feat: add "Face ID" login method (#2782 )

Face Login via face-api.js
fix: Ensure /api/get-app-login Returns Captcha Provider for Applications Configured with Captcha (#2800 )
2025-07-16 01:13:51 +08:00 · 2024-03-16 09:04:00 +08:00 · 2024-03-15 19:56:12 +08:00 · 2024-03-15 19:52:19 +08:00 · 2024-03-15 19:36:39 +08:00 · 2024-03-13 23:59:05 +08:00
96 changed files with 3970 additions and 1229 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -108,6 +108,7 @@ jobs:
        working-directory: ./web
      - uses: cypress-io/github-action@v5
        with:
+          browser: chrome
          start: yarn start
          wait-on: 'http://localhost:7001'
          wait-on-timeout: 210
--- a/authz/authz.go
+++ b/authz/authz.go
@ -161,6 +161,11 @@ func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath
 				return true
 			}
 			return false
+		} else if urlPath == "/api/upload-resource" {
+			if subOwner == "app" && subName == "app-casibase" {
+				return true
+			}
+			return false
 		} else {
 			return false
 		}
--- a/controllers/account.go
+++ b/controllers/account.go
@ -459,7 +459,12 @@ func (c *ApiController) GetUserinfo() {

 	scope, aud := c.GetSessionOidc()
 	host := c.Ctx.Request.Host
-	userInfo := object.GetUserInfo(user, scope, aud, host)
+
+	userInfo, err := object.GetUserInfo(user, scope, aud, host)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}

 	c.Data["json"] = userInfo
 	c.ServeJSON()
--- a/controllers/application.go
+++ b/controllers/application.go
@ -177,7 +177,7 @@ func (c *ApiController) GetOrganizationApplications() {
 			return
 		}

-		applications, err = object.GetAllowedApplications(applications, userId)
+		applications, err = object.GetAllowedApplications(applications, userId, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@ -194,13 +194,19 @@ func (c *ApiController) GetOrganizationApplications() {
 		}

 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		application, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		applications, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		applications := object.GetMaskedApplications(application, userId)
+		applications, err = object.GetAllowedApplications(applications, userId, c.GetAcceptLanguage())
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		applications = object.GetMaskedApplications(applications, userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -327,7 +327,38 @@ func (c *ApiController) Login() {
 		}

 		var user *object.User
-		if authForm.Password == "" {
+		if authForm.SigninMethod == "Face ID" {
+			if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
+				c.ResponseError(err.Error(), nil)
+				return
+			} else if user == nil {
+				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
+				return
+			}
+
+			var application *object.Application
+			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
+			if err != nil {
+				c.ResponseError(err.Error(), nil)
+				return
+			}
+
+			if application == nil {
+				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
+				return
+			}
+
+			if !application.IsFaceIdEnabled() {
+				c.ResponseError(c.T("auth:The login method: login with face is not enabled for the application"))
+				return
+			}
+
+			if err := object.CheckFaceId(user, authForm.FaceId, c.GetAcceptLanguage()); err != nil {
+				c.ResponseError(err.Error(), nil)
+				return
+			}
+
+		} else if authForm.Password == "" {
 			if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
 				c.ResponseError(err.Error(), nil)
 				return
--- a/controllers/resource.go
+++ b/controllers/resource.go
@ -52,6 +52,15 @@ func (c *ApiController) GetResources() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")

+	isOrgAdmin, ok := c.IsOrgAdmin()
+	if !ok {
+		return
+	}
+
+	if isOrgAdmin {
+		user = ""
+	}
+
 	if sortField == "Direct" {
 		provider, err := c.GetProviderFromContext("Storage")
 		if err != nil {
--- a/controllers/service.go
+++ b/controllers/service.go
@ -60,7 +60,6 @@ func (c *ApiController) SendEmail() {
 	}

 	var emailForm EmailForm
-
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &emailForm)
 	if err != nil {
 		c.ResponseError(err.Error())
@ -87,7 +86,7 @@ func (c *ApiController) SendEmail() {

 	// when receiver is the reserved keyword: "TestSmtpServer", it means to test the SMTP server instead of sending a real Email
 	if len(emailForm.Receivers) == 1 && emailForm.Receivers[0] == "TestSmtpServer" {
-		err := object.DailSmtpServer(provider)
+		err = object.DailSmtpServer(provider)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@ -112,20 +111,23 @@ func (c *ApiController) SendEmail() {
 		return
 	}

-	code := "123456"
+	content := emailForm.Content
+	if content == "" {
+		code := "123456"

-	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
-	content := strings.Replace(provider.Content, "%s", code, 1)
-	if !strings.HasPrefix(userId, "app/") {
-		var user *object.User
-		user, err = object.GetUser(userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
+		content = strings.Replace(provider.Content, "%s", code, 1)
+		if !strings.HasPrefix(userId, "app/") {
+			var user *object.User
+			user, err = object.GetUser(userId)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}

-		if user != nil {
-			content = strings.Replace(content, "%{user.friendlyName}", user.GetFriendlyName(), 1)
+			if user != nil {
+				content = strings.Replace(content, "%{user.friendlyName}", user.GetFriendlyName(), 1)
+			}
 		}
 	}

--- a/controllers/transaction.go
+++ b/controllers/transaction.go
@ -0,0 +1,167 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetTransactions
+// @Title GetTransactions
+// @Tag Transaction API
+// @Description get transactions
+// @Param   owner     query    string  true        "The owner of transactions"
+// @Success 200 {array} object.Transaction The Response object
+// @router /get-transactions [get]
+func (c *ApiController) GetTransactions() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+
+	if limit == "" || page == "" {
+		transactions, err := object.GetTransactions(owner)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		c.ResponseOk(transactions)
+	} else {
+		limit := util.ParseInt(limit)
+		count, err := object.GetTransactionCount(owner, field, value)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
+		transactions, err := object.GetPaginationTransactions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		c.ResponseOk(transactions, paginator.Nums())
+	}
+}
+
+// GetUserTransactions
+// @Title GetUserTransaction
+// @Tag Transaction API
+// @Description get transactions for a user
+// @Param   owner     query    string  true        "The owner of transactions"
+// @Param   organization    query   string  true   "The organization of the user"
+// @Param   user    query   string  true           "The username of the user"
+// @Success 200 {array} object.Transaction The Response object
+// @router /get-user-transactions [get]
+func (c *ApiController) GetUserTransactions() {
+	owner := c.Input().Get("owner")
+	user := c.Input().Get("user")
+
+	transactions, err := object.GetUserTransactions(owner, user)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(transactions)
+}
+
+// GetTransaction
+// @Title GetTransaction
+// @Tag Transaction API
+// @Description get transaction
+// @Param   id     query    string  true        "The id ( owner/name ) of the transaction"
+// @Success 200 {object} object.Transaction The Response object
+// @router /get-transaction [get]
+func (c *ApiController) GetTransaction() {
+	id := c.Input().Get("id")
+
+	transaction, err := object.GetTransaction(id)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(transaction)
+}
+
+// UpdateTransaction
+// @Title UpdateTransaction
+// @Tag Transaction API
+// @Description update transaction
+// @Param   id     query    string  true        "The id ( owner/name ) of the transaction"
+// @Param   body    body   object.Transaction  true        "The details of the transaction"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-transaction [post]
+func (c *ApiController) UpdateTransaction() {
+	id := c.Input().Get("id")
+
+	var transaction object.Transaction
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateTransaction(id, &transaction))
+	c.ServeJSON()
+}
+
+// AddTransaction
+// @Title AddTransaction
+// @Tag Transaction API
+// @Description add transaction
+// @Param   body    body   object.Transaction  true        "The details of the transaction"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-transaction [post]
+func (c *ApiController) AddTransaction() {
+	var transaction object.Transaction
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddTransaction(&transaction))
+	c.ServeJSON()
+}
+
+// DeleteTransaction
+// @Title DeleteTransaction
+// @Tag Transaction API
+// @Description delete transaction
+// @Param   body    body   object.Transaction  true        "The details of the transaction"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-transaction [post]
+func (c *ApiController) DeleteTransaction() {
+	var transaction object.Transaction
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteTransaction(&transaction))
+	c.ServeJSON()
+}
--- a/controllers/util.go
+++ b/controllers/util.go
@ -108,12 +108,12 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 		c.ResponseError(err.Error())
 		return nil, false
 	}
-
 	if user == nil {
 		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return nil, false
 	}
+
 	return user, true
 }

@ -130,6 +130,30 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	return user.Owner, true
 }

+func (c *ApiController) IsOrgAdmin() (bool, bool) {
+	userId, ok := c.RequireSignedIn()
+	if !ok {
+		return false, true
+	}
+
+	if strings.HasPrefix(userId, "app/") {
+		return true, true
+	}
+
+	user, err := object.GetUser(userId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return false, false
+	}
+	if user == nil {
+		c.ClearUserSession()
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
+		return false, false
+	}
+
+	return user.IsAdmin, true
+}
+
 // IsMaskedEnabled ...
 func (c *ApiController) IsMaskedEnabled() (bool, bool) {
 	isMaskEnabled := true
--- a/deployment/deploy.go
+++ b/deployment/deploy.go
@ -27,7 +27,10 @@ import (
 )

 func deployStaticFiles(provider *object.Provider) {
-	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
+	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
+	if err != nil {
+		panic(err)
+	}
 	if storageProvider == nil {
 		panic(fmt.Sprintf("the provider type: %s is not supported", provider.Type))
 	}
--- a/form/auth.go
+++ b/form/auth.go
@ -61,6 +61,8 @@ type AuthForm struct {

 	Plan    string `json:"plan"`
 	Pricing string `json:"pricing"`
+
+	FaceId []float64 `json:"faceId"`
 }

 func GetAuthFormFieldValue(form *AuthForm, fieldName string) (bool, string) {
--- a/go.mod
+++ b/go.mod
@ -9,12 +9,12 @@ require (
 	github.com/beego/beego v1.12.12
 	github.com/beevik/etree v1.1.0
 	github.com/casbin/casbin/v2 v2.77.2
-	github.com/casdoor/go-sms-sender v0.19.0
+	github.com/casdoor/go-sms-sender v0.20.0
 	github.com/casdoor/gomail/v2 v2.0.1
 	github.com/casdoor/notify v0.45.0
-	github.com/casdoor/oss v1.5.0
+	github.com/casdoor/oss v1.6.0
 	github.com/casdoor/xorm-adapter/v3 v3.1.0
-	github.com/casvisor/casvisor-go-sdk v1.0.3
+	github.com/casvisor/casvisor-go-sdk v1.1.0
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.9.0
 	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -1083,18 +1083,18 @@ github.com/casbin/casbin/v2 v2.77.2 h1:yQinn/w9x8AswiwqwtrXz93VU48R1aYTXdHEx4RI3
 github.com/casbin/casbin/v2 v2.77.2/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk=
 github.com/casdoor/go-reddit/v2 v2.1.0 h1:kIbfdJ7AA7H0uTQ8s0q4GGZqSS5V9wVE74RrXyD9XPs=
 github.com/casdoor/go-reddit/v2 v2.1.0/go.mod h1:eagkvwlZ4Hcsuc/uQsLHYEulz5jN65SVSwV/AIE7zsc=
-github.com/casdoor/go-sms-sender v0.19.0 h1:qVz7RLXx8aGgfzLUGvhNe6pbhxDqP2/qNY+XPepfpyQ=
-github.com/casdoor/go-sms-sender v0.19.0/go.mod h1:cQs7qqohMJBgIVZebOCB8ko09naG1vzFJEH59VNIscs=
+github.com/casdoor/go-sms-sender v0.20.0 h1:yLbCakV04DzzehhgBklOrSeCFjMwpfKBeemz9b+Y8OM=
+github.com/casdoor/go-sms-sender v0.20.0/go.mod h1:cQs7qqohMJBgIVZebOCB8ko09naG1vzFJEH59VNIscs=
 github.com/casdoor/gomail/v2 v2.0.1 h1:J+FG6x80s9e5lBHUn8Sv0Y56mud34KiWih5YdmudR/w=
 github.com/casdoor/gomail/v2 v2.0.1/go.mod h1:VnGPslEAtpix5FjHisR/WKB1qvZDBaujbikxDe9d+2Q=
 github.com/casdoor/notify v0.45.0 h1:OlaFvcQFjGOgA4mRx07M8AH1gvb5xNo21mcqrVGlLgk=
 github.com/casdoor/notify v0.45.0/go.mod h1:wNHQu0tiDROMBIvz0j3Om3Lhd5yZ+AIfnFb8MYb8OLQ=
-github.com/casdoor/oss v1.5.0 h1:mi1htaXR5fynskDry1S3wk+Dd2nRY1z1pVcnGsqMqP4=
-github.com/casdoor/oss v1.5.0/go.mod h1:rJAWA0hLhtu94t6IRpotLUkXO1NWMASirywQYaGizJE=
+github.com/casdoor/oss v1.6.0 h1:IOWrGLJ+VO82qS796eaRnzFPPA1Sn3cotYTi7O/VIlQ=
+github.com/casdoor/oss v1.6.0/go.mod h1:rJAWA0hLhtu94t6IRpotLUkXO1NWMASirywQYaGizJE=
 github.com/casdoor/xorm-adapter/v3 v3.1.0 h1:NodWayRtSLVSeCvL9H3Hc61k0G17KhV9IymTCNfh3kk=
 github.com/casdoor/xorm-adapter/v3 v3.1.0/go.mod h1:4WTcUw+bTgBylGHeGHzTtBvuTXRS23dtwzFLl9tsgFM=
-github.com/casvisor/casvisor-go-sdk v1.0.3 h1:TKJQWKnhtznEBhzLPEdNsp7nJK2GgdD8JsB0lFPMW7U=
-github.com/casvisor/casvisor-go-sdk v1.0.3/go.mod h1:frnNtH5GA0wxzAQLyZxxfL0RSsSub9GQPi2Ybe86ocE=
+github.com/casvisor/casvisor-go-sdk v1.1.0 h1:XRDrlDuMjXfPsNa1INLHASPHdV/vgwh1gPZ7+v9fNHk=
+github.com/casvisor/casvisor-go-sdk v1.1.0/go.mod h1:frnNtH5GA0wxzAQLyZxxfL0RSsSub9GQPi2Ybe86ocE=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
--- a/object/application.go
+++ b/object/application.go
@ -19,6 +19,7 @@ import (
 	"regexp"
 	"strings"

