps(false)

idp/wechat.go

@@ -16,24 +16,38 @@ package idp
 
 import (
 	"bytes"
+	"crypto/sha1"
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
+	"sort"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/skip2/go-qrcode"
 	"golang.org/x/oauth2"
 )
 
+var (
+	WechatCacheMap map[string]WechatCacheMapValue
+	Lock           sync.RWMutex
+)
+
 type WeChatIdProvider struct {
 	Client *http.Client
 	Config *oauth2.Config
 }
 
+type WechatCacheMapValue struct {
+	IsScanned     bool
+	WechatUnionId string
+}
+
 func NewWeChatIdProvider(clientId string, clientSecret string, redirectUrl string) *WeChatIdProvider {
 	idp := &WeChatIdProvider{}
 
@@ -76,6 +90,15 @@ type WechatAccessToken struct {
 // GetToken use code get access_token (*operation of getting code ought to be done in front)
 // get more detail via: https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html
 func (idp *WeChatIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	if strings.HasPrefix(code, "wechat_oa:") {
+		token := oauth2.Token{
+			AccessToken: code,
+			TokenType:   "WeChatAccessToken",
+			Expiry:      time.Time{},
+		}
+		return &token, nil
+	}
+
 	params := url.Values{}
 	params.Add("grant_type", "authorization_code")
 	params.Add("appid", idp.Config.ClientID)
@@ -156,6 +179,29 @@ type WechatUserInfo struct {
 func (idp *WeChatIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	var wechatUserInfo WechatUserInfo
 	accessToken := token.AccessToken
+
+	if strings.HasPrefix(accessToken, "wechat_oa:") {
+		Lock.RLock()
+		mapValue, ok := WechatCacheMap[accessToken[10:]]
+		Lock.RUnlock()
+
+		if !ok || mapValue.WechatUnionId == "" {
+			return nil, fmt.Errorf("error ticket")
+		}
+
+		Lock.Lock()
+		delete(WechatCacheMap, accessToken[10:])
+		Lock.Unlock()
+
+		userInfo := UserInfo{
+			Id:          mapValue.WechatUnionId,
+			Username:    "wx_user_" + mapValue.WechatUnionId,
+			DisplayName: "wx_user_" + mapValue.WechatUnionId,
+			AvatarUrl:   "",
+		}
+		return &userInfo, nil
+	}
+
 	openid := token.Extra("Openid")
 
 	userInfoUrl := fmt.Sprintf("https://api.weixin.qq.com/sns/userinfo?access_token=%s&openid=%s", accessToken, openid)
@@ -203,60 +249,70 @@ func BuildWechatOpenIdKey(appId string) string {
 	return fmt.Sprintf("wechat_openid_%s", appId)
 }
 
-func GetWechatOfficialAccountAccessToken(clientId string, clientSecret string) (string, error) {
+func GetWechatOfficialAccountAccessToken(clientId string, clientSecret string) (string, string, error) {
 	accessTokenUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s", clientId, clientSecret)
 	request, err := http.NewRequest("GET", accessTokenUrl, nil)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 
 	client := new(http.Client)
 	resp, err := client.Do(request)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 	defer resp.Body.Close()
 
 	respBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 
 	var data struct {
 		ExpireIn    int    `json:"expires_in"`
 		AccessToken string `json:"access_token"`
+		ErrCode     int    `json:"errcode"`
+		Errmsg      string `json:"errmsg"`
 	}
 	err = json.Unmarshal(respBytes, &data)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 
-	return data.AccessToken, nil
+	return data.AccessToken, data.Errmsg, nil
 }
 
-func GetWechatOfficialAccountQRCode(clientId string, clientSecret string) (string, error) {
-	accessToken, err := GetWechatOfficialAccountAccessToken(clientId, clientSecret)
+func GetWechatOfficialAccountQRCode(clientId string, clientSecret string, providerId string) (string, string, error) {
+	accessToken, errMsg, err := GetWechatOfficialAccountAccessToken(clientId, clientSecret)
+	if err != nil {
+		return "", "", err
+	}
+
+	if errMsg != "" {
+		return "", "", fmt.Errorf("Fail to fetch WeChat QRcode: %s", errMsg)
+	}
+
 	client := new(http.Client)
 
 	weChatEndpoint := "https://api.weixin.qq.com/cgi-bin/qrcode/create"
 	qrCodeUrl := fmt.Sprintf("%s?access_token=%s", weChatEndpoint, accessToken)
-	params := `{"action_name": "QR_LIMIT_STR_SCENE", "action_info": {"scene": {"scene_str": "test"}}}`
+	params := fmt.Sprintf(`{"expire_seconds": 3600, "action_name": "QR_STR_SCENE", "action_info": {"scene": {"scene_str": "%s"}}}`, providerId)
 
 	bodyData := bytes.NewReader([]byte(params))
 	requeset, err := http.NewRequest("POST", qrCodeUrl, bodyData)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 
 	resp, err := client.Do(requeset)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 	defer resp.Body.Close()
 
 	respBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 	var data struct {
 		Ticket        string `json:"ticket"`
@@ -265,11 +321,26 @@ func GetWechatOfficialAccountQRCode(clientId string, clientSecret string) (strin
 	}
 	err = json.Unmarshal(respBytes, &data)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 
 	var png []byte
 	png, err = qrcode.Encode(data.URL, qrcode.Medium, 256)
 	base64Image := base64.StdEncoding.EncodeToString(png)
-	return base64Image, nil
+	return base64Image, data.Ticket, nil
+}
+
+func VerifyWechatSignature(token string, nonce string, timestamp string, signature string) bool {
+	// verify the signature
+	tmpArr := sort.StringSlice{token, timestamp, nonce}
+	sort.Sort(tmpArr)
+
+	tmpStr := ""
+	for _, str := range tmpArr {
+		tmpStr = tmpStr + str
+	}
+
+	b := sha1.Sum([]byte(tmpStr))
+	res := hex.EncodeToString(b[:])
+	return res == signature
 }

object/application.go

@@ -19,7 +19,6 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
@@ -164,15 +163,6 @@ func getProviderMap(owner string) (m map[string]*Provider, err error) {
 
 	m = map[string]*Provider{}
 	for _, provider := range providers {
-		// Get QRCode only once
-		if provider.Type == "WeChat" && provider.DisableSsl && provider.Content == "" {
-			provider.Content, err = idp.GetWechatOfficialAccountQRCode(provider.ClientId2, provider.ClientSecret2)
-			if err != nil {
-				return
-			}
-			UpdateProvider(provider.Owner+"/"+provider.Name, provider)
-		}
-
 		m[provider.Name] = GetMaskedProvider(provider, true)
 	}
 

object/mfa.go

@@ -18,12 +18,8 @@ import (
 	"fmt"
 