+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
@ -104,6 +105,7 @@ type Application struct {
 	SignupHtml           string     `xorm:"mediumtext" json:"signupHtml"`
 	SigninHtml           string     `xorm:"mediumtext" json:"signinHtml"`
 	ThemeData            *ThemeData `xorm:"json" json:"themeData"`
+	FooterHtml           string     `xorm:"mediumtext" json:"footerHtml"`
 	FormCss              string     `xorm:"text" json:"formCss"`
 	FormCssMobile        string     `xorm:"text" json:"formCssMobile"`
 	FormOffset           int        `json:"formOffset"`
@ -222,7 +224,7 @@ func extendApplicationWithSigninItems(application *Application) (err error) {
 		signinItem = &SigninItem{
 			Name:        "Logo",
 			Visible:     true,
-			Label:       "\n<style>\n  .login-logo-box {\n  }\n<style>\n",
+			Label:       "\n<style>\n  .login-logo-box {\n  }\n</style>\n",
 			Placeholder: "",
 			Rule:        "None",
 		}
@ -230,7 +232,7 @@ func extendApplicationWithSigninItems(application *Application) (err error) {
 		signinItem = &SigninItem{
 			Name:        "Signin methods",
 			Visible:     true,
-			Label:       "\n<style>\n  .signin-methods {\n  }\n<style>\n",
+			Label:       "\n<style>\n  .signin-methods {\n  }\n</style>\n",
 			Placeholder: "",
 			Rule:        "None",
 		}
@ -238,7 +240,7 @@ func extendApplicationWithSigninItems(application *Application) (err error) {
 		signinItem = &SigninItem{
 			Name:        "Username",
 			Visible:     true,
-			Label:       "\n<style>\n  .login-username {\n  }\n<style>\n",
+			Label:       "\n<style>\n  .login-username {\n  }\n</style>\n",
 			Placeholder: "",
 			Rule:        "None",
 		}
@ -246,7 +248,7 @@ func extendApplicationWithSigninItems(application *Application) (err error) {
 		signinItem = &SigninItem{
 			Name:        "Password",
 			Visible:     true,
-			Label:       "\n<style>\n  .login-password {\n  }\n<style>\n",
+			Label:       "\n<style>\n  .login-password {\n  }\n</style>\n",
 			Placeholder: "",
 			Rule:        "None",
 		}
@ -254,7 +256,7 @@ func extendApplicationWithSigninItems(application *Application) (err error) {
 		signinItem = &SigninItem{
 			Name:        "Agreement",
 			Visible:     true,
-			Label:       "\n<style>\n  .login-agreement {\n  }\n<style>\n",
+			Label:       "\n<style>\n  .login-agreement {\n  }\n</style>\n",
 			Placeholder: "",
 			Rule:        "None",
 		}
@ -262,7 +264,7 @@ func extendApplicationWithSigninItems(application *Application) (err error) {
 		signinItem = &SigninItem{
 			Name:        "Forgot password?",
 			Visible:     true,
-			Label:       "\n<style>\n  .login-forget-password {\n    display: inline-flex;\n    justify-content: space-between;\n    width: 320px;\n    margin-bottom: 25px;\n  }\n<style>\n",
+			Label:       "\n<style>\n  .login-forget-password {\n    display: inline-flex;\n    justify-content: space-between;\n    width: 320px;\n    margin-bottom: 25px;\n  }\n</style>\n",
 			Placeholder: "",
 			Rule:        "None",
 		}
@ -270,7 +272,7 @@ func extendApplicationWithSigninItems(application *Application) (err error) {
 		signinItem = &SigninItem{
 			Name:        "Login button",
 			Visible:     true,
-			Label:       "\n<style>\n  .login-button-box {\n    margin-bottom: 5px;\n  }\n  .login-button {\n    width: 100%;\n  }\n<style>\n",
+			Label:       "\n<style>\n  .login-button-box {\n    margin-bottom: 5px;\n  }\n  .login-button {\n    width: 100%;\n  }\n</style>\n",
 			Placeholder: "",
 			Rule:        "None",
 		}
@ -278,7 +280,7 @@ func extendApplicationWithSigninItems(application *Application) (err error) {
 		signinItem = &SigninItem{
 			Name:        "Signup link",
 			Visible:     true,
-			Label:       "\n<style>\n  .login-signup-link {\n    margin-bottom: 24px;\n    display: flex;\n    justify-content: end;\n}\n<style>\n",
+			Label:       "\n<style>\n  .login-signup-link {\n    margin-bottom: 24px;\n    display: flex;\n    justify-content: end;\n}\n</style>\n",
 			Placeholder: "",
 			Rule:        "None",
 		}
@ -468,36 +470,71 @@ func GetMaskedApplication(application *Application, userId string) *Application
 		application.FailedSigninFrozenTime = DefaultFailedSigninFrozenTime
 	}

+	isOrgUser := false
 	if userId != "" {
 		if isUserIdGlobalAdmin(userId) {
 			return application
 		}

-		user, _ := GetUser(userId)
-		if user != nil && user.IsApplicationAdmin(application) {
-			return application
+		user, err := GetUser(userId)
+		if err != nil {
+			panic(err)
+		}
+		if user != nil {
+			if user.IsApplicationAdmin(application) {
+				return application
+			}
+
+			if user.Owner == application.Organization {
+				isOrgUser = true
+			}
 		}
 	}

-	if application.ClientSecret != "" {
-		application.ClientSecret = "***"
+	application.ClientSecret = "***"
+	application.Cert = "***"
+	application.EnablePassword = false
+	application.EnableSigninSession = false
+	application.EnableCodeSignin = false
+	application.EnableSamlCompress = false
+	application.EnableSamlC14n10 = false
+	application.EnableSamlPostBinding = false
+	application.EnableWebAuthn = false
+	application.EnableLinkWithEmail = false
+	application.SamlReplyUrl = "***"
+
+	providerItems := []*ProviderItem{}
+	for _, providerItem := range application.Providers {
+		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha") {
+			providerItems = append(providerItems, providerItem)
+		}
 	}
+	application.Providers = providerItems
+
+	application.GrantTypes = nil
+	application.Tags = nil
+	application.RedirectUris = nil
+	application.TokenFormat = "***"
+	application.TokenFields = nil
+	application.ExpireInHours = -1
+	application.RefreshExpireInHours = -1
+	application.FailedSigninLimit = -1
+	application.FailedSigninFrozenTime = -1

 	if application.OrganizationObj != nil {
-		if application.OrganizationObj.MasterPassword != "" {
-			application.OrganizationObj.MasterPassword = "***"
-		}
-		if application.OrganizationObj.DefaultPassword != "" {
-			application.OrganizationObj.DefaultPassword = "***"
-		}
-		if application.OrganizationObj.MasterVerificationCode != "" {
-			application.OrganizationObj.MasterVerificationCode = "***"
-		}
-		if application.OrganizationObj.PasswordType != "" {
-			application.OrganizationObj.PasswordType = "***"
-		}
-		if application.OrganizationObj.PasswordSalt != "" {
-			application.OrganizationObj.PasswordSalt = "***"
+		application.OrganizationObj.MasterPassword = "***"
+		application.OrganizationObj.DefaultPassword = "***"
+		application.OrganizationObj.MasterVerificationCode = "***"
+		application.OrganizationObj.PasswordType = "***"
+		application.OrganizationObj.PasswordSalt = "***"
+		application.OrganizationObj.InitScore = -1
+		application.OrganizationObj.EnableSoftDeletion = false
+
+		if !isOrgUser {
+			application.OrganizationObj.MfaItems = nil
+			if !application.OrganizationObj.IsProfilePublic {
+				application.OrganizationObj.AccountItems = nil
+			}
 		}
 	}

@ -515,8 +552,12 @@ func GetMaskedApplications(applications []*Application, userId string) []*Applic
 	return applications
 }

-func GetAllowedApplications(applications []*Application, userId string) ([]*Application, error) {
-	if userId == "" || isUserIdGlobalAdmin(userId) {
+func GetAllowedApplications(applications []*Application, userId string, lang string) ([]*Application, error) {
+	if userId == "" {
+		return nil, fmt.Errorf(i18n.Translate(lang, "auth:Unauthorized operation"))
+	}
+
+	if isUserIdGlobalAdmin(userId) {
 		return applications, nil
 	}

@ -524,7 +565,11 @@ func GetAllowedApplications(applications []*Application, userId string) ([]*Appl
 	if err != nil {
 		return nil, err
 	}
-	if user != nil && user.IsAdmin {
+	if user == nil {
+		return nil, fmt.Errorf(i18n.Translate(lang, "auth:Unauthorized operation"))
+	}
+
+	if user.IsAdmin {
 		return applications, nil
 	}

@ -639,7 +684,7 @@ func (application *Application) GetId() string {
 }

 func (application *Application) IsRedirectUriValid(redirectUri string) bool {
-	redirectUris := append([]string{"http://localhost:", "https://localhost:", "http://127.0.0.1:", "http://casdoor-app"}, application.RedirectUris...)
+	redirectUris := append([]string{"http://localhost:", "https://localhost:", "http://127.0.0.1:", "http://casdoor-app", ".chromiumapp.org"}, application.RedirectUris...)
 	for _, targetUri := range redirectUris {
 		targetUriRegex := regexp.MustCompile(targetUri)
 		if targetUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, targetUri) {
@ -712,6 +757,17 @@ func (application *Application) IsLdapEnabled() bool {
 	return false
 }

+func (application *Application) IsFaceIdEnabled() bool {
+	if len(application.SigninMethods) > 0 {
+		for _, signinMethod := range application.SigninMethods {
+			if signinMethod.Name == "Face ID" {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 func IsOriginAllowed(origin string) (bool, error) {
 	applications, err := GetApplications("")
 	if err != nil {
--- a/object/cert.go
+++ b/object/cert.go
@ -205,16 +205,41 @@ func (p *Cert) GetId() string {
 }

 func (p *Cert) populateContent() error {
-	if p.Certificate == "" || p.PrivateKey == "" {
-		certificate, privateKey, err := generateRsaKeys(p.BitSize, p.ExpireInYears, p.Name, p.Owner)
-		if err != nil {
-			return err
-		}
-
-		p.Certificate = certificate
-		p.PrivateKey = privateKey
+	if p.Certificate != "" && p.PrivateKey != "" {
+		return nil
 	}

+	if len(p.CryptoAlgorithm) < 3 {
+		err := fmt.Errorf("populateContent() error, unsupported crypto algorithm: %s", p.CryptoAlgorithm)
+		return err
+	}
+
+	if p.CryptoAlgorithm == "RSA" {
+		p.CryptoAlgorithm = "RS256"
+	}
+
+	sigAlgorithm := p.CryptoAlgorithm[:2]
+	shaSize, err := util.ParseIntWithError(p.CryptoAlgorithm[2:])
+	if err != nil {
+		return err
+	}
+
+	var certificate, privateKey string
+	if sigAlgorithm == "RS" {
+		certificate, privateKey, err = generateRsaKeys(p.BitSize, shaSize, p.ExpireInYears, p.Name, p.Owner)
+	} else if sigAlgorithm == "ES" {
+		certificate, privateKey, err = generateEsKeys(shaSize, p.ExpireInYears, p.Name, p.Owner)
+	} else if sigAlgorithm == "PS" {
+		certificate, privateKey, err = generateRsaPssKeys(p.BitSize, shaSize, p.ExpireInYears, p.Name, p.Owner)
+	} else {
+		err = fmt.Errorf("populateContent() error, unsupported signature algorithm: %s", sigAlgorithm)
+	}
+	if err != nil {
+		return err
+	}
+
+	p.Certificate = certificate
+	p.PrivateKey = privateKey
 	return nil
 }

--- a/object/get-dashboard.go
+++ b/object/get-dashboard.go
@ -28,6 +28,10 @@ type Dashboard struct {
 }

 func GetDashboard(owner string) (*Dashboard, error) {
+	if owner == "All" {
+		owner = ""
+	}
+
 	dashboard := &Dashboard{
 		OrganizationCounts: make([]int, 31),
 		UserCounts:         make([]int, 31),
@ -36,14 +40,13 @@ func GetDashboard(owner string) (*Dashboard, error) {
 		SubscriptionCounts: make([]int, 31),
 	}

-	var wg sync.WaitGroup
-
 	organizations := []Organization{}
 	users := []User{}
 	providers := []Provider{}
 	applications := []Application{}
 	subscriptions := []Subscription{}

+	var wg sync.WaitGroup
 	wg.Add(5)
 	go func() {
 		defer wg.Done()
--- a/object/init_data.go
+++ b/object/init_data.go
@ -17,29 +17,35 @@ package object
 import (
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
+	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"
 )

 type InitData struct {
-	Organizations []*Organization `json:"organizations"`
-	Applications  []*Application  `json:"applications"`
-	Users         []*User         `json:"users"`
-	Certs         []*Cert         `json:"certs"`
-	Providers     []*Provider     `json:"providers"`
-	Ldaps         []*Ldap         `json:"ldaps"`
-	Models        []*Model        `json:"models"`
-	Permissions   []*Permission   `json:"permissions"`
-	Payments      []*Payment      `json:"payments"`
-	Products      []*Product      `json:"products"`
-	Resources     []*Resource     `json:"resources"`
-	Roles         []*Role         `json:"roles"`
-	Syncers       []*Syncer       `json:"syncers"`
-	Tokens        []*Token        `json:"tokens"`
-	Webhooks      []*Webhook      `json:"webhooks"`
-	Groups        []*Group        `json:"groups"`
-	Adapters      []*Adapter      `json:"adapters"`
-	Enforcers     []*Enforcer     `json:"enforcers"`
-	Plans         []*Plan         `json:"plans"`
-	Pricings      []*Pricing      `json:"pricings"`
+	Organizations []*Organization       `json:"organizations"`
+	Applications  []*Application        `json:"applications"`
+	Users         []*User               `json:"users"`
+	Certs         []*Cert               `json:"certs"`
+	Providers     []*Provider           `json:"providers"`
+	Ldaps         []*Ldap               `json:"ldaps"`
+	Models        []*Model              `json:"models"`
+	Permissions   []*Permission         `json:"permissions"`
+	Payments      []*Payment            `json:"payments"`
+	Products      []*Product            `json:"products"`
+	Resources     []*Resource           `json:"resources"`
+	Roles         []*Role               `json:"roles"`
+	Syncers       []*Syncer             `json:"syncers"`
+	Tokens        []*Token              `json:"tokens"`
+	Webhooks      []*Webhook            `json:"webhooks"`
+	Groups        []*Group              `json:"groups"`
+	Adapters      []*Adapter            `json:"adapters"`
+	Enforcers     []*Enforcer           `json:"enforcers"`
+	Plans         []*Plan               `json:"plans"`
+	Pricings      []*Pricing            `json:"pricings"`
+	Invitations   []*Invitation         `json:"invitations"`
+	Records       []*casvisorsdk.Record `json:"records"`
+	Sessions      []*Session            `json:"sessions"`
+	Subscriptions []*Subscription       `json:"subscriptions"`
+	Transactions  []*Transaction        `json:"transactions"`
 }

 func InitFromFile() {
@ -114,6 +120,21 @@ func InitFromFile() {
 		for _, pricing := range initData.Pricings {
 			initDefinedPricing(pricing)
 		}
+		for _, invitation := range initData.Invitations {
+			initDefinedInvitation(invitation)
+		}
+		for _, record := range initData.Records {
+			initDefinedRecord(record)
+		}
+		for _, session := range initData.Sessions {
+			initDefinedSession(session)
+		}
+		for _, subscription := range initData.Subscriptions {
+			initDefinedSubscription(subscription)
+		}
+		for _, transaction := range initData.Transactions {
+			initDefinedTransaction(transaction)
+		}
 	}
 }

@ -145,6 +166,11 @@ func readInitDataFromFile(filePath string) (*InitData, error) {
 		Enforcers:     []*Enforcer{},
 		Plans:         []*Plan{},
 		Pricings:      []*Pricing{},
+		Invitations:   []*Invitation{},
+		Records:       []*casvisorsdk.Record{},
+		Sessions:      []*Session{},
+		Subscriptions: []*Subscription{},
+		Transactions:  []*Transaction{},
 	}
 	err := util.JsonToStruct(s, data)
 	if err != nil {
@ -225,6 +251,11 @@ func readInitDataFromFile(filePath string) (*InitData, error) {
 			pricing.Plans = []string{}
 		}
 	}
+	for _, session := range data.Sessions {
+		if session.SessionId == nil {
+			session.SessionId = []string{}
+		}
+	}
 	return data, nil
 }

@ -543,3 +574,61 @@ func initDefinedPricing(pricing *Pricing) {
 		panic(err)
 	}
 }
+
+func initDefinedInvitation(invitation *Invitation) {
+	existed, err := getInvitation(invitation.Owner, invitation.Name)
+	if err != nil {
+		panic(err)
+	}
+	if existed != nil {
+		return
+	}
+	invitation.CreatedTime = util.GetCurrentTime()
+	_, err = AddInvitation(invitation, "en")
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initDefinedRecord(record *casvisorsdk.Record) {
+	record.CreatedTime = util.GetCurrentTime()
+	_ = AddRecord(record)
+}
+
+func initDefinedSession(session *Session) {
+	session.CreatedTime = util.GetCurrentTime()
+	_, err := AddSession(session)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initDefinedSubscription(subscription *Subscription) {
+	existed, err := getSubscription(subscription.Owner, subscription.Name)
+	if err != nil {
+		panic(err)
+	}
+	if existed != nil {
+		return
+	}
+	subscription.CreatedTime = util.GetCurrentTime()
+	_, err = AddSubscription(subscription)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initDefinedTransaction(transaction *Transaction) {
+	existed, err := getTransaction(transaction.Owner, transaction.Name)
+	if err != nil {
+		panic(err)
+	}
+	if existed != nil {
+		return
+	}
+	transaction.CreatedTime = util.GetCurrentTime()
+	_, err = AddTransaction(transaction)
+	if err != nil {
+		panic(err)
+	}
+}
--- a/object/init_data_dump.go
+++ b/object/init_data_dump.go
@ -121,6 +121,31 @@ func writeInitDataToFile(filePath string) error {
 		return err
 	}

+	invitations, err := GetInvitations("")
+	if err != nil {
+		return err
+	}
+
+	records, err := GetRecords()
+	if err != nil {
+		return err
+	}
+
+	sessions, err := GetSessions("")
+	if err != nil {
+		return err
+	}
+
+	subscriptions, err := GetSubscriptions("")
+	if err != nil {
+		return err
+	}
+
+	transactions, err := GetTransactions("")
+	if err != nil {
+		return err
+	}
+
 	data := &InitData{
 		Organizations: organizations,
 		Applications:  applications,
@ -142,6 +167,11 @@ func writeInitDataToFile(filePath string) error {
 		Enforcers:     enforcers,
 		Plans:         plans,
 		Pricings:      pricings,
+		Invitations:   invitations,
+		Records:       records,
+		Sessions:      sessions,
+		Subscriptions: subscriptions,
+		Transactions:  transactions,
 	}

 	text := util.StructToJsonFormatted(data)
--- a/object/organization.go
+++ b/object/organization.go
@ -54,6 +54,8 @@ type Organization struct {

 	DisplayName            string     `xorm:"varchar(100)" json:"displayName"`
 	WebsiteUrl             string     `xorm:"varchar(100)" json:"websiteUrl"`
+	Logo                   string     `xorm:"varchar(200)" json:"logo"`
+	LogoDark               string     `xorm:"varchar(200)" json:"logoDark"`
 	Favicon                string     `xorm:"varchar(100)" json:"favicon"`
 	PasswordType           string     `xorm:"varchar(100)" json:"passwordType"`
 	PasswordSalt           string     `xorm:"varchar(100)" json:"passwordSalt"`
--- a/object/ormer.go
+++ b/object/ormer.go
@ -388,6 +388,11 @@ func (a *Ormer) createTable() {
 		panic(err)
 	}

+	err = a.Engine.Sync2(new(Transaction))
+	if err != nil {
+		panic(err)
+	}
+
 	err = a.Engine.Sync2(new(Syncer))
 	if err != nil {
 		panic(err)
--- a/object/record.go
+++ b/object/record.go
@ -47,6 +47,12 @@ func NewRecord(ctx *context.Context) *casvisorsdk.Record {
 		object = string(ctx.Input.RequestBody)
 	}

+	language := ctx.Request.Header.Get("Accept-Language")
+	if len(language) > 2 {
+		language = language[0:2]
+	}
+	languageCode := conf.GetLanguage(language)
+
 	record := casvisorsdk.Record{
 		Name:        util.GenerateId(),
 		CreatedTime: util.GetCurrentTime(),
@ -55,6 +61,7 @@ func NewRecord(ctx *context.Context) *casvisorsdk.Record {
 		Method:      ctx.Request.Method,
 		RequestUri:  requestUri,
 		Action:      action,
+		Language:    languageCode,
 		Object:      object,
 		IsTriggered: false,
 	}
@ -134,13 +141,19 @@ func GetRecordsByField(record *casvisorsdk.Record) ([]*casvisorsdk.Record, error
 	return records, nil
 }

-func getFilteredWebhooks(webhooks []*Webhook, action string) []*Webhook {
+func getFilteredWebhooks(webhooks []*Webhook, organization string, action string) []*Webhook {
 	res := []*Webhook{}
 	for _, webhook := range webhooks {
 		if !webhook.IsEnabled {
 			continue
 		}

+		if webhook.SingleOrgOnly {
+			if webhook.Organization != organization {
+				continue
+			}
+		}
+
 		matched := false
 		for _, event := range webhook.Events {
 			if action == event {
@ -163,7 +176,7 @@ func SendWebhooks(record *casvisorsdk.Record) error {
 	}

 	errs := []error{}
-	webhooks = getFilteredWebhooks(webhooks, record.Action)
+	webhooks = getFilteredWebhooks(webhooks, record.Organization, record.Action)
 	for _, webhook := range webhooks {
 		var user *User
 		if webhook.IsUserExtended {
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@ -179,8 +179,8 @@ type IdpSSODescriptor struct {
 }

 type NameIDFormat struct {
-	XMLName xml.Name
-	Value   string `xml:",innerxml"`
+	// XMLName xml.Name
+	Value string `xml:",innerxml"`
 }

 type SingleSignOnService struct {
@ -190,7 +190,7 @@ type SingleSignOnService struct {
 }

 type Attribute struct {
-	XMLName      xml.Name
+	// XMLName      xml.Name
 	Name         string   `xml:"Name,attr"`
 	NameFormat   string   `xml:"NameFormat,attr"`
 	FriendlyName string   `xml:"FriendlyName,attr"`
@ -273,7 +273,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	// base64 decode
 	defated, err := base64.StdEncoding.DecodeString(samlRequest)
 	if err != nil {
-		return "", "", method, fmt.Errorf("err: Failed to decode SAML request , %s", err.Error())
+		return "", "", "", fmt.Errorf("err: Failed to decode SAML request, %s", err.Error())
 	}

 	// decompress
@ -281,7 +281,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	rdr := flate.NewReader(bytes.NewReader(defated))

 	for {
-		_, err := io.CopyN(&buffer, rdr, 1024)
+		_, err = io.CopyN(&buffer, rdr, 1024)
 		if err != nil {
 			if err == io.EOF {
 				break
@ -293,12 +293,12 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	var authnRequest saml.AuthNRequest
 	err = xml.Unmarshal(buffer.Bytes(), &authnRequest)
 	if err != nil {
-		return "", "", method, fmt.Errorf("err: Failed to unmarshal AuthnRequest, please check the SAML request. %s", err.Error())
+		return "", "", "", fmt.Errorf("err: Failed to unmarshal AuthnRequest, please check the SAML request, %s", err.Error())
 	}

 	// verify samlRequest
 	if isValid := application.IsRedirectUriValid(authnRequest.Issuer); !isValid {
-		return "", "", method, fmt.Errorf("err: Issuer URI: %s doesn't exist in the allowed Redirect URI list", authnRequest.Issuer)
+		return "", "", "", fmt.Errorf("err: Issuer URI: %s doesn't exist in the allowed Redirect URI list", authnRequest.Issuer)
 	}

 	// get certificate string
@ -323,8 +323,13 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	}

 	_, originBackend := getOriginFromHost(host)
+
 	// build signedResponse
-	samlResponse, _ := NewSamlResponse(application, user, originBackend, certificate, authnRequest.AssertionConsumerServiceURL, authnRequest.Issuer, authnRequest.ID, application.RedirectUris)
+	samlResponse, err := NewSamlResponse(application, user, originBackend, certificate, authnRequest.AssertionConsumerServiceURL, authnRequest.Issuer, authnRequest.ID, application.RedirectUris)
+	if err != nil {
+		return "", "", "", fmt.Errorf("err: NewSamlResponse() error, %s", err.Error())
+	}
+
 	randomKeyStore := &X509Key{
 		PrivateKey:      cert.PrivateKey,
 		X509Certificate: certificate,
@ -336,18 +341,23 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 		ctx.Canonicalizer = dsig.MakeC14N10ExclusiveCanonicalizerWithPrefixList("")
 	}

-	//signedXML, err := ctx.SignEnvelopedLimix(samlResponse)
-	//if err != nil {
+	// signedXML, err := ctx.SignEnvelopedLimix(samlResponse)
+	// if err != nil {
 	//	return "", "", fmt.Errorf("err: %s", err.Error())
-	//}
+	// }
+
 	sig, err := ctx.ConstructSignature(samlResponse, true)
+	if err != nil {
+		return "", "", "", fmt.Errorf("err: Failed to serializes the SAML request into bytes, %s", err.Error())
+	}
+
 	samlResponse.InsertChildAt(1, sig)

 	doc := etree.NewDocument()
 	doc.SetRoot(samlResponse)
 	xmlBytes, err := doc.WriteToBytes()
 	if err != nil {
-		return "", "", method, fmt.Errorf("err: Failed to serializes the SAML request into bytes, %s", err.Error())
+		return "", "", "", fmt.Errorf("err: Failed to serializes the SAML request into bytes, %s", err.Error())
 	}

 	// compress
@ -355,16 +365,19 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 		flated := bytes.NewBuffer(nil)
 		writer, err := flate.NewWriter(flated, flate.DefaultCompression)
 		if err != nil {
-			return "", "", method, err
+			return "", "", "", err
 		}
+
 		_, err = writer.Write(xmlBytes)
 		if err != nil {
 			return "", "", "", err
 		}
+
 		err = writer.Close()
 		if err != nil {
 			return "", "", "", err
 		}
+
 		xmlBytes = flated.Bytes()
 	}
 	// base64 encode
@ -373,12 +386,12 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 }

 // NewSamlResponse11 return a saml1.1 response(not 2.0)
-func NewSamlResponse11(user *User, requestID string, host string) *etree.Element {
+func NewSamlResponse11(user *User, requestID string, host string) (*etree.Element, error) {
 	samlResponse := &etree.Element{
 		Space: "samlp",
 		Tag:   "Response",
 	}
-	// create samlresponse
+
 	samlResponse.CreateAttr("xmlns:samlp", "urn:oasis:names:tc:SAML:1.0:protocol")
 	samlResponse.CreateAttr("MajorVersion", "1")
 	samlResponse.CreateAttr("MinorVersion", "1")
@ -431,11 +444,15 @@ func NewSamlResponse11(user *User, requestID string, host string) *etree.Element
 	subjectConfirmationInAttribute := subjectInAttribute.CreateElement("saml:SubjectConfirmation")
 	subjectConfirmationInAttribute.CreateElement("saml:ConfirmationMethod").SetText("urn:oasis:names:tc:SAML:1.0:cm:artifact")