 	"github.com/casdoor/casdoor/util"
-
-	"github.com/beego/beego/context"
 )
 
-const MfaRecoveryCodesSession = "mfa_recovery_codes"
-
 type MfaProps struct {
 	Enabled       bool     `json:"enabled"`
 	IsPreferred   bool     `json:"isPreferred"`
@@ -35,9 +31,9 @@ type MfaProps struct {
 }
 
 type MfaInterface interface {
-	Initiate(ctx *context.Context, userId string) (*MfaProps, error)
-	SetupVerify(ctx *context.Context, passcode string) error
-	Enable(ctx *context.Context, user *User) error
+	Initiate(userId string) (*MfaProps, error)
+	SetupVerify(passcode string) error
+	Enable(user *User) error
 	Verify(passcode string) error
 }
 

object/mfa_sms.go

@@ -16,85 +16,55 @@ package object
 
 import (
 	"errors"
-	"fmt"
 
-	"github.com/beego/beego/context"
 	"github.com/casdoor/casdoor/util"
-	"github.com/google/uuid"
-)
-
-const (
-	MfaCountryCodeSession = "mfa_country_code"
-	MfaDestSession        = "mfa_dest"
 )
 
 type SmsMfa struct {
-	Config *MfaProps
+	*MfaProps
 }
 
-func (mfa *SmsMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, error) {
-	recoveryCode := uuid.NewString()
-
-	ctx.Output.Session(MfaRecoveryCodesSession, []string{recoveryCode})
-
+func (mfa *SmsMfa) Initiate(userId string) (*MfaProps, error) {
 	mfaProps := MfaProps{
-		MfaType:       mfa.Config.MfaType,
-		RecoveryCodes: []string{recoveryCode},
+		MfaType: mfa.MfaType,
 	}
 	return &mfaProps, nil
 }
 
-func (mfa *SmsMfa) SetupVerify(ctx *context.Context, passCode string) error {
-	destSession := ctx.Input.CruSession.Get(MfaDestSession)
-	if destSession == nil {
-		return errors.New("dest session is missing")
-	}
-	dest := destSession.(string)
-
-	if !util.IsEmailValid(dest) {
-		countryCodeSession := ctx.Input.CruSession.Get(MfaCountryCodeSession)
-		if countryCodeSession == nil {
-			return errors.New("country code is missing")
-		}
-		countryCode := countryCodeSession.(string)
-
-		dest, _ = util.GetE164Number(dest, countryCode)
+func (mfa *SmsMfa) SetupVerify(passCode string) error {
+	if !util.IsEmailValid(mfa.Secret) {
+		mfa.Secret, _ = util.GetE164Number(mfa.Secret, mfa.CountryCode)
 	}
 
-	if result := CheckVerificationCode(dest, passCode, "en"); result.Code != VerificationSuccess {
+	if result := CheckVerificationCode(mfa.Secret, passCode, "en"); result.Code != VerificationSuccess {
 		return errors.New(result.Msg)
 	}
 	return nil
 }
 
-func (mfa *SmsMfa) Enable(ctx *context.Context, user *User) error {
-	recoveryCodes := ctx.Input.CruSession.Get(MfaRecoveryCodesSession).([]string)
-	if len(recoveryCodes) == 0 {
-		return fmt.Errorf("recovery codes is missing")
-	}
-
+func (mfa *SmsMfa) Enable(user *User) error {
 	columns := []string{"recovery_codes", "preferred_mfa_type"}
 
-	user.RecoveryCodes = append(user.RecoveryCodes, recoveryCodes...)
+	user.RecoveryCodes = append(user.RecoveryCodes, mfa.RecoveryCodes...)
 	if user.PreferredMfaType == "" {
-		user.PreferredMfaType = mfa.Config.MfaType
+		user.PreferredMfaType = mfa.MfaType
 	}
 
-	if mfa.Config.MfaType == SmsType {
+	if mfa.MfaType == SmsType {
 		user.MfaPhoneEnabled = true
 		columns = append(columns, "mfa_phone_enabled")
 
 		if user.Phone == "" {
-			user.Phone = ctx.Input.CruSession.Get(MfaDestSession).(string)
-			user.CountryCode = ctx.Input.CruSession.Get(MfaCountryCodeSession).(string)
+			user.Phone = mfa.Secret
+			user.CountryCode = mfa.CountryCode
 			columns = append(columns, "phone", "country_code")
 		}
-	} else if mfa.Config.MfaType == EmailType {
+	} else if mfa.MfaType == EmailType {
 		user.MfaEmailEnabled = true
 		columns = append(columns, "mfa_email_enabled")
 
 		if user.Email == "" {
-			user.Email = ctx.Input.CruSession.Get(MfaDestSession).(string)
+			user.Email = mfa.Secret
 			columns = append(columns, "email")
 		}
 	}
@@ -104,18 +74,14 @@ func (mfa *SmsMfa) Enable(ctx *context.Context, user *User) error {
 		return err
 	}
 
-	ctx.Input.CruSession.Delete(MfaRecoveryCodesSession)
-	ctx.Input.CruSession.Delete(MfaDestSession)
-	ctx.Input.CruSession.Delete(MfaCountryCodeSession)
-
 	return nil
 }
 
 func (mfa *SmsMfa) Verify(passCode string) error {
-	if !util.IsEmailValid(mfa.Config.Secret) {
-		mfa.Config.Secret, _ = util.GetE164Number(mfa.Config.Secret, mfa.Config.CountryCode)
+	if !util.IsEmailValid(mfa.Secret) {
+		mfa.Secret, _ = util.GetE164Number(mfa.Secret, mfa.CountryCode)
 	}
-	if result := CheckVerificationCode(mfa.Config.Secret, passCode, "en"); result.Code != VerificationSuccess {
+	if result := CheckVerificationCode(mfa.Secret, passCode, "en"); result.Code != VerificationSuccess {
 		return errors.New(result.Msg)
 	}
 	return nil
@@ -128,7 +94,7 @@ func NewSmsMfaUtil(config *MfaProps) *SmsMfa {
 		}
 	}
 	return &SmsMfa{
-		Config: config,
+		config,
 	}
 }
 
@@ -139,6 +105,6 @@ func NewEmailMfaUtil(config *MfaProps) *SmsMfa {
 		}
 	}
 	return &SmsMfa{
-		Config: config,
+		config,
 	}
 }

object/mfa_totp.go

@@ -16,28 +16,24 @@ package object
 
 import (
 	"errors"
-	"fmt"
 	"time"
 
-	"github.com/beego/beego/context"
-	"github.com/google/uuid"
 	"github.com/pquerna/otp"
 	"github.com/pquerna/otp/totp"
 )
 
 const (
-	MfaTotpSecretSession   = "mfa_totp_secret"
 	MfaTotpPeriodInSeconds = 30
 )
 
 type TotpMfa struct {
-	Config     *MfaProps
+	*MfaProps
 	period     uint
 	secretSize uint
 	digits     otp.Digits
 }
 
-func (mfa *TotpMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, error) {
+func (mfa *TotpMfa) Initiate(userId string) (*MfaProps, error) {
 	//issuer := beego.AppConfig.String("appname")
 	//if issuer == "" {
 	//	issuer = "casdoor"
@@ -55,27 +51,16 @@ func (mfa *TotpMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, er
 		return nil, err
 	}
 
-	ctx.Output.Session(MfaTotpSecretSession, key.Secret())
-
-	recoveryCode := uuid.NewString()
-	ctx.Output.Session(MfaRecoveryCodesSession, []string{recoveryCode})
-
 	mfaProps := MfaProps{
-		MfaType:       mfa.Config.MfaType,
-		RecoveryCodes: []string{recoveryCode},
-		Secret:        key.Secret(),
-		URL:           key.URL(),
+		MfaType: mfa.MfaType,
+		Secret:  key.Secret(),
+		URL:     key.URL(),
 	}
 	return &mfaProps, nil
 }
 
-func (mfa *TotpMfa) SetupVerify(ctx *context.Context, passcode string) error {
-	secret := ctx.Input.CruSession.Get(MfaTotpSecretSession)
-	if secret == nil {
-		return errors.New("totp secret is missing")
-	}
-
-	result, err := totp.ValidateCustom(passcode, secret.(string), time.Now().UTC(), totp.ValidateOpts{
+func (mfa *TotpMfa) SetupVerify(passcode string) error {
+	result, err := totp.ValidateCustom(passcode, mfa.Secret, time.Now().UTC(), totp.ValidateOpts{
 		Period:    MfaTotpPeriodInSeconds,
 		Skew:      1,
 		Digits:    otp.DigitsSix,
@@ -92,22 +77,13 @@ func (mfa *TotpMfa) SetupVerify(ctx *context.Context, passcode string) error {
 	}
 }
 
-func (mfa *TotpMfa) Enable(ctx *context.Context, user *User) error {
-	recoveryCodes := ctx.Input.CruSession.Get(MfaRecoveryCodesSession).([]string)
-	if len(recoveryCodes) == 0 {
-		return fmt.Errorf("recovery codes is missing")
-	}
-	secret := ctx.Input.CruSession.Get(MfaTotpSecretSession).(string)
-	if secret == "" {
-		return fmt.Errorf("totp secret is missing")
-	}
-
+func (mfa *TotpMfa) Enable(user *User) error {
 	columns := []string{"recovery_codes", "preferred_mfa_type", "totp_secret"}
 
-	user.RecoveryCodes = append(user.RecoveryCodes, recoveryCodes...)
-	user.TotpSecret = secret
+	user.RecoveryCodes = append(user.RecoveryCodes, mfa.RecoveryCodes...)
+	user.TotpSecret = mfa.Secret
 	if user.PreferredMfaType == "" {
-		user.PreferredMfaType = mfa.Config.MfaType
+		user.PreferredMfaType = mfa.MfaType
 	}
 
 	_, err := updateUser(user.GetId(), user, columns)
@@ -115,14 +91,11 @@ func (mfa *TotpMfa) Enable(ctx *context.Context, user *User) error {
 		return err
 	}
 
-	ctx.Input.CruSession.Delete(MfaRecoveryCodesSession)
-	ctx.Input.CruSession.Delete(MfaTotpSecretSession)
-
 	return nil
 }
 
 func (mfa *TotpMfa) Verify(passcode string) error {
-	result, err := totp.ValidateCustom(passcode, mfa.Config.Secret, time.Now().UTC(), totp.ValidateOpts{
+	result, err := totp.ValidateCustom(passcode, mfa.Secret, time.Now().UTC(), totp.ValidateOpts{
 		Period:    MfaTotpPeriodInSeconds,
 		Skew:      1,
 		Digits:    otp.DigitsSix,
@@ -147,7 +120,7 @@ func NewTotpMfaUtil(config *MfaProps) *TotpMfa {
 	}
 
 	return &TotpMfa{
-		Config:     config,
+		MfaProps:   config,
 		period:     MfaTotpPeriodInSeconds,
 		secretSize: 20,
 		digits:     otp.DigitsSix,

object/provider.go

@@ -312,8 +312,6 @@ func GetPaymentProvider(p *Provider) (pp.PaymentProvider, error) {
 	} else {
 		return nil, fmt.Errorf("the payment provider type: %s is not supported", p.Type)
 	}
-
-	return nil, nil
 }
 
 func (p *Provider) GetId() string {

object/record.go

@@ -116,7 +116,7 @@ func getFilteredWebhooks(webhooks []*Webhook, action string) []*Webhook {
 }
 
 func SendWebhooks(record *casvisorsdk.Record) error {
-	webhooks, err := getWebhooksByOrganization(record.Organization)
+	webhooks, err := getWebhooksByOrganization("")
 	if err != nil {
 		return err
 	}

object/user_avatar.go

@@ -41,11 +41,7 @@ func downloadImage(client *http.Client, url string) (*bytes.Buffer, string, erro
 
 	if resp.StatusCode != http.StatusOK {
 		fmt.Printf("downloadImage() error for url [%s]: %s\n", url, resp.Status)
-		if resp.StatusCode == 404 {
-			return nil, "", nil
-		} else {
-			return nil, "", fmt.Errorf("failed to download gravatar image: %s", resp.Status)
-		}
+		return nil, "", nil
 	}
 