-	data, _ := json.Marshal(user)
-	tmp := map[string]string{}
-	err := json.Unmarshal(data, &tmp)
+	data, err := json.Marshal(user)
 	if err != nil {
-		panic(err)
+		return nil, err
+	}
+
+	tmp := map[string]string{}
+	err = json.Unmarshal(data, &tmp)
+	if err != nil {
+		return nil, err
 	}

 	for k, v := range tmp {
@ -447,7 +464,7 @@ func NewSamlResponse11(user *User, requestID string, host string) *etree.Element
 		}
 	}

-	return samlResponse
+	return samlResponse, nil
 }

 func GetSamlRedirectAddress(owner string, application string, relayState string, samlRequest string, host string) string {
--- a/object/storage.go
+++ b/object/storage.go
@ -109,14 +109,17 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool

 func getStorageProvider(provider *Provider, lang string) (oss.StorageInterface, error) {
 	endpoint := getProviderEndpoint(provider)
-	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
+	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
+	if err != nil {
+		return nil, err
+	}
 	if storageProvider == nil {
 		return nil, fmt.Errorf(i18n.Translate(lang, "storage:The provider type: %s is not supported"), provider.Type)
 	}

 	if provider.Domain == "" {
 		provider.Domain = storageProvider.GetEndpoint()
-		_, err := UpdateProvider(provider.GetId(), provider)
+		_, err = UpdateProvider(provider.GetId(), provider)
 		if err != nil {
 			return nil, err
 		}
--- a/object/token.go
+++ b/object/token.go
@ -16,33 +16,13 @@ package object

 import (
 	"crypto/sha256"
-	"encoding/base64"
 	"encoding/hex"
 	"fmt"
-	"time"

-	"github.com/casdoor/casdoor/i18n"
-	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )

-const (
-	hourSeconds          = int(time.Hour / time.Second)
-	InvalidRequest       = "invalid_request"
-	InvalidClient        = "invalid_client"
-	InvalidGrant         = "invalid_grant"
-	UnauthorizedClient   = "unauthorized_client"
-	UnsupportedGrantType = "unsupported_grant_type"
-	InvalidScope         = "invalid_scope"
-	EndpointError        = "endpoint_error"
-)
-
-type Code struct {
-	Message string `xorm:"varchar(100)" json:"message"`
-	Code    string `xorm:"varchar(100)" json:"code"`
-}
-
 type Token struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@ -65,35 +45,6 @@ type Token struct {
 	CodeExpireIn     int64  `json:"codeExpireIn"`
 }

-type TokenWrapper struct {
-	AccessToken  string `json:"access_token"`
-	IdToken      string `json:"id_token"`
-	RefreshToken string `json:"refresh_token"`
-	TokenType    string `json:"token_type"`
-	ExpiresIn    int    `json:"expires_in"`
-	Scope        string `json:"scope"`
-}
-
-type TokenError struct {
-	Error            string `json:"error"`
-	ErrorDescription string `json:"error_description,omitempty"`
-}
-
-type IntrospectionResponse struct {
-	Active    bool     `json:"active"`
-	Scope     string   `json:"scope,omitempty"`
-	ClientId  string   `json:"client_id,omitempty"`
-	Username  string   `json:"username,omitempty"`
-	TokenType string   `json:"token_type,omitempty"`
-	Exp       int64    `json:"exp,omitempty"`
-	Iat       int64    `json:"iat,omitempty"`
-	Nbf       int64    `json:"nbf,omitempty"`
-	Sub       string   `json:"sub,omitempty"`
-	Aud       []string `json:"aud,omitempty"`
-	Iss       string   `json:"iss,omitempty"`
-	Jti       string   `json:"jti,omitempty"`
-}
-
 func GetTokenCount(owner, organization, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
 	return session.Count(&Token{Organization: organization})
@ -279,659 +230,3 @@ func DeleteToken(token *Token) (bool, error) {

 	return affected != 0, nil
 }
-
-func ExpireTokenByAccessToken(accessToken string) (bool, *Application, *Token, error) {
-	token, err := GetTokenByAccessToken(accessToken)
-	if err != nil {
-		return false, nil, nil, err
-	}
-	if token == nil {
-		return false, nil, nil, nil
-	}
-
-	token.ExpiresIn = 0
-	affected, err := ormer.Engine.ID(core.PK{token.Owner, token.Name}).Cols("expires_in").Update(token)
-	if err != nil {
-		return false, nil, nil, err
-	}
-
-	application, err := getApplication(token.Owner, token.Application)
-	if err != nil {
-		return false, nil, nil, err
-	}
-
-	return affected != 0, application, token, nil
-}
-
-func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string, lang string) (string, *Application, error) {
-	if responseType != "code" && responseType != "token" && responseType != "id_token" {
-		return fmt.Sprintf(i18n.Translate(lang, "token:Grant_type: %s is not supported in this application"), responseType), nil, nil
-	}
-
-	application, err := GetApplicationByClientId(clientId)
-	if err != nil {
-		return "", nil, err
-	}
-
-	if application == nil {
-		return i18n.Translate(lang, "token:Invalid client_id"), nil, nil
-	}
-
-	if !application.IsRedirectUriValid(redirectUri) {
-		return fmt.Sprintf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri), application, nil
-	}
-
-	// Mask application for /api/get-app-login
-	application.ClientSecret = ""
-	return "", application, nil
-}
-
-func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string, nonce string, challenge string, host string, lang string) (*Code, error) {
-	user, err := GetUser(userId)
-	if err != nil {
-		return nil, err
-	}
-
-	if user == nil {
-		return &Code{
-			Message: fmt.Sprintf("general:The user: %s doesn't exist", userId),
-			Code:    "",
-		}, nil
-	}
-	if user.IsForbidden {
-		return &Code{
-			Message: "error: the user is forbidden to sign in, please contact the administrator",
-			Code:    "",
-		}, nil
-	}
-
-	msg, application, err := CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, lang)
-	if err != nil {
-		return nil, err
-	}
-
-	if msg != "" {
-		return &Code{
-			Message: msg,
-			Code:    "",
-		}, nil
-	}
-
-	err = ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		return nil, err
-	}
-	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host)
-	if err != nil {
-		return nil, err
-	}
-
-	if challenge == "null" {
-		challenge = ""
-	}
-
-	token := &Token{
-		Owner:         application.Owner,
-		Name:          tokenName,
-		CreatedTime:   util.GetCurrentTime(),
-		Application:   application.Name,
-		Organization:  user.Owner,
-		User:          user.Name,
-		Code:          util.GenerateClientId(),
-		AccessToken:   accessToken,
-		RefreshToken:  refreshToken,
-		ExpiresIn:     application.ExpireInHours * hourSeconds,
-		Scope:         scope,
-		TokenType:     "Bearer",
-		CodeChallenge: challenge,
-		CodeIsUsed:    false,
-		CodeExpireIn:  time.Now().Add(time.Minute * 5).Unix(),
-	}
-	_, err = AddToken(token)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Code{
-		Message: "",
-		Code:    token.Code,
-	}, nil
-}
-
-func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string, refreshToken string, tag string, avatar string, lang string) (interface{}, error) {
-	application, err := GetApplicationByClientId(clientId)
-	if err != nil {
-		return nil, err
-	}
-
-	if application == nil {
-		return &TokenError{
-			Error:            InvalidClient,
-			ErrorDescription: "client_id is invalid",
-		}, nil
-	}
-
-	// Check if grantType is allowed in the current application
-
-	if !IsGrantTypeValid(grantType, application.GrantTypes) && tag == "" {
-		return &TokenError{
-			Error:            UnsupportedGrantType,
-			ErrorDescription: fmt.Sprintf("grant_type: %s is not supported in this application", grantType),
-		}, nil
-	}
-
-	var token *Token
-	var tokenError *TokenError
-	switch grantType {
-	case "authorization_code": // Authorization Code Grant
-		token, tokenError, err = GetAuthorizationCodeToken(application, clientSecret, code, verifier)
-	case "password": //	Resource Owner Password Credentials Grant
-		token, tokenError, err = GetPasswordToken(application, username, password, scope, host)
-	case "client_credentials": // Client Credentials Grant
-		token, tokenError, err = GetClientCredentialsToken(application, clientSecret, scope, host)
-	case "refresh_token":
-		refreshToken2, err := RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
-		if err != nil {
-			return nil, err
-		}
-		return refreshToken2, nil
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	if tag == "wechat_miniprogram" {
-		// Wechat Mini Program
-		token, tokenError, err = GetWechatMiniProgramToken(application, code, host, username, avatar, lang)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if tokenError != nil {
-		return tokenError, nil
-	}
-
-	token.CodeIsUsed = true
-
-	go updateUsedByCode(token)
-
-	tokenWrapper := &TokenWrapper{
-		AccessToken:  token.AccessToken,
-		IdToken:      token.AccessToken,
-		RefreshToken: token.RefreshToken,
-		TokenType:    token.TokenType,
-		ExpiresIn:    token.ExpiresIn,
-		Scope:        token.Scope,
-	}
-
-	return tokenWrapper, nil
-}
-
-func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) (interface{}, error) {
-	// check parameters
-	if grantType != "refresh_token" {
-		return &TokenError{
-			Error:            UnsupportedGrantType,
-			ErrorDescription: "grant_type should be refresh_token",
-		}, nil
-	}
-	application, err := GetApplicationByClientId(clientId)
-	if err != nil {
-		return nil, err
-	}
-
-	if application == nil {
-		return &TokenError{
-			Error:            InvalidClient,
-			ErrorDescription: "client_id is invalid",
-		}, nil
-	}
-
-	if clientSecret != "" && application.ClientSecret != clientSecret {
-		return &TokenError{
-			Error:            InvalidClient,
-			ErrorDescription: "client_secret is invalid",
-		}, nil
-	}
-
-	// check whether the refresh token is valid, and has not expired.
-	token, err := GetTokenByRefreshToken(refreshToken)
-	if err != nil || token == nil {
-		return &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "refresh token is invalid, expired or revoked",
-		}, nil
-	}
-
-	cert, err := getCertByApplication(application)
-	if err != nil {
-		return nil, err
-	}
-	if cert == nil {
-		return &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("cert: %s cannot be found", application.Cert),
-		}, nil
-	}
-
-	_, err = ParseJwtToken(refreshToken, cert)
-	if err != nil {
-		return &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
-		}, nil
-	}
-
-	// generate a new token
-	user, err := getUser(application.Organization, token.User)
-	if err != nil {
-		return nil, err
-	}
-
-	if user.IsForbidden {
-		return &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "the user is forbidden to sign in, please contact the administrator",
-		}, nil
-	}
-
-	err = ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		return nil, err
-	}
-
-	newAccessToken, newRefreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
-	if err != nil {
-		return &TokenError{
-			Error:            EndpointError,
-			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
-		}, nil
-	}
-
-	newToken := &Token{
-		Owner:        application.Owner,
-		Name:         tokenName,
-		CreatedTime:  util.GetCurrentTime(),
-		Application:  application.Name,
-		Organization: user.Owner,
-		User:         user.Name,
-		Code:         util.GenerateClientId(),
-		AccessToken:  newAccessToken,
-		RefreshToken: newRefreshToken,
-		ExpiresIn:    application.ExpireInHours * hourSeconds,
-		Scope:        scope,
-		TokenType:    "Bearer",
-	}
-	_, err = AddToken(newToken)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = DeleteToken(token)
-	if err != nil {
-		return nil, err
-	}
-
-	tokenWrapper := &TokenWrapper{
-		AccessToken:  newToken.AccessToken,
-		IdToken:      newToken.AccessToken,
-		RefreshToken: newToken.RefreshToken,
-		TokenType:    newToken.TokenType,
-		ExpiresIn:    newToken.ExpiresIn,
-		Scope:        newToken.Scope,
-	}
-	return tokenWrapper, nil
-}
-
-// PkceChallenge: base64-URL-encoded SHA256 hash of verifier, per rfc 7636
-func pkceChallenge(verifier string) string {
-	sum := sha256.Sum256([]byte(verifier))
-	challenge := base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(sum[:])
-	return challenge
-}
-
-// IsGrantTypeValid
-// Check if grantType is allowed in the current application
-// authorization_code is allowed by default
-func IsGrantTypeValid(method string, grantTypes []string) bool {
-	if method == "authorization_code" {
-		return true
-	}
-	for _, m := range grantTypes {
-		if m == method {
-			return true
-		}
-	}
-	return false
-}
-
-// GetAuthorizationCodeToken
-// Authorization code flow
-func GetAuthorizationCodeToken(application *Application, clientSecret string, code string, verifier string) (*Token, *TokenError, error) {
-	if code == "" {
-		return nil, &TokenError{
-			Error:            InvalidRequest,
-			ErrorDescription: "authorization code should not be empty",
-		}, nil
-	}
-
-	token, err := getTokenByCode(code)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	if token == nil {
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "authorization code is invalid",
-		}, nil
-	}
-	if token.CodeIsUsed {
-		// anti replay attacks
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "authorization code has been used",
-		}, nil
-	}
-
-	if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "verifier is invalid",
-		}, nil
-	}
-
-	if application.ClientSecret != clientSecret {
-		// when using PKCE, the Client Secret can be empty,
-		// but if it is provided, it must be accurate.
-		if token.CodeChallenge == "" {
-			return nil, &TokenError{
-				Error:            InvalidClient,
-				ErrorDescription: "client_secret is invalid",
-			}, nil
-		} else {
-			if clientSecret != "" {
-				return nil, &TokenError{
-					Error:            InvalidClient,
-					ErrorDescription: "client_secret is invalid",
-				}, nil
-			}
-		}
-	}
-
-	if application.Name != token.Application {
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "the token is for wrong application (client_id)",
-		}, nil
-	}
-
-	if time.Now().Unix() > token.CodeExpireIn {
-		// code must be used within 5 minutes
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "authorization code has expired",
-		}, nil
-	}
-	return token, nil, nil
-}
-
-// GetPasswordToken
-// Resource Owner Password Credentials flow
-func GetPasswordToken(application *Application, username string, password string, scope string, host string) (*Token, *TokenError, error) {
-	user, err := GetUserByFields(application.Organization, username)
-	if err != nil {
-		return nil, nil, err
-	}
-	if user == nil {
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "the user does not exist",
-		}, nil
-	}
-
-	if user.Ldap != "" {
-		err = checkLdapUserPassword(user, password, "en")
-	} else {
-		err = CheckPassword(user, password, "en")
-	}
-	if err != nil {
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("invalid username or password: %s", err.Error()),
-		}, nil
-	}
-
-	if user.IsForbidden {
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "the user is forbidden to sign in, please contact the administrator",
-		}, nil
-	}
-
-	err = ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
-	if err != nil {
-		return nil, &TokenError{
-			Error:            EndpointError,
-			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
-		}, nil
-	}
-	token := &Token{
-		Owner:        application.Owner,
-		Name:         tokenName,
-		CreatedTime:  util.GetCurrentTime(),
-		Application:  application.Name,
-		Organization: user.Owner,
-		User:         user.Name,
-		Code:         util.GenerateClientId(),
-		AccessToken:  accessToken,
-		RefreshToken: refreshToken,
-		ExpiresIn:    application.ExpireInHours * hourSeconds,
-		Scope:        scope,
-		TokenType:    "Bearer",
-		CodeIsUsed:   true,
-	}
-	_, err = AddToken(token)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return token, nil, nil
-}
-
-// GetClientCredentialsToken
-// Client Credentials flow
-func GetClientCredentialsToken(application *Application, clientSecret string, scope string, host string) (*Token, *TokenError, error) {
-	if application.ClientSecret != clientSecret {
-		return nil, &TokenError{
-			Error:            InvalidClient,
-			ErrorDescription: "client_secret is invalid",
-		}, nil
-	}
-	nullUser := &User{
-		Owner: application.Owner,
-		Id:    application.GetId(),
-		Name:  application.Name,
-		Type:  "application",
-	}
-
-	accessToken, _, tokenName, err := generateJwtToken(application, nullUser, "", scope, host)
-	if err != nil {
-		return nil, &TokenError{
-			Error:            EndpointError,
-			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
-		}, nil
-	}
-	token := &Token{
-		Owner:        application.Owner,
-		Name:         tokenName,
-		CreatedTime:  util.GetCurrentTime(),
-		Application:  application.Name,
-		Organization: application.Organization,
-		User:         nullUser.Name,
-		Code:         util.GenerateClientId(),
-		AccessToken:  accessToken,
-		ExpiresIn:    application.ExpireInHours * hourSeconds,
-		Scope:        scope,
-		TokenType:    "Bearer",
-		CodeIsUsed:   true,
-	}
-	_, err = AddToken(token)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return token, nil, nil
-}
-
-// GetTokenByUser
-// Implicit flow
-func GetTokenByUser(application *Application, user *User, scope string, nonce string, host string) (*Token, error) {
-	err := ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		return nil, err
-	}
-
-	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host)
-	if err != nil {
-		return nil, err
-	}
-
-	token := &Token{
-		Owner:        application.Owner,
-		Name:         tokenName,
-		CreatedTime:  util.GetCurrentTime(),
-		Application:  application.Name,
-		Organization: user.Owner,
-		User:         user.Name,
-		Code:         util.GenerateClientId(),
-		AccessToken:  accessToken,
-		RefreshToken: refreshToken,
-		ExpiresIn:    application.ExpireInHours * hourSeconds,
-		Scope:        scope,
-		TokenType:    "Bearer",
-		CodeIsUsed:   true,
-	}
-	_, err = AddToken(token)
-	if err != nil {
-		return nil, err
-	}
-
-	return token, nil
-}
-
-// GetWechatMiniProgramToken
-// Wechat Mini Program flow
-func GetWechatMiniProgramToken(application *Application, code string, host string, username string, avatar string, lang string) (*Token, *TokenError, error) {
-	mpProvider := GetWechatMiniProgramProvider(application)
-	if mpProvider == nil {
-		return nil, &TokenError{
-			Error:            InvalidClient,
-			ErrorDescription: "the application does not support wechat mini program",
-		}, nil
-	}
-	provider, err := GetProvider(util.GetId("admin", mpProvider.Name))
-	if err != nil {
-		return nil, nil, err
-	}
-
-	mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
-	session, err := mpIdp.GetSessionByCode(code)
-	if err != nil {
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("get wechat mini program session error: %s", err.Error()),
-		}, nil
-	}
-
-	openId, unionId := session.Openid, session.Unionid
-	if openId == "" && unionId == "" {
-		return nil, &TokenError{
-			Error:            InvalidRequest,
-			ErrorDescription: "the wechat mini program session is invalid",
-		}, nil
-	}
-	user, err := getUserByWechatId(application.Organization, openId, unionId)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	if user == nil {
-		if !application.EnableSignUp {
-			return nil, &TokenError{
-				Error:            InvalidGrant,
-				ErrorDescription: "the application does not allow to sign up new account",
-			}, nil
-		}
-		// Add new user
-		var name string
-		if CheckUsername(username, lang) == "" {
-			name = username
-		} else {
-			name = fmt.Sprintf("wechat-%s", openId)
-		}
-
-		user = &User{
-			Owner:             application.Organization,
-			Id:                util.GenerateId(),
-			Name:              name,
-			Avatar:            avatar,
-			SignupApplication: application.Name,
-			WeChat:            openId,
-			Type:              "normal-user",
-			CreatedTime:       util.GetCurrentTime(),
-			IsAdmin:           false,
-			IsForbidden:       false,
-			IsDeleted:         false,
-			Properties: map[string]string{
-				UserPropertiesWechatOpenId:  openId,
-				UserPropertiesWechatUnionId: unionId,
-			},
-		}
-		_, err = AddUser(user)
-		if err != nil {
-			return nil, nil, err
-		}
-	}
-
-	err = ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", host)
-	if err != nil {
-		return nil, &TokenError{
-			Error:            EndpointError,
-			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
-		}, nil
-	}
-
-	token := &Token{
-		Owner:        application.Owner,
-		Name:         tokenName,
-		CreatedTime:  util.GetCurrentTime(),
-		Application:  application.Name,
-		Organization: user.Owner,
-		User:         user.Name,
-		Code:         session.SessionKey, // a trick, because miniprogram does not use the code, so use the code field to save the session_key
-		AccessToken:  accessToken,
-		RefreshToken: refreshToken,
-		ExpiresIn:    application.ExpireInHours * 60,
-		Scope:        "",
-		TokenType:    "Bearer",
-		CodeIsUsed:   true,
-	}
-	_, err = AddToken(token)
-	if err != nil {
-		return nil, nil, err
-	}
-	return token, nil, nil
-}
--- a/object/token_cas.go
+++ b/object/token_cas.go
@ -256,7 +256,7 @@ func GetValidationBySaml(samlRequest string, host string) (string, string, error