 	// Get the content type and determine the file extension

object/user_enforcer.go

@@ -1,10 +1,12 @@
 package object
 
 import (
+	errors2 "errors"
 	"fmt"
 
-	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/errors"
+
+	"github.com/casbin/casbin/v2"
 	"github.com/casdoor/casdoor/util"
 )
 
@@ -87,7 +89,7 @@ func (e *UserGroupEnforcer) GetAllUsersByGroup(group string) ([]string, error) {
 
 	users, err := e.enforcer.GetUsersForRole(GetGroupWithPrefix(group))
 	if err != nil {
-		if err == errors.ErrNameNotFound {
+		if errors2.Is(err, errors.ErrNameNotFound) {
 			return []string{}, nil
 		}
 		return nil, err

routers/router.go

@@ -61,7 +61,8 @@ func initAPI() {
 	beego.Router("/api/acs", &controllers.ApiController{}, "POST:HandleSamlLogin")
 	beego.Router("/api/saml/metadata", &controllers.ApiController{}, "GET:GetSamlMeta")
 	beego.Router("/api/saml/redirect/:owner/:application", &controllers.ApiController{}, "*:HandleSamlRedirect")
-	beego.Router("/api/webhook", &controllers.ApiController{}, "POST:HandleOfficialAccountEvent")
+	beego.Router("/api/webhook", &controllers.ApiController{}, "*:HandleOfficialAccountEvent")
+	beego.Router("/api/get-qrcode", &controllers.ApiController{}, "GET:GetQRCode")
 	beego.Router("/api/get-webhook-event", &controllers.ApiController{}, "GET:GetWebhookEventType")
 	beego.Router("/api/get-captcha-status", &controllers.ApiController{}, "GET:GetCaptchaStatus")
 	beego.Router("/api/callback", &controllers.ApiController{}, "POST:Callback")

web/src/ProviderEditPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Checkbox, Col, Input, InputNumber, Row, Select, Switch} from "antd";
+import {Button, Card, Checkbox, Col, Input, InputNumber, Radio, Row, Select, Switch} from "antd";
 import {LinkOutlined} from "@ant-design/icons";
 import * as ProviderBackend from "./backend/ProviderBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
@@ -118,7 +118,23 @@ class ProviderEditPage extends React.Component {
       provider["cert"] = "";
       this.getCerts(value);
     }
+
     provider[key] = value;
+
+    if (provider["type"] === "WeChat") {
+      if (!provider["clientId"]) {
+        provider["signName"] = "media";
+        provider["disableSsl"] = true;
+      }
+      if (!provider["clientId2"]) {
+        provider["signName"] = "open";
+        provider["disableSsl"] = false;
+      }
+      if (!provider["disableSsl"]) {
+        provider["signName"] = "open";
+      }
+    }
+
     this.setState({
       provider: provider,
     });
@@ -756,16 +772,44 @@ class ProviderEditPage extends React.Component {
         }
         {
           this.state.provider.type !== "WeChat" ? null : (
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {Setting.getLabel(i18next.t("provider:Enable QR code"), i18next.t("provider:Enable QR code - Tooltip"))} :
-              </Col>
-              <Col span={1} >
-                <Switch checked={this.state.provider.disableSsl} onChange={checked => {
-                  this.updateProviderField("disableSsl", checked);
-                }} />
-              </Col>
-            </Row>
+            <React.Fragment>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Use WeChat Media Platform in PC"), i18next.t("provider:Use WeChat Media Platform in PC - Tooltip"))} :
+                </Col>
+                <Col span={1} >
+                  <Switch disabled={!this.state.provider.clientId} checked={this.state.provider.disableSsl} onChange={checked => {
+                    this.updateProviderField("disableSsl", checked);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("token:Access token"), i18next.t("token:Access token - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.content} disabled={!this.state.provider.disableSsl || !this.state.provider.clientId2} onChange={e => {
+                    this.updateProviderField("content", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Follow-up action"), i18next.t("provider:Follow-up action - Tooltip"))} :
+                </Col>
+                <Col>
+                  <Radio.Group value={this.state.provider.signName}
+                    disabled={!this.state.provider.disableSsl || !this.state.provider.clientId || !this.state.provider.clientId2}
+                    buttonStyle="solid"
+                    onChange={e => {
+                      this.updateProviderField("signName", e.target.value);
+                    }}>
+                    <Radio.Button value="open">{i18next.t("provider:Use WeChat Open Platform to login")}</Radio.Button>
+                    <Radio.Button value="media">{i18next.t("provider:Use WeChat Media Platform to login")}</Radio.Button>
+                  </Radio.Group>
+                </Col>
+              </Row>
+            </React.Fragment>
           )
         }
         {

web/src/auth/AuthBackend.js

@@ -135,8 +135,18 @@ export function loginWithSaml(values, param) {
   }).then(res => res.json());
 }
 
-export function getWechatMessageEvent() {
-  return fetch(`${Setting.ServerUrl}/api/get-webhook-event`, {
+export function getWechatMessageEvent(ticket) {
+  return fetch(`${Setting.ServerUrl}/api/get-webhook-event?ticket=${ticket}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function getWechatQRCode(providerId) {
+  return fetch(`${Setting.ServerUrl}/api/get-qrcode?id=${providerId}`, {
     method: "GET",
     credentials: "include",
     headers: {

web/src/auth/MfaSetupPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Col, Result, Row, Steps} from "antd";
+import {Button, Col, Result, Row, Spin, Steps} from "antd";
 import {withRouter} from "react-router-dom";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as Setting from "../Setting";
@@ -42,13 +42,20 @@ class MfaSetupPage extends React.Component {
       mfaProps: null,
       mfaType: params.get("mfaType") ?? SmsMfaType,
       isPromptPage: props.isPromptPage || location.state?.from !== undefined,
+      loading: false,
     };
   }
 
   componentDidMount() {
     this.getApplication();
     if (this.state.current === 1) {
-      this.initMfaProps();
+      this.setState({
+        loading: true,
+      });
+
+      setTimeout(() => {
+        this.initMfaProps();
+      }, 200);
     }
   }
 
@@ -85,6 +92,7 @@ class MfaSetupPage extends React.Component {
       if (res.status === "ok") {
         this.setState({
           mfaProps: res.data,
+          loading: false,
         });
       } else {
         Setting.showMessage("error", i18next.t("mfa:Failed to initiate MFA"));
@@ -231,15 +239,17 @@ class MfaSetupPage extends React.Component {
               <p style={{textAlign: "center", fontSize: "16px", marginTop: "10px"}}>{i18next.t("mfa:Each time you sign in to your Account, you'll need your password and a authentication code")}</p>
             </Col>
           </Row>
-          <Steps current={this.state.current}
-            items={[
-              {title: i18next.t("mfa:Verify Password"), icon: <UserOutlined />},
-              {title: i18next.t("mfa:Verify Code"), icon: <KeyOutlined />},
-              {title: i18next.t("general:Enable"), icon: <CheckOutlined />},
-            ]}
-            style={{width: "90%", maxWidth: "500px", margin: "auto", marginTop: "50px",
-            }} >
-          </Steps>
+          <Spin spinning={this.state.loading}>
+            <Steps current={this.state.current}
+              items={[
+                {title: i18next.t("mfa:Verify Password"), icon: <UserOutlined />},
+                {title: i18next.t("mfa:Verify Code"), icon: <KeyOutlined />},
+                {title: i18next.t("general:Enable"), icon: <CheckOutlined />},
+              ]}
+              style={{width: "90%", maxWidth: "500px", margin: "auto", marginTop: "50px",
+              }} >
+            </Steps>
+          </Spin>
         </Col>
         <Col span={24} style={{display: "flex", justifyContent: "center"}}>
           <div style={{marginTop: "10px", textAlign: "center"}}>

web/src/auth/Provider.js

@@ -377,7 +377,7 @@ export function getProviderLogoWidget(provider) {
   }
 }
 
-export function getAuthUrl(application, provider, method) {
+export function getAuthUrl(application, provider, method, code) {
   if (application === null || provider === null) {
     return "";
   }
@@ -418,6 +418,9 @@ export function getAuthUrl(application, provider, method) {
     if (navigator.userAgent.includes("MicroMessenger")) {
       return `${authInfo[provider.type].mpEndpoint}?appid=${provider.clientId2}&redirect_uri=${redirectUri}&state=${state}&scope=${authInfo[provider.type].mpScope}&response_type=code#wechat_redirect`;
     } else {
+      if (provider.clientId2 && provider?.disableSsl && provider?.signName === "media") {
+        return `${window.location.origin}/callback?state=${state}&code=${"wechat_oa:" + code}`;
+      }
       return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}#wechat_redirect`;
     }
   } else if (provider.type === "WeCom") {

web/src/auth/ProviderButton.js

@@ -43,6 +43,7 @@ import OktaLoginButton from "./OktaLoginButton";
 import DouyinLoginButton from "./DouyinLoginButton";
 import LoginButton from "./LoginButton";
 import * as AuthBackend from "./AuthBackend";
+import * as Setting from "../Setting";
 import {getEvent} from "./Util";
 import {Modal} from "antd";
 
@@ -132,20 +133,29 @@ export function goToWeb3Url(application, provider, method) {
 export function renderProviderLogo(provider, application, width, margin, size, location) {
   if (size === "small") {
     if (provider.category === "OAuth") {
-      if (provider.type === "WeChat" && provider.clientId2 !== "" && provider.clientSecret2 !== "" && provider.content !== "" && provider.disableSsl === true && !navigator.userAgent.includes("MicroMessenger")) {
+      if (provider.type === "WeChat" && provider.clientId2 !== "" && provider.clientSecret2 !== "" && provider.disableSsl === true && !navigator.userAgent.includes("MicroMessenger")) {
         const info = async() => {
-          const t1 = setInterval(await getEvent, 1000, application, provider);
-          {Modal.info({
-            title: i18next.t("provider:Please use WeChat and scan the QR code to sign in"),
-            content: (
-              <div>
-                <img width={256} height={256} src = {"data:image/png;base64," + provider.content} alt="Wechat QR code" style={{margin: margin}} />
-              </div>
-            ),
-            onOk() {
-              window.clearInterval(t1);
-            },
-          });}
+          AuthBackend.getWechatQRCode(`${provider.owner}/${provider.name}`).then(
+            async res => {
+              if (res.status !== "ok") {
+                Setting.showMessage("error", res?.msg);
+                return;
+              }
+
+              const t1 = setInterval(await getEvent, 1000, application, provider, res.data2);
+              {Modal.info({
+                title: i18next.t("provider:Please use WeChat to scan the QR code and follow the official account for sign in"),
+                content: (
+                  <div style={{marginRight: "34px"}}>
+                    <img src = {"data:image/png;base64," + res.data} alt="Wechat QR code" style={{width: "100%"}} />
+                  </div>
+                ),
+                onOk() {
+                  window.clearInterval(t1);
+                },
+              });}
+            }
+          );
         };
         return (
           <a key={provider.displayName} >

web/src/auth/Util.js

@@ -188,11 +188,12 @@ export function getQueryParamsFromState(state) {
   }
 }
 
-export function getEvent(application, provider) {
-  getWechatMessageEvent()
+export function getEvent(application, provider, ticket) {
+  getWechatMessageEvent(ticket)
     .then(res => {
       if (res.data === "SCAN" || res.data === "subscribe") {
-        Setting.goToLink(Provider.getAuthUrl(application, provider, "signup"));
+        const code = res?.data2;
+        Setting.goToLink(Provider.getAuthUrl(application, provider, "signup", code));
       }
     });
 }