 	ticket := request.AssertionArtifact.InnerXML
 	if ticket == "" {
-		return "", "", fmt.Errorf("samlp:AssertionArtifact field not found")
+		return "", "", fmt.Errorf("request.AssertionArtifact.InnerXML error, AssertionArtifact field not found")
 	}

 	ok, _, service, userId := GetCasTokenByTicket(ticket)
@ -282,7 +282,10 @@ func GetValidationBySaml(samlRequest string, host string) (string, string, error
 		return "", "", fmt.Errorf("application for user %s found", userId)
 	}

-	samlResponse := NewSamlResponse11(user, request.RequestID, host)
+	samlResponse, err := NewSamlResponse11(user, request.RequestID, host)
+	if err != nil {
+		return "", "", err
+	}

 	cert, err := getCertByApplication(application)
 	if err != nil {
--- a/object/token_jwt_key.go
+++ b/object/token_jwt_key.go
@ -15,16 +15,19 @@
 package object

 import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
+	"fmt"
 	"math/big"
 	"time"
 )

-func generateRsaKeys(bitSize int, expireInYears int, commonName string, organization string) (string, string, error) {
+func generateRsaKeys(bitSize int, shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
 	// https://stackoverflow.com/questions/64104586/use-golang-to-get-rsa-key-the-same-way-openssl-genrsa
 	// https://stackoverflow.com/questions/43822945/golang-can-i-create-x509keypair-using-rsa-key

@ -55,6 +58,132 @@ func generateRsaKeys(bitSize int, expireInYears int, commonName string, organiza
 		BasicConstraintsValid: true,
 	}

+	switch shaSize {
+	case 256:
+		tml.SignatureAlgorithm = x509.SHA256WithRSA
+	case 384:
+		tml.SignatureAlgorithm = x509.SHA384WithRSA
+	case 512:
+		tml.SignatureAlgorithm = x509.SHA512WithRSA
+	default:
+		return "", "", fmt.Errorf("generateRsaKeys() error, unsupported SHA size: %d", shaSize)
+	}
+
+	cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
+	if err != nil {
+		return "", "", err
+	}
+
+	// Generate a pem block with the certificate
+	certPem := pem.EncodeToMemory(&pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: cert,
+	})
+
+	return string(certPem), string(privateKeyPem), nil
+}
+
+func generateEsKeys(shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
+	var curve elliptic.Curve
+	switch shaSize {
+	case 256:
+		curve = elliptic.P256()
+	case 384:
+		curve = elliptic.P384()
+	case 512:
+		curve = elliptic.P521() // ES512(P521,SHA512)
+	default:
+		return "", "", fmt.Errorf("generateEsKeys() error, unsupported SHA size: %d", shaSize)
+	}
+
+	// Generate ECDSA key pair.
+	privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
+	if err != nil {
+		return "", "", err
+	}
+
+	// Encode private key to PEM format.
+	privateKeyBytes, err := x509.MarshalECPrivateKey(privateKey)
+	if err != nil {
+		return "", "", err
+	}
+	privateKeyPem := pem.EncodeToMemory(&pem.Block{
+		Type:  "EC PRIVATE KEY",
+		Bytes: privateKeyBytes,
+	})
+
+	// Generate certificate template.
+	template := x509.Certificate{
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().AddDate(expireInYears, 0, 0),
+		SerialNumber: big.NewInt(time.Now().Unix()),
+		Subject: pkix.Name{
+			CommonName:   commonName,
+			Organization: []string{organization},
+		},
+		BasicConstraintsValid: true,
+	}
+
+	// Generate certificate.
+	certBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey)
+	if err != nil {
+		return "", "", err
+	}
+
+	// Encode certificate to PEM format.
+	certPem := pem.EncodeToMemory(&pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	})
+
+	return string(certPem), string(privateKeyPem), nil
+}
+
+func generateRsaPssKeys(bitSize int, shaSize int, expireInYears int, commonName string, organization string) (string, string, error) {
+	// Generate RSA key.
+	key, err := rsa.GenerateKey(rand.Reader, bitSize)
+	if err != nil {
+		return "", "", err
+	}
+
+	// Encode private key to PKCS#8 ASN.1 PEM.
+	privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(key)
+	if err != nil {
+		return "", "", err
+	}
+
+	privateKeyPem := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "RSA PSS PRIVATE KEY",
+			Bytes: privateKeyBytes,
+		},
+	)
+
+	tml := x509.Certificate{
+		// you can add any attr that you need
+		NotBefore: time.Now(),
+		NotAfter:  time.Now().AddDate(expireInYears, 0, 0),
+		// you have to generate a different serial number each execution
+		SerialNumber: big.NewInt(123456),
+		Subject: pkix.Name{
+			CommonName:   commonName,
+			Organization: []string{organization},
+		},
+		BasicConstraintsValid: true,
+	}
+
+	// Set the signature algorithm based on the hash function
+	switch shaSize {
+	case 256:
+		tml.SignatureAlgorithm = x509.SHA256WithRSAPSS
+	case 384:
+		tml.SignatureAlgorithm = x509.SHA384WithRSAPSS
+	case 512:
+		tml.SignatureAlgorithm = x509.SHA512WithRSAPSS
+	default:
+		return "", "", fmt.Errorf("generateRsaPssKeys() error, unsupported SHA size: %d", shaSize)
+	}
+
 	cert, err := x509.CreateCertificate(rand.Reader, &tml, &tml, &key.PublicKey, key)
 	if err != nil {
 		return "", "", err
--- a/object/token_jwt_key_test.go
+++ b/object/token_jwt_key_test.go
@ -23,7 +23,35 @@ import (