web/src/locales/ar/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/de/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "Bei der Verwendung von Drittanbietern zur Anmeldung wird, wenn es in der Organisation einen Benutzer mit der gleichen E-Mail gibt, automatisch die Drittanbieter-Anmelde-Methode mit diesem Benutzer verbunden",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Aktivieren Sie SAML-Komprimierung",
     "Enable SAML compression - Tooltip": "Ob SAML-Antwortnachrichten komprimiert werden sollen, wenn Casdoor als SAML-IdP verwendet wird",
     "Enable side panel": "Sidepanel aktivieren",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Inhalt der E-Mail",
     "Email title": "Email-Titel",
     "Email title - Tooltip": "Betreff der E-Mail",
-    "Enable QR code": "QR-Code aktivieren",
-    "Enable QR code - Tooltip": "Ob das Scannen von QR-Codes zum Einloggen aktiviert werden soll",
     "Endpoint": "Endpunkt",
     "Endpoint (Intranet)": "Endpunkt (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "From address - Tooltip",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Metadaten erfolgreich analysiert",
     "Path prefix": "Pfadpräfix",
     "Path prefix - Tooltip": "Bucket-Pfad-Präfix für Objektspeicher",
-    "Please use WeChat and scan the QR code to sign in": "Bitte verwenden Sie WeChat und scanne den QR-Code ein, um dich anzumelden",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Hafen",
     "Port - Tooltip": "Stellen Sie sicher, dass der Port offen ist",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token-URL",
     "Type": "Typ",
     "Type - Tooltip": "Wählen Sie einen Typ aus",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/en/data.json

@@ -34,10 +34,10 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Use C14N10 instead of C14N11 in SAML",
-    "Enable SAML compression": "Enable SAML compression",
-    "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable SAML POST binding": "Enable SAML POST binding",
     "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
+    "Enable SAML compression": "Enable SAML compression",
+    "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
@@ -725,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -757,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -835,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow",
     "User mapping": "User mapping",

web/src/locales/es/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "Cuando se utilizan proveedores externos de inicio de sesión, si hay un usuario en la organización con el mismo correo electrónico, el método de inicio de sesión externo se asociará automáticamente con ese usuario",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Activar la compresión SAML",
     "Enable SAML compression - Tooltip": "Si comprimir o no los mensajes de respuesta SAML cuando se utiliza Casdoor como proveedor de identidad SAML",
     "Enable side panel": "Habilitar panel lateral",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Contenido del correo electrónico",
     "Email title": "Título del correo electrónico",
     "Email title - Tooltip": "Título del correo electrónico",
-    "Enable QR code": "Habilitar código QR",
-    "Enable QR code - Tooltip": "Si permitir el escaneo de códigos QR para acceder",
     "Endpoint": "Punto final",
     "Endpoint (Intranet)": "Punto final (intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "From address - Tooltip",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Analizar los metadatos con éxito",
     "Path prefix": "Prefijo de ruta",
     "Path prefix - Tooltip": "Prefijo de ruta de cubo para almacenamiento de objetos",
-    "Please use WeChat and scan the QR code to sign in": "Por favor, utiliza WeChat y escanea el código QR para iniciar sesión",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Puerto",
     "Port - Tooltip": "Asegúrate de que el puerto esté abierto",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "URL de token",
     "Type": "Tipo",
     "Type - Tooltip": "Seleccionar un tipo",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/fa/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/fi/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/fr/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "Lorsqu'un fournisseur tiers est utilisé pour se connecter, si un compte existe dans l'organisation avec la même adresse e-mail, la méthode de connexion tierce sera automatiquement associée à ce compte",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Activer la compression SAML",
     "Enable SAML compression - Tooltip": "Compresser ou non les messages de réponse SAML lorsque Casdoor est utilisé en tant que fournisseur d'identité SAML",
     "Enable side panel": "Activer le panneau latéral",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Contenu de l'e-mail",
     "Email title": "Titre de l'email",
     "Email title - Tooltip": "Titre de l'email",
-    "Enable QR code": "Activer le code QR",
-    "Enable QR code - Tooltip": "Permettre de scanner un QR code pour se connecter",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (intranet)",
     "Endpoint - Tooltip": "Endpoint - Infobulle",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "Adresse de l'expéditeur",
     "From address - Tooltip": "L'adresse e-mail affichée comme expéditeur dans les e-mails envoyés",
     "From name": "Nom de l'expéditeur",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parcourir les métadonnées avec succès",
     "Path prefix": "Préfixe de chemin",
     "Path prefix - Tooltip": "Préfixe de chemin de seau pour le stockage d'objet",
-    "Please use WeChat and scan the QR code to sign in": "Veuillez utiliser WeChat et scanner le code QR pour vous connecter",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Assurez-vous que le port est ouvert",
     "Private Key": "Clé privée",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "URL de jeton",
     "Type": "Type de texte",
     "Type - Tooltip": "Sélectionnez un type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "Association de compte",

web/src/locales/he/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/id/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "Ketika menggunakan penyedia layanan pihak ketiga untuk masuk, jika ada pengguna di organisasi dengan email yang sama, metode login pihak ketiga akan secara otomatis terhubung dengan pengguna tersebut",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Aktifkan kompresi SAML",
     "Enable SAML compression - Tooltip": "Apakah pesan respons SAML harus dikompres saat Casdoor digunakan sebagai SAML idp?",
     "Enable side panel": "Aktifkan panel samping",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Isi Email",
     "Email title": "Judul Email",
     "Email title - Tooltip": "Judul email",
-    "Enable QR code": "Aktifkan kode QR",
-    "Enable QR code - Tooltip": "Apakah diizinkan untuk memindai kode QR untuk masuk?",
     "Endpoint": "Titik akhir",
     "Endpoint (Intranet)": "Titik Akhir (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "From address - Tooltip",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Berhasil mem-parse metadata",
     "Path prefix": "Awalan jalur",
     "Path prefix - Tooltip": "Awalan path ember untuk penyimpanan objek dalam bucket",
-    "Please use WeChat and scan the QR code to sign in": "Silakan gunakan WeChat dan pindai kode QR untuk masuk",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Pelabuhan",
     "Port - Tooltip": "Pastikan port terbuka",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL: URL Token",
     "Type": "Jenis",
     "Type - Tooltip": "Pilih tipe",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/it/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/ja/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "組織内に同じメールアドレスを持つユーザーがいる場合、サードパーティのログイン方法は自動的にそのユーザーに関連付けられます",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "SAMLの圧縮を有効にする",
     "Enable SAML compression - Tooltip": "CasdoorをSAML IdPとして使用する場合、SAMLレスポンスメッセージを圧縮するかどうか。圧縮する: 圧縮するかどうか。圧縮しない: 圧縮しないかどうか",
     "Enable side panel": "サイドパネルを有効にする",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "メールの内容",
     "Email title": "電子メールのタイトル",
     "Email title - Tooltip": "メールのタイトル",
-    "Enable QR code": "QRコードを有効にする",
-    "Enable QR code - Tooltip": "ログインするためにQRコードをスキャンすることを許可するかどうか",
     "Endpoint": "エンドポイント",
     "Endpoint (Intranet)": "エンドポイント（イントラネット）",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "From address - Tooltip",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "メタデータを正常に解析しました",
     "Path prefix": "パスプレフィックス",
     "Path prefix - Tooltip": "オブジェクトストレージのバケットパスプレフィックス",
-    "Please use WeChat and scan the QR code to sign in": "WeChatを使用し、QRコードをスキャンしてサインインしてください",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "ポート",
     "Port - Tooltip": "ポートが開いていることを確認してください",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "トークンURL",
     "Type": "タイプ",
     "Type - Tooltip": "タイプを選択してください",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/kk/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/ko/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "3rd-party 로그인 공급자를 사용할 때, 만약 조직 내에 동일한 이메일을 사용하는 사용자가 있다면, 3rd-party 로그인 방법은 자동으로 해당 사용자와 연동됩니다",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "SAML 압축 사용 가능하게 설정하기",
     "Enable SAML compression - Tooltip": "카스도어가 SAML idp로 사용될 때 SAML 응답 메시지를 압축할 것인지 여부",
     "Enable side panel": "측면 패널 활성화",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "이메일 내용",
     "Email title": "이메일 제목",
     "Email title - Tooltip": "이메일 제목",
-    "Enable QR code": "QR 코드 활성화",
-    "Enable QR code - Tooltip": "QR 코드를 스캔해서 로그인할 수 있는지 여부",
     "Endpoint": "엔드포인트",
     "Endpoint (Intranet)": "엔드포인트 (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "From address - Tooltip",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "메타데이터를 성공적으로 분석했습니다",
     "Path prefix": "경로 접두어",
     "Path prefix - Tooltip": "객체 저장소에 대한 버킷 경로 접두어",
-    "Please use WeChat and scan the QR code to sign in": "WeChat를 사용하시고 QR 코드를 스캔하여 로그인해주세요",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "포트",
     "Port - Tooltip": "포트가 열려 있는지 확인하세요",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "토큰 URL",
     "Type": "타입",
     "Type - Tooltip": "유형을 선택하세요",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/ms/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/nl/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/pl/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/pt/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "Ao usar provedores de terceiros para fazer login, se houver um usuário na organização com o mesmo e-mail, o método de login de terceiros será automaticamente associado a esse usuário",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Ativar compressão SAML",
     "Enable SAML compression - Tooltip": "Se deve comprimir as mensagens de resposta SAML quando o Casdoor é usado como provedor de identidade SAML",
     "Enable side panel": "Ativar painel lateral",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Conteúdo do e-mail",
     "Email title": "Título do e-mail",
     "Email title - Tooltip": "Título do e-mail",
-    "Enable QR code": "Habilitar código QR",
-    "Enable QR code - Tooltip": "Se permite escanear código QR para fazer login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "Endereço do remetente",
     "From address - Tooltip": "Endereço de e-mail do remetente",
     "From name": "Nome do remetente",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Metadados analisados com sucesso",
     "Path prefix": "Prefixo do caminho",
     "Path prefix - Tooltip": "Prefixo do caminho do bucket para armazenamento de objetos",
-    "Please use WeChat and scan the QR code to sign in": "Por favor, use o WeChat e escaneie o código QR para fazer login",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Porta",
     "Port - Tooltip": "Certifique-se de que a porta esteja aberta",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "URL do Token",
     "Type": "Tipo",
     "Type - Tooltip": "Selecione um tipo",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/ru/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "При использовании сторонних провайдеров для входа, если в организации есть пользователь с такой же электронной почтой, то способ входа через стороннего провайдера автоматически будет связан с этим пользователем",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Включите сжатие SAML",
     "Enable SAML compression - Tooltip": "Нужно ли сжимать сообщения ответа SAML при использовании Casdoor в качестве SAML-идентификатора",
     "Enable side panel": "Включить боковую панель",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Содержание электронной почты",
     "Email title": "Заголовок электронного письма",
     "Email title - Tooltip": "Заголовок электронной почты",
-    "Enable QR code": "Включить QR-код",
-    "Enable QR code - Tooltip": "Разрешить ли сканирование QR-кода для входа в систему",
     "Endpoint": "Конечная точка",
     "Endpoint (Intranet)": "Конечная точка (интранет)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "From address - Tooltip",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Успешно обработана метаданные",
     "Path prefix": "Префикс пути",
     "Path prefix - Tooltip": "Префикс пути ведра для хранилища объектов",
-    "Please use WeChat and scan the QR code to sign in": "Пожалуйста, используйте WeChat и отсканируйте QR-код для входа в систему",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Порт",
     "Port - Tooltip": "Убедитесь, что порт открыт",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Токен URL",
     "Type": "Тип",
     "Type - Tooltip": "Выберите тип",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/sv/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/tr/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/uk/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "When using 3rd-party providers to log in, if there is a user in the organization with the same Email, the 3rd-party login method will be automatically associated with that user",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Enable SAML compression",
     "Enable SAML compression - Tooltip": "Whether to compress SAML response messages when Casdoor is used as SAML idp",
     "Enable side panel": "Enable side panel",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Content of the Email",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
-    "Enable QR code": "Enable QR code",
-    "Enable QR code - Tooltip": "Whether to allow scanning QR code to login",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "Email address of \"From\"",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Parse metadata successfully",
     "Path prefix": "Path prefix",
     "Path prefix - Tooltip": "Bucket path prefix for object storage",
-    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Port",
     "Port - Tooltip": "Make sure the port is open",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Token URL",
     "Type": "Type",
     "Type - Tooltip": "Select a type",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/vi/data.json