 func TestGenerateRsaKeys(t *testing.T) {
 	fileId := "token_jwt_key"
-	certificate, privateKey, err := generateRsaKeys(4096, 20, "Casdoor Cert", "Casdoor Organization")
+	certificate, privateKey, err := generateRsaKeys(4096, 512, 20, "Casdoor Cert", "Casdoor Organization")
+	if err != nil {
+		panic(err)
+	}
+
+	// Write certificate (aka certificate) to file.
+	util.WriteStringToPath(certificate, fmt.Sprintf("%s.pem", fileId))
+
+	// Write private key to file.
+	util.WriteStringToPath(privateKey, fmt.Sprintf("%s.key", fileId))
+}
+
+func TestGenerateEsKeys(t *testing.T) {
+	fileId := "token_jwt_key"
+	certificate, privateKey, err := generateEsKeys(256, 20, "Casdoor Cert", "Casdoor Organization")
+	if err != nil {
+		panic(err)
+	}
+
+	// Write certificate (aka certificate) to file.
+	util.WriteStringToPath(certificate, fmt.Sprintf("%s.pem", fileId))
+
+	// Write private key to file.
+	util.WriteStringToPath(privateKey, fmt.Sprintf("%s.key", fileId))
+}
+
+func TestGenerateRsaPssKeys(t *testing.T) {
+	fileId := "token_jwt_key"
+	certificate, privateKey, err := generateRsaPssKeys(4096, 256, 20, "Casdoor Cert", "Casdoor Organization")
 	if err != nil {
 		panic(err)
 	}
--- a/object/token_oauth.go
+++ b/object/token_oauth.go
@ -0,0 +1,728 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+	"time"
+
+	"github.com/casdoor/casdoor/i18n"
+	"github.com/casdoor/casdoor/idp"
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+const (
+	hourSeconds          = int(time.Hour / time.Second)
+	InvalidRequest       = "invalid_request"
+	InvalidClient        = "invalid_client"
+	InvalidGrant         = "invalid_grant"
+	UnauthorizedClient   = "unauthorized_client"
+	UnsupportedGrantType = "unsupported_grant_type"
+	InvalidScope         = "invalid_scope"
+	EndpointError        = "endpoint_error"
+)
+
+type Code struct {
+	Message string `xorm:"varchar(100)" json:"message"`
+	Code    string `xorm:"varchar(100)" json:"code"`
+}
+
+type TokenWrapper struct {
+	AccessToken  string `json:"access_token"`
+	IdToken      string `json:"id_token"`
+	RefreshToken string `json:"refresh_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+	Scope        string `json:"scope"`
+}
+
+type TokenError struct {
+	Error            string `json:"error"`
+	ErrorDescription string `json:"error_description,omitempty"`
+}
+
+type IntrospectionResponse struct {
+	Active    bool     `json:"active"`
+	Scope     string   `json:"scope,omitempty"`
+	ClientId  string   `json:"client_id,omitempty"`
+	Username  string   `json:"username,omitempty"`
+	TokenType string   `json:"token_type,omitempty"`
+	Exp       int64    `json:"exp,omitempty"`
+	Iat       int64    `json:"iat,omitempty"`
+	Nbf       int64    `json:"nbf,omitempty"`
+	Sub       string   `json:"sub,omitempty"`
+	Aud       []string `json:"aud,omitempty"`
+	Iss       string   `json:"iss,omitempty"`
+	Jti       string   `json:"jti,omitempty"`
+}
+
+func ExpireTokenByAccessToken(accessToken string) (bool, *Application, *Token, error) {
+	token, err := GetTokenByAccessToken(accessToken)
+	if err != nil {
+		return false, nil, nil, err
+	}
+	if token == nil {
+		return false, nil, nil, nil
+	}
+
+	token.ExpiresIn = 0
+	affected, err := ormer.Engine.ID(core.PK{token.Owner, token.Name}).Cols("expires_in").Update(token)
+	if err != nil {
+		return false, nil, nil, err
+	}
+
+	application, err := getApplication(token.Owner, token.Application)
+	if err != nil {
+		return false, nil, nil, err
+	}
+
+	return affected != 0, application, token, nil
+}
+
+func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string, lang string) (string, *Application, error) {
+	if responseType != "code" && responseType != "token" && responseType != "id_token" {
+		return fmt.Sprintf(i18n.Translate(lang, "token:Grant_type: %s is not supported in this application"), responseType), nil, nil
+	}
+
+	application, err := GetApplicationByClientId(clientId)
+	if err != nil {
+		return "", nil, err
+	}
+
+	if application == nil {
+		return i18n.Translate(lang, "token:Invalid client_id"), nil, nil
+	}
+
+	if !application.IsRedirectUriValid(redirectUri) {
+		return fmt.Sprintf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri), application, nil
+	}
+
+	// Mask application for /api/get-app-login
+	application.ClientSecret = ""
+	return "", application, nil
+}
+
+func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string, nonce string, challenge string, host string, lang string) (*Code, error) {
+	user, err := GetUser(userId)
+	if err != nil {
+		return nil, err
+	}
+
+	if user == nil {
+		return &Code{
+			Message: fmt.Sprintf("general:The user: %s doesn't exist", userId),
+			Code:    "",
+		}, nil
+	}
+	if user.IsForbidden {
+		return &Code{
+			Message: "error: the user is forbidden to sign in, please contact the administrator",
+			Code:    "",
+		}, nil
+	}
+
+	msg, application, err := CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, lang)
+	if err != nil {
+		return nil, err
+	}
+
+	if msg != "" {
+		return &Code{
+			Message: msg,
+			Code:    "",
+		}, nil
+	}
+
+	err = ExtendUserWithRolesAndPermissions(user)
+	if err != nil {
+		return nil, err
+	}
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host)
+	if err != nil {
+		return nil, err
+	}
+
+	if challenge == "null" {
+		challenge = ""
+	}
+
+	token := &Token{
+		Owner:         application.Owner,
+		Name:          tokenName,
+		CreatedTime:   util.GetCurrentTime(),
+		Application:   application.Name,
+		Organization:  user.Owner,
+		User:          user.Name,
+		Code:          util.GenerateClientId(),
+		AccessToken:   accessToken,
+		RefreshToken:  refreshToken,
+		ExpiresIn:     application.ExpireInHours * hourSeconds,
+		Scope:         scope,
+		TokenType:     "Bearer",
+		CodeChallenge: challenge,
+		CodeIsUsed:    false,
+		CodeExpireIn:  time.Now().Add(time.Minute * 5).Unix(),
+	}
+	_, err = AddToken(token)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Code{
+		Message: "",
+		Code:    token.Code,
+	}, nil
+}
+
+func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string, refreshToken string, tag string, avatar string, lang string) (interface{}, error) {
+	application, err := GetApplicationByClientId(clientId)
+	if err != nil {
+		return nil, err
+	}
+
+	if application == nil {
+		return &TokenError{
+			Error:            InvalidClient,
+			ErrorDescription: "client_id is invalid",
+		}, nil
+	}
+
+	// Check if grantType is allowed in the current application
+
+	if !IsGrantTypeValid(grantType, application.GrantTypes) && tag == "" {
+		return &TokenError{
+			Error:            UnsupportedGrantType,
+			ErrorDescription: fmt.Sprintf("grant_type: %s is not supported in this application", grantType),
+		}, nil
+	}
+
+	var token *Token
+	var tokenError *TokenError
+	switch grantType {
+	case "authorization_code": // Authorization Code Grant
+		token, tokenError, err = GetAuthorizationCodeToken(application, clientSecret, code, verifier)
+	case "password": //	Resource Owner Password Credentials Grant
+		token, tokenError, err = GetPasswordToken(application, username, password, scope, host)
+	case "client_credentials": // Client Credentials Grant
+		token, tokenError, err = GetClientCredentialsToken(application, clientSecret, scope, host)
+	case "refresh_token":
+		refreshToken2, err := RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
+		if err != nil {
+			return nil, err
+		}
+		return refreshToken2, nil
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if tag == "wechat_miniprogram" {
+		// Wechat Mini Program
+		token, tokenError, err = GetWechatMiniProgramToken(application, code, host, username, avatar, lang)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if tokenError != nil {
+		return tokenError, nil
+	}
+
+	token.CodeIsUsed = true
+
+	go updateUsedByCode(token)
+
+	tokenWrapper := &TokenWrapper{
+		AccessToken:  token.AccessToken,
+		IdToken:      token.AccessToken,
+		RefreshToken: token.RefreshToken,
+		TokenType:    token.TokenType,
+		ExpiresIn:    token.ExpiresIn,
+		Scope:        token.Scope,
+	}
+
+	return tokenWrapper, nil
+}
+
+func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) (interface{}, error) {
+	// check parameters
+	if grantType != "refresh_token" {
+		return &TokenError{
+			Error:            UnsupportedGrantType,
+			ErrorDescription: "grant_type should be refresh_token",
+		}, nil
+	}
+	application, err := GetApplicationByClientId(clientId)
+	if err != nil {
+		return nil, err
+	}
+
+	if application == nil {
+		return &TokenError{
+			Error:            InvalidClient,
+			ErrorDescription: "client_id is invalid",
+		}, nil
+	}
+
+	if clientSecret != "" && application.ClientSecret != clientSecret {
+		return &TokenError{
+			Error:            InvalidClient,
+			ErrorDescription: "client_secret is invalid",
+		}, nil
+	}
+
+	// check whether the refresh token is valid, and has not expired.
+	token, err := GetTokenByRefreshToken(refreshToken)
+	if err != nil || token == nil {
+		return &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "refresh token is invalid, expired or revoked",
+		}, nil
+	}
+
+	cert, err := getCertByApplication(application)
+	if err != nil {
+		return nil, err
+	}
+	if cert == nil {
+		return &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: fmt.Sprintf("cert: %s cannot be found", application.Cert),
+		}, nil
+	}
+
+	_, err = ParseJwtToken(refreshToken, cert)
+	if err != nil {
+		return &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
+		}, nil
+	}
+
+	// generate a new token
+	user, err := getUser(application.Organization, token.User)
+	if err != nil {
+		return nil, err
+	}
+
+	if user.IsForbidden {
+		return &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "the user is forbidden to sign in, please contact the administrator",
+		}, nil
+	}
+
+	err = ExtendUserWithRolesAndPermissions(user)
+	if err != nil {
+		return nil, err
+	}
+
+	newAccessToken, newRefreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
+	if err != nil {
+		return &TokenError{
+			Error:            EndpointError,
+			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
+		}, nil
+	}
+
+	newToken := &Token{
+		Owner:        application.Owner,
+		Name:         tokenName,
+		CreatedTime:  util.GetCurrentTime(),
+		Application:  application.Name,
+		Organization: user.Owner,
+		User:         user.Name,
+		Code:         util.GenerateClientId(),
+		AccessToken:  newAccessToken,
+		RefreshToken: newRefreshToken,
+		ExpiresIn:    application.ExpireInHours * hourSeconds,
+		Scope:        scope,
+		TokenType:    "Bearer",
+	}
+	_, err = AddToken(newToken)
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = DeleteToken(token)
+	if err != nil {
+		return nil, err
+	}
+
+	tokenWrapper := &TokenWrapper{
+		AccessToken:  newToken.AccessToken,
+		IdToken:      newToken.AccessToken,
+		RefreshToken: newToken.RefreshToken,
+		TokenType:    newToken.TokenType,
+		ExpiresIn:    newToken.ExpiresIn,
+		Scope:        newToken.Scope,
+	}
+	return tokenWrapper, nil
+}
+
+// PkceChallenge: base64-URL-encoded SHA256 hash of verifier, per rfc 7636
+func pkceChallenge(verifier string) string {
+	sum := sha256.Sum256([]byte(verifier))
+	challenge := base64.URLEncoding.WithPadding(base64.NoPadding).EncodeToString(sum[:])
+	return challenge
+}
+
+// IsGrantTypeValid
+// Check if grantType is allowed in the current application
+// authorization_code is allowed by default
+func IsGrantTypeValid(method string, grantTypes []string) bool {
+	if method == "authorization_code" {
+		return true
+	}
+	for _, m := range grantTypes {
+		if m == method {
+			return true
+		}
+	}
+	return false
+}
+
+// GetAuthorizationCodeToken
+// Authorization code flow
+func GetAuthorizationCodeToken(application *Application, clientSecret string, code string, verifier string) (*Token, *TokenError, error) {
+	if code == "" {
+		return nil, &TokenError{
+			Error:            InvalidRequest,
+			ErrorDescription: "authorization code should not be empty",
+		}, nil
+	}
+
+	token, err := getTokenByCode(code)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if token == nil {
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "authorization code is invalid",
+		}, nil
+	}
+	if token.CodeIsUsed {
+		// anti replay attacks
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "authorization code has been used",
+		}, nil
+	}
+
+	if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "verifier is invalid",
+		}, nil
+	}
+
+	if application.ClientSecret != clientSecret {
+		// when using PKCE, the Client Secret can be empty,
+		// but if it is provided, it must be accurate.
+		if token.CodeChallenge == "" {
+			return nil, &TokenError{
+				Error:            InvalidClient,
+				ErrorDescription: "client_secret is invalid",
+			}, nil
+		} else {
+			if clientSecret != "" {
+				return nil, &TokenError{
+					Error:            InvalidClient,
+					ErrorDescription: "client_secret is invalid",
+				}, nil
+			}
+		}
+	}
+
+	if application.Name != token.Application {
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "the token is for wrong application (client_id)",
+		}, nil
+	}
+
+	if time.Now().Unix() > token.CodeExpireIn {
+		// code must be used within 5 minutes
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "authorization code has expired",
+		}, nil
+	}
+	return token, nil, nil
+}
+
+// GetPasswordToken
+// Resource Owner Password Credentials flow
+func GetPasswordToken(application *Application, username string, password string, scope string, host string) (*Token, *TokenError, error) {
+	user, err := GetUserByFields(application.Organization, username)
+	if err != nil {
+		return nil, nil, err
+	}
+	if user == nil {
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "the user does not exist",
+		}, nil
+	}
+
+	if user.Ldap != "" {
+		err = checkLdapUserPassword(user, password, "en")
+	} else {
+		err = CheckPassword(user, password, "en")
+	}
+	if err != nil {
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: fmt.Sprintf("invalid username or password: %s", err.Error()),
+		}, nil
+	}
+
+	if user.IsForbidden {
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "the user is forbidden to sign in, please contact the administrator",
+		}, nil
+	}
+
+	err = ExtendUserWithRolesAndPermissions(user)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
+	if err != nil {
+		return nil, &TokenError{
+			Error:            EndpointError,
+			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
+		}, nil
+	}
+	token := &Token{
+		Owner:        application.Owner,
+		Name:         tokenName,
+		CreatedTime:  util.GetCurrentTime(),
+		Application:  application.Name,
+		Organization: user.Owner,
+		User:         user.Name,
+		Code:         util.GenerateClientId(),
+		AccessToken:  accessToken,
+		RefreshToken: refreshToken,
+		ExpiresIn:    application.ExpireInHours * hourSeconds,
+		Scope:        scope,
+		TokenType:    "Bearer",
+		CodeIsUsed:   true,
+	}
+	_, err = AddToken(token)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return token, nil, nil
+}
+
+// GetClientCredentialsToken
+// Client Credentials flow
+func GetClientCredentialsToken(application *Application, clientSecret string, scope string, host string) (*Token, *TokenError, error) {
+	if application.ClientSecret != clientSecret {
+		return nil, &TokenError{
+			Error:            InvalidClient,
+			ErrorDescription: "client_secret is invalid",
+		}, nil
+	}
+	nullUser := &User{
+		Owner: application.Owner,
+		Id:    application.GetId(),
+		Name:  application.Name,
+		Type:  "application",
+	}
+
+	accessToken, _, tokenName, err := generateJwtToken(application, nullUser, "", scope, host)
+	if err != nil {
+		return nil, &TokenError{
+			Error:            EndpointError,
+			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
+		}, nil
+	}
+	token := &Token{
+		Owner:        application.Owner,
+		Name:         tokenName,
+		CreatedTime:  util.GetCurrentTime(),
+		Application:  application.Name,
+		Organization: application.Organization,
+		User:         nullUser.Name,
+		Code:         util.GenerateClientId(),
+		AccessToken:  accessToken,
+		ExpiresIn:    application.ExpireInHours * hourSeconds,
+		Scope:        scope,
+		TokenType:    "Bearer",
+		CodeIsUsed:   true,
+	}
+	_, err = AddToken(token)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return token, nil, nil
+}
+
+// GetTokenByUser
+// Implicit flow
+func GetTokenByUser(application *Application, user *User, scope string, nonce string, host string) (*Token, error) {
+	err := ExtendUserWithRolesAndPermissions(user)
+	if err != nil {
+		return nil, err
+	}
+
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host)
+	if err != nil {
+		return nil, err
+	}
+
+	token := &Token{
+		Owner:        application.Owner,
+		Name:         tokenName,
+		CreatedTime:  util.GetCurrentTime(),
+		Application:  application.Name,
+		Organization: user.Owner,
+		User:         user.Name,
+		Code:         util.GenerateClientId(),
+		AccessToken:  accessToken,
+		RefreshToken: refreshToken,
+		ExpiresIn:    application.ExpireInHours * hourSeconds,
+		Scope:        scope,
+		TokenType:    "Bearer",
+		CodeIsUsed:   true,
+	}
+	_, err = AddToken(token)
+	if err != nil {
+		return nil, err
+	}
+
+	return token, nil
+}
+
+// GetWechatMiniProgramToken
+// Wechat Mini Program flow
+func GetWechatMiniProgramToken(application *Application, code string, host string, username string, avatar string, lang string) (*Token, *TokenError, error) {
+	mpProvider := GetWechatMiniProgramProvider(application)
+	if mpProvider == nil {
+		return nil, &TokenError{
+			Error:            InvalidClient,
+			ErrorDescription: "the application does not support wechat mini program",
+		}, nil
+	}
+	provider, err := GetProvider(util.GetId("admin", mpProvider.Name))
+	if err != nil {
+		return nil, nil, err
+	}
+
+	mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
+	session, err := mpIdp.GetSessionByCode(code)
+	if err != nil {
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: fmt.Sprintf("get wechat mini program session error: %s", err.Error()),
+		}, nil
+	}
+
+	openId, unionId := session.Openid, session.Unionid
+	if openId == "" && unionId == "" {
+		return nil, &TokenError{
+			Error:            InvalidRequest,
+			ErrorDescription: "the wechat mini program session is invalid",
+		}, nil
+	}
+	user, err := getUserByWechatId(application.Organization, openId, unionId)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if user == nil {
+		if !application.EnableSignUp {
+			return nil, &TokenError{
+				Error:            InvalidGrant,
+				ErrorDescription: "the application does not allow to sign up new account",
+			}, nil
+		}
+		// Add new user
+		var name string
+		if CheckUsername(username, lang) == "" {
+			name = username
+		} else {
+			name = fmt.Sprintf("wechat-%s", openId)
+		}
+
+		user = &User{
+			Owner:             application.Organization,
+			Id:                util.GenerateId(),
+			Name:              name,
+			Avatar:            avatar,
+			SignupApplication: application.Name,
+			WeChat:            openId,
+			Type:              "normal-user",
+			CreatedTime:       util.GetCurrentTime(),
+			IsAdmin:           false,
+			IsForbidden:       false,
+			IsDeleted:         false,
+			Properties: map[string]string{
+				UserPropertiesWechatOpenId:  openId,
+				UserPropertiesWechatUnionId: unionId,
+			},
+		}
+		_, err = AddUser(user)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	err = ExtendUserWithRolesAndPermissions(user)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", host)
+	if err != nil {
+		return nil, &TokenError{
+			Error:            EndpointError,
+			ErrorDescription: fmt.Sprintf("generate jwt token error: %s", err.Error()),
+		}, nil
+	}
+
+	token := &Token{
+		Owner:        application.Owner,
+		Name:         tokenName,
+		CreatedTime:  util.GetCurrentTime(),
+		Application:  application.Name,
+		Organization: user.Owner,
+		User:         user.Name,
+		Code:         session.SessionKey, // a trick, because miniprogram does not use the code, so use the code field to save the session_key
+		AccessToken:  accessToken,
+		RefreshToken: refreshToken,
+		ExpiresIn:    application.ExpireInHours * 60,
+		Scope:        "",
+		TokenType:    "Bearer",
+		CodeIsUsed:   true,
+	}
+	_, err = AddToken(token)
+	if err != nil {
+		return nil, nil, err
+	}
+	return token, nil, nil
+}
--- a/object/transaction.go
+++ b/object/transaction.go
@ -0,0 +1,144 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+type Transaction struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+	// Transaction Provider Info
+	Provider string `xorm:"varchar(100)" json:"provider"`
+	Category string `xorm:"varchar(100)" json:"category"`
+	Type     string `xorm:"varchar(100)" json:"type"`
+	// Product Info
+	ProductName        string  `xorm:"varchar(100)" json:"productName"`
+	ProductDisplayName string  `xorm:"varchar(100)" json:"productDisplayName"`
+	Detail             string  `xorm:"varchar(255)" json:"detail"`
+	Tag                string  `xorm:"varchar(100)" json:"tag"`
+	Currency           string  `xorm:"varchar(100)" json:"currency"`
+	Amount             float64 `json:"amount"`
+	ReturnUrl          string  `xorm:"varchar(1000)" json:"returnUrl"`
+	// User Info
+	User        string `xorm:"varchar(100)" json:"user"`
+	Application string `xorm:"varchar(100)" json:"application"`
+	Payment     string `xorm:"varchar(100)" json:"payment"`
+
+	State string `xorm:"varchar(100)" json:"state"`
+}
+
+func GetTransactionCount(owner, field, value string) (int64, error) {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	return session.Count(&Transaction{Owner: owner})
+}
+
+func GetTransactions(owner string) ([]*Transaction, error) {
+	transactions := []*Transaction{}
+	err := ormer.Engine.Desc("created_time").Find(&transactions, &Transaction{Owner: owner})
+	if err != nil {
+		return nil, err
+	}
+
+	return transactions, nil
+}
+
+func GetUserTransactions(owner, user string) ([]*Transaction, error) {
+	transactions := []*Transaction{}
+	err := ormer.Engine.Desc("created_time").Find(&transactions, &Transaction{Owner: owner, User: user})
+	if err != nil {
+		return nil, err
+	}
+
+	return transactions, nil
+}
+
+func GetPaginationTransactions(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Transaction, error) {
+	transactions := []*Transaction{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&transactions, &Transaction{Owner: owner})
+	if err != nil {
+		return nil, err
+	}
+
+	return transactions, nil
+}
+
+func getTransaction(owner string, name string) (*Transaction, error) {
+	if owner == "" || name == "" {
+		return nil, nil
+	}
+
+	transaction := Transaction{Owner: owner, Name: name}
+	existed, err := ormer.Engine.Get(&transaction)
+	if err != nil {
+		return nil, err
+	}
+
+	if existed {
+		return &transaction, nil
+	} else {
+		return nil, nil
+	}
+}
+
+func GetTransaction(id string) (*Transaction, error) {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getTransaction(owner, name)
+}
+
+func UpdateTransaction(id string, transaction *Transaction) (bool, error) {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if p, err := getTransaction(owner, name); err != nil {
+		return false, err
+	} else if p == nil {
+		return false, nil
+	}
+
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(transaction)
+	if err != nil {
+		return false, err
+	}
+
+	return affected != 0, nil
+}
+
+func AddTransaction(transaction *Transaction) (bool, error) {
+	affected, err := ormer.Engine.Insert(transaction)
+	if err != nil {
+		return false, err
+	}
+
+	return affected != 0, nil
+}
+
+func DeleteTransaction(transaction *Transaction) (bool, error) {
+	affected, err := ormer.Engine.ID(core.PK{transaction.Owner, transaction.Name}).Delete(&Transaction{})
+	if err != nil {
+		return false, err
+	}
+
+	return affected != 0, nil
+}
+
+func (transaction *Transaction) GetId() string {
+	return fmt.Sprintf("%s/%s", transaction.Owner, transaction.Name)
+}
--- a/object/user.go
+++ b/object/user.go
@ -86,6 +86,8 @@ type User struct {
 	Score             int      `json:"score"`
 	Karma             int      `json:"karma"`
 	Ranking           int      `json:"ranking"`
+	Balance           float64  `json:"balance"`
+	Currency          string   `xorm:"varchar(100)" json:"currency"`
 	IsDefaultAvatar   bool     `json:"isDefaultAvatar"`
 	IsOnline          bool     `json:"isOnline"`
 	IsAdmin           bool     `json:"isAdmin"`
@ -188,6 +190,7 @@ type User struct {
 	MultiFactorAuths    []*MfaProps           `xorm:"-" json:"multiFactorAuths,omitempty"`
 	Invitation          string                `xorm:"varchar(100) index" json:"invitation"`
 	InvitationCode      string                `xorm:"varchar(100) index" json:"invitationCode"`
+	FaceIds             []*FaceId             `json:"faceIds"`