@@ -34,6 +34,8 @@
     "Enable Email linking - Tooltip": "Khi sử dụng nhà cung cấp bên thứ ba để đăng nhập, nếu có người dùng trong tổ chức có cùng địa chỉ Email, phương pháp đăng nhập bên thứ ba sẽ tự động được liên kết với người dùng đó",
     "Enable SAML C14N10": "Enable SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "Enable SAML C14N10 - Tooltip",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "Cho phép nén SAML",
     "Enable SAML compression - Tooltip": "Liệu có nén các thông điệp phản hồi SAML khi Casdoor được sử dụng làm SAML idp không?",
     "Enable side panel": "Cho phép bên thanh phẩm",
@@ -723,11 +725,11 @@
     "Email content - Tooltip": "Nội dung của Email",
     "Email title": "Tiêu đề email",
     "Email title - Tooltip": "Tiêu đề của email",
-    "Enable QR code": "Kích hoạt mã QR",
-    "Enable QR code - Tooltip": "Cho phép quét mã QR để đăng nhập",
     "Endpoint": "Điểm cuối",
     "Endpoint (Intranet)": "Điểm kết thúc (mạng nội bộ)",
     "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "If you choose \"Use WeChat Open Platform to login\", users need to login on the WeChat Open Platform after following the wechat official account.",
     "From address": "From address",
     "From address - Tooltip": "From address - Tooltip",
     "From name": "From name",
@@ -755,7 +757,7 @@
     "Parse metadata successfully": "Phân tích siêu dữ liệu thành công",
     "Path prefix": "Tiền tố đường dẫn",
     "Path prefix - Tooltip": "Tiền tố đường dẫn thùng chứa cho lưu trữ đối tượng",
-    "Please use WeChat and scan the QR code to sign in": "Vui lòng sử dụng WeChat và quét mã QR để đăng nhập",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "Cảng",
     "Port - Tooltip": "Chắc chắn rằng cổng đang mở",
     "Private Key": "Private Key",
@@ -833,6 +835,10 @@
     "Token URL - Tooltip": "Địa chỉ của mã thông báo",
     "Type": "Kiểu",
     "Type - Tooltip": "Chọn loại",
+    "Use WeChat Media Platform in PC": "Use WeChat Media Platform in PC",
+    "Use WeChat Media Platform in PC - Tooltip": "Whether to allow scanning WeChat Media Platform QR code to login",
+    "Use WeChat Media Platform to login": "Use WeChat Media Platform to login",
+    "Use WeChat Open Platform to login": "Use WeChat Open Platform to login",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow - Tooltip",
     "User mapping": "User mapping",

web/src/locales/zh/data.json

@@ -34,10 +34,10 @@
     "Enable Email linking - Tooltip": "使用第三方授权登录时，如果组织中存在与授权用户邮箱相同的用户，会自动关联该第三方登录方式到该用户",
     "Enable SAML C14N10": "启用SAML C14N10",
     "Enable SAML C14N10 - Tooltip": "在SAML协议里使用C14N10，而不是C14N11",
+    "Enable SAML POST binding": "Enable SAML POST binding",
+    "Enable SAML POST binding - Tooltip": "The HTTP POST binding uses input fields in a HTML form to send SAML messages, Enable when your SP use it",
     "Enable SAML compression": "压缩SAML响应",
     "Enable SAML compression - Tooltip": "Casdoor作为SAML IdP时，是否压缩SAML响应信息",
-    "Enable SAML POST binding": "启用SAML POST Binding",
-    "Enable SAML POST binding - Tooltip": "HTTP POST绑定使用HTML表单中的输入字段发送SAML消息，当SP使用它时启用",
     "Enable side panel": "启用侧面板",
     "Enable signin session - Tooltip": "从应用登录Casdoor后，Casdoor是否保持会话",
     "Enable signup": "启用注册",
@@ -725,11 +725,11 @@
     "Email content - Tooltip": "邮件内容",
     "Email title": "邮件标题",
     "Email title - Tooltip": "邮件标题",
-    "Enable QR code": "扫码登录",
-    "Enable QR code - Tooltip": "是否允许扫描二维码登录",
     "Endpoint": "地域节点 (外网)",
     "Endpoint (Intranet)": "地域节点 (内网)",
     "Endpoint - Tooltip": "端点 - 工具提示",
+    "Follow-up action": "后继动作",
+    "Follow-up action - Tooltip": "如果你选择“使用微信开放平台进行登录”，用户在扫描二维码并关注公众号后需要在微信开放平台进行登录",
     "From address": "发件人地址",
     "From address - Tooltip": "邮件里发件人的邮箱地址",
     "From name": "发件人名称",
@@ -757,7 +757,7 @@
     "Parse metadata successfully": "解析元数据成功",
     "Path prefix": "路径前缀",
     "Path prefix - Tooltip": "对象存储的Bucket路径前缀",
-    "Please use WeChat and scan the QR code to sign in": "请使用微信扫描二维码登录",
+    "Please use WeChat to scan the QR code and follow the official account for sign in": "Please use WeChat to scan the QR code and follow the official account for sign in",
     "Port": "端口",
     "Port - Tooltip": "请确保端口号打开",
     "Private Key": "私钥",
@@ -835,6 +835,10 @@
     "Token URL - Tooltip": "自定义OAuth的Token URL",
     "Type": "类型",
     "Type - Tooltip": "类型",
+    "Use WeChat Media Platform in PC": "在PC端使用微信公众平台",
+    "Use WeChat Media Platform in PC - Tooltip": "是否使用微信公众平台的二维码进行登录",
+    "Use WeChat Media Platform to login": "使用微信公众平台进行登录",
+    "Use WeChat Open Platform to login": "使用微信开放平台进行登录",
     "User flow": "User flow",
     "User flow - Tooltip": "User flow",
     "User mapping": "用户映射",

web/src/table/SigninMethodTable.js

@@ -163,7 +163,7 @@ class SigninMethodTable extends React.Component {
                 <Button style={{marginRight: "5px"}} disabled={index === table.length - 1} icon={<DownOutlined />} size="small" onClick={() => this.downRow(table, index)} />
               </Tooltip>
               <Tooltip placement="topLeft" title={i18next.t("general:Delete")}>
-                <Button icon={<DeleteOutlined />} size="small" disabled={table.length <= 1} onClick={() => this.deleteRow(items, table, index)} />
+                <Button icon={<DeleteOutlined />} size="small" onClick={() => this.deleteRow(items, table, index)} />
               </Tooltip>
             </div>
           );