 	Ldap       string            `xorm:"ldap varchar(100)" json:"ldap"`
 	Properties map[string]string `json:"properties"`
@ -214,6 +217,8 @@ type Userinfo struct {
 	Address       string   `json:"address,omitempty"`
 	Phone         string   `json:"phone,omitempty"`
 	Groups        []string `json:"groups,omitempty"`
+	Roles         []string `json:"roles,omitempty"`
+	Permissions   []string `json:"permissions,omitempty"`
 }

 type ManagedAccount struct {
@ -223,6 +228,11 @@ type ManagedAccount struct {
 	SigninUrl   string `xorm:"varchar(200)" json:"signinUrl"`
 }

+type FaceId struct {
+	Name       string    `xorm:"varchar(100) notnull pk" json:"name"`
+	FaceIdData []float64 `json:"faceIdData"`
+}
+
 func GetUserFieldStringValue(user *User, fieldName string) (bool, string, error) {
 	val := reflect.ValueOf(*user)
 	fieldValue := val.FieldByName(fieldName)
@ -663,7 +673,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		columns = []string{
 			"owner", "display_name", "avatar", "first_name", "last_name",
 			"location", "address", "country_code", "region", "language", "affiliation", "title", "id_card_type", "id_card", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
-			"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
+			"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts", "face_ids",
 			"signin_wrong_times", "last_signin_wrong_time", "groups", "access_key", "access_secret",
 			"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
 			"baidu", "alipay", "casdoor", "infoflow", "apple", "azuread", "azureadb2c", "slack", "steam", "bilibili", "okta", "douyin", "line", "amazon",
@ -675,7 +685,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		}
 	}
 	if isAdmin {
-		columns = append(columns, "name", "email", "phone", "country_code", "type")
+		columns = append(columns, "name", "id", "email", "phone", "country_code", "type")
 	}

 	columns = append(columns, "updated_time")
@ -912,7 +922,7 @@ func DeleteUser(user *User) (bool, error) {
 	return affected != 0, nil
 }

-func GetUserInfo(user *User, scope string, aud string, host string) *Userinfo {
+func GetUserInfo(user *User, scope string, aud string, host string) (*Userinfo, error) {
 	_, originBackend := getOriginFromHost(host)

 	resp := Userinfo{
@ -920,24 +930,44 @@ func GetUserInfo(user *User, scope string, aud string, host string) *Userinfo {
 		Iss: originBackend,
 		Aud: aud,
 	}
+
 	if strings.Contains(scope, "profile") {
 		resp.Name = user.Name
 		resp.DisplayName = user.DisplayName
 		resp.Avatar = user.Avatar
 		resp.Groups = user.Groups
+
+		err := ExtendUserWithRolesAndPermissions(user)
+		if err != nil {
+			return nil, err
+		}
+
+		resp.Roles = []string{}
+		for _, role := range user.Roles {
+			resp.Roles = append(resp.Roles, role.Name)
+		}
+
+		resp.Permissions = []string{}
+		for _, permission := range user.Permissions {
+			resp.Permissions = append(resp.Permissions, permission.Name)
+		}
 	}
+
 	if strings.Contains(scope, "email") {
 		resp.Email = user.Email
 		// resp.EmailVerified = user.EmailVerified
 		resp.EmailVerified = true
 	}
+
 	if strings.Contains(scope, "address") {
 		resp.Address = user.Location
 	}
+
 	if strings.Contains(scope, "phone") {
 		resp.Phone = user.Phone
 	}
-	return &resp
+
+	return &resp, nil
 }

 func LinkUserAccount(user *User, field string, value string) (bool, error) {
--- a/object/user_util.go
+++ b/object/user_util.go
@ -387,6 +387,11 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		itemsChanged = append(itemsChanged, item)
 	}

+	if newUser.FaceIds != nil {
+		item := GetAccountItemByName("Face ID", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
 	if oldUser.IsAdmin != newUser.IsAdmin {
 		item := GetAccountItemByName("Is admin", organization)
 		itemsChanged = append(itemsChanged, item)
--- a/object/verification.go
+++ b/object/verification.go
@ -17,6 +17,7 @@ package object
 import (
 	"errors"
 	"fmt"
+	"math"
 	"math/rand"
 	"strings"
 	"time"
@ -236,6 +237,28 @@ func CheckSigninCode(user *User, dest, code, lang string) error {
 	}
 }

+func CheckFaceId(user *User, faceId []float64, lang string) error {
+	if len(user.FaceIds) == 0 {
+		return fmt.Errorf(i18n.Translate(lang, "check:Face data does not exist, cannot log in"))
+	}
+
+	for _, userFaceId := range user.FaceIds {
+		if faceId == nil || len(userFaceId.FaceIdData) != len(faceId) {
+			continue
+		}
+		var sumOfSquares float64
+		for i := 0; i < len(userFaceId.FaceIdData); i++ {
+			diff := userFaceId.FaceIdData[i] - faceId[i]
+			sumOfSquares += diff * diff
+		}
+		if math.Sqrt(sumOfSquares) < 0.25 {
+			return nil
+		}
+	}
+
+	return fmt.Errorf(i18n.Translate(lang, "check:Face data mismatch"))
+}
+
 func GetVerifyType(username string) (verificationCodeType string) {
 	if strings.Contains(username, "@") {
 		return VerifyTypeEmail
--- a/object/webhook.go
+++ b/object/webhook.go
@ -33,12 +33,13 @@ type Webhook struct {

 	Organization string `xorm:"varchar(100) index" json:"organization"`

-	Url            string    `xorm:"varchar(100)" json:"url"`
+	Url            string    `xorm:"varchar(200)" json:"url"`
 	Method         string    `xorm:"varchar(100)" json:"method"`
 	ContentType    string    `xorm:"varchar(100)" json:"contentType"`
 	Headers        []*Header `xorm:"mediumtext" json:"headers"`
 	Events         []string  `xorm:"varchar(1000)" json:"events"`
 	IsUserExtended bool      `json:"isUserExtended"`
+	SingleOrgOnly  bool      `json:"singleOrgOnly"`
 	IsEnabled      bool      `json:"isEnabled"`
 }

--- a/routers/base.go
+++ b/routers/base.go
@ -17,7 +17,6 @@ package routers
 import (
 	"fmt"
 	"net"
-	"net/http"
 	"net/url"
 	"strings"

@ -36,7 +35,7 @@ type Response struct {
 }

 func responseError(ctx *context.Context, error string, data ...interface{}) {
-	ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
+	// ctx.ResponseWriter.WriteHeader(http.StatusForbidden)

 	resp := Response{Status: "error", Msg: error}
 	switch len(data) {
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@ -48,7 +48,7 @@ func CorsFilter(ctx *context.Context) {
 	originHostname := getHostname(origin)
 	host := removePort(ctx.Request.Host)

-	if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "https://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") || strings.HasPrefix(origin, "http://casdoor-app") {
+	if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "https://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") || strings.HasPrefix(origin, "http://casdoor-app") || strings.Contains(origin, ".chromiumapp.org") {
 		setCorsHeaders(ctx, origin)
 		return
 	}
--- a/routers/router.go
+++ b/routers/router.go
@ -221,6 +221,12 @@ func initAPI() {
 	beego.Router("/api/add-subscription", &controllers.ApiController{}, "POST:AddSubscription")
 	beego.Router("/api/delete-subscription", &controllers.ApiController{}, "POST:DeleteSubscription")

+	beego.Router("/api/get-transactions", &controllers.ApiController{}, "GET:GetTransactions")
+	beego.Router("/api/get-transaction", &controllers.ApiController{}, "GET:GetTransaction")
+	beego.Router("/api/update-transaction", &controllers.ApiController{}, "POST:UpdateTransaction")
+	beego.Router("/api/add-transaction", &controllers.ApiController{}, "POST:AddTransaction")
+	beego.Router("/api/delete-transaction", &controllers.ApiController{}, "POST:DeleteTransaction")
+
 	beego.Router("/api/get-system-info", &controllers.ApiController{}, "GET:GetSystemInfo")
 	beego.Router("/api/get-version-info", &controllers.ApiController{}, "GET:GetVersionInfo")
 	beego.Router("/api/health", &controllers.ApiController{}, "GET:Health")
--- a/storage/qiniu_cloud.go
+++ b/storage/qiniu_cloud.go
@ -19,8 +19,8 @@ import (
 	"github.com/casdoor/oss/qiniu"
 )

-func NewQiniuCloudKodoStorageProvider(clientId string, clientSecret string, region string, bucket string, endpoint string) oss.StorageInterface {
-	sp := qiniu.New(&qiniu.Config{
+func NewQiniuCloudKodoStorageProvider(clientId string, clientSecret string, region string, bucket string, endpoint string) (oss.StorageInterface, error) {
+	sp, err := qiniu.New(&qiniu.Config{
 		AccessID:  clientId,
 		AccessKey: clientSecret,
 		Region:    region,
@ -28,5 +28,5 @@ func NewQiniuCloudKodoStorageProvider(clientId string, clientSecret string, regi
 		Endpoint:  endpoint,
 	})

-	return sp
+	return sp, err
 }
--- a/storage/storage.go
+++ b/storage/storage.go
@ -16,27 +16,27 @@ package storage

 import "github.com/casdoor/oss"

-func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string) oss.StorageInterface {
+func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string) (oss.StorageInterface, error) {
 	switch providerType {
 	case "Local File System":
-		return NewLocalFileSystemStorageProvider()
+		return NewLocalFileSystemStorageProvider(), nil
 	case "AWS S3":
-		return NewAwsS3StorageProvider(clientId, clientSecret, region, bucket, endpoint)
+		return NewAwsS3StorageProvider(clientId, clientSecret, region, bucket, endpoint), nil
 	case "MinIO":
-		return NewMinIOS3StorageProvider(clientId, clientSecret, "_", bucket, endpoint)
+		return NewMinIOS3StorageProvider(clientId, clientSecret, "_", bucket, endpoint), nil
 	case "Aliyun OSS":
-		return NewAliyunOssStorageProvider(clientId, clientSecret, region, bucket, endpoint)
+		return NewAliyunOssStorageProvider(clientId, clientSecret, region, bucket, endpoint), nil
 	case "Tencent Cloud COS":
-		return NewTencentCloudCosStorageProvider(clientId, clientSecret, region, bucket, endpoint)
+		return NewTencentCloudCosStorageProvider(clientId, clientSecret, region, bucket, endpoint), nil
 	case "Azure Blob":
-		return NewAzureBlobStorageProvider(clientId, clientSecret, region, bucket, endpoint)
+		return NewAzureBlobStorageProvider(clientId, clientSecret, region, bucket, endpoint), nil
 	case "Qiniu Cloud Kodo":
 		return NewQiniuCloudKodoStorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "Google Cloud Storage":
-		return NewGoogleCloudStorageProvider(clientSecret, bucket, endpoint)
+		return NewGoogleCloudStorageProvider(clientSecret, bucket, endpoint), nil
 	case "Synology":
-		return NewSynologyNasStorageProvider(clientId, clientSecret, endpoint)
+		return NewSynologyNasStorageProvider(clientId, clientSecret, endpoint), nil
 	}

-	return nil
+	return nil, nil
 }
--- a/util/string.go
+++ b/util/string.go
@ -264,6 +264,10 @@ func GetMaskedEmail(email string) string {
 		return ""
 	}

+	if !strings.Contains(email, "@") {
+		return maskString(email)
+	}
+
 	tokens := strings.Split(email, "@")
 	username := maskString(tokens[0])
 	domain := tokens[1]
--- a/web/package.json
+++ b/web/package.json
@ -29,6 +29,7 @@
    "craco-less": "^2.0.0",
    "echarts": "^5.4.3",
    "ethers": "5.6.9",
+    "face-api.js": "^0.22.2",
    "file-saver": "^2.0.5",
    "i18n-iso-countries": "^7.0.0",
    "i18next": "^19.8.9",
@ -50,7 +51,8 @@
    "react-metamask-avatar": "^1.2.1",
    "react-router-dom": "^5.3.3",
    "react-scripts": "5.0.1",
-    "react-social-login-buttons": "^3.4.0"
+    "react-social-login-buttons": "^3.4.0",
+    "react-webcam": "^7.2.0"
  },
  "scripts": {
    "start": "cross-env PORT=7001 craco start",
--- a/web/src/App.js
+++ b/web/src/App.js
@ -34,6 +34,7 @@ const ManagementPage = lazy(() => import("./ManagementPage"));
 const {Footer, Content} = Layout;

 import {setTwoToneColor} from "@ant-design/icons";
+import * as ApplicationBackend from "./backend/ApplicationBackend";

 setTwoToneColor("rgb(87,52,211)");

@ -56,6 +57,7 @@ class App extends Component {
      logo: this.getLogo(storageThemeAlgorithm),
      requiredEnableMfa: false,
      isAiAssistantOpen: false,
+      application: undefined,
    };
    Setting.initServerUrl();
    Auth.initAuthWithConfig({
@ -67,6 +69,7 @@ class App extends Component {
  UNSAFE_componentWillMount() {
    this.updateMenuKey();
    this.getAccount();
+    this.getApplication();
  }

  componentDidUpdate(prevProps, prevState, snapshot) {
@ -150,11 +153,7 @@ class App extends Component {
  }

  getLogo(themes) {
-    if (themes.includes("dark")) {
-      return `${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256_dark.png`;
-    } else {
-      return `${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`;
-    }
+    return Setting.getLogo(themes);
  }

  setLanguage(account) {
@ -190,6 +189,24 @@ class App extends Component {
    }
  };

+  getApplication() {
+    const applicationName = localStorage.getItem("applicationName");
+    if (!applicationName) {
+      return;
+    }
+    ApplicationBackend.getApplication("admin", applicationName)
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
+        this.setState({
+          application: res.data,
+        });
+      });
+  }
+
  getAccount() {
    const params = new URLSearchParams(this.props.location.search);

@ -245,11 +262,17 @@ class App extends Component {
          }
        }>
          {
-            Conf.CustomFooter !== null ? Conf.CustomFooter : (
+            this.state.application?.footerHtml && this.state.application.footerHtml !== "" ?
              <React.Fragment>
-                Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={this.state.logo} /></a>
+                <div dangerouslySetInnerHTML={{__html: this.state.application.footerHtml}} />
              </React.Fragment>
-            )
+              : (
+                Conf.CustomFooter !== null ? Conf.CustomFooter : (
+                  <React.Fragment>
+                  Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={this.state.logo} /></a>
+                  </React.Fragment>
+                )
+              )
          }
        </Footer>
      </React.Fragment>
@ -330,6 +353,11 @@ class App extends Component {
                    <EntryPage
                      account={this.state.account}
                      theme={this.state.themeData}
+                      updateApplication={(application) => {
+                        this.setState({
+                          application: application,
+                        });
+                      }}
                      onLoginSuccess={(redirectUrl) => {
                        if (redirectUrl) {
                          localStorage.setItem("mfaRedirectUrl", redirectUrl);
@ -366,7 +394,7 @@ class App extends Component {
        <FloatButton.BackTop />
        <CustomGithubCorner />
        {
-          <Suspense fallback={<div>loading</div>}>
+          <Suspense fallback={null}>
            <Layout id="parent-area">
              <ManagementPage
                account={this.state.account}
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -760,7 +760,7 @@ class ApplicationEditPage extends React.Component {
        </Row>
        <Row>
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("application:Form CSS"), i18next.t("application:Form CSS - Tooltip"))} :
+            {Setting.getLabel(i18next.t("application:Custom CSS"), i18next.t("application:Custom CSS - Tooltip"))} :
          </Col>
          <Col span={22}>
            <Popover placement="right" content={
@ -772,7 +772,7 @@ class ApplicationEditPage extends React.Component {
                  }}
                />
              </div>
-            } title={i18next.t("application:Form CSS - Edit")} trigger="click">
+            } title={i18next.t("application:Custom CSS - Edit")} trigger="click">
              <Input value={this.state.application.formCss} style={{marginBottom: "10px"}} onChange={e => {
                this.updateApplicationField("formCss", e.target.value);
              }} />
@ -781,7 +781,7 @@ class ApplicationEditPage extends React.Component {
        </Row>
        <Row>
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("application:Form CSS Mobile"), i18next.t("application:Form CSS Mobile - Tooltip"))} :
+            {Setting.getLabel(i18next.t("application:Custom CSS Mobile"), i18next.t("application:Custom CSS Mobile - Tooltip"))} :
          </Col>
          <Col span={22}>
            <Popover placement="right" content={
@ -793,7 +793,7 @@ class ApplicationEditPage extends React.Component {
                  }}
                />
              </div>
-            } title={i18next.t("application:Form CSS Mobile - Edit")} trigger="click">
+            } title={i18next.t("application:Custom CSS Mobile - Edit")} trigger="click">
              <Input value={this.state.application.formCssMobile} style={{marginBottom: "10px"}} onChange={e => {
                this.updateApplicationField("formCssMobile", e.target.value);
              }} />
@ -887,6 +887,38 @@ class ApplicationEditPage extends React.Component {
            </Popover>
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Footer HTML"), i18next.t("application:Footer HTML - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Popover placement="right" content={
+              <div style={{width: "900px", height: "300px"}} >
+                <CodeMirror
+                  value={this.state.application.footerHtml}
+                  options={{mode: "htmlmixed", theme: "material-darker"}}
+                  onBeforeChange={(editor, data, value) => {
+                    this.updateApplicationField("footerHtml", value);
+                  }}
+                />
+              </div>
+            } title={i18next.t("application:Footer HTML - Edit")} trigger="click">
+              <Input value={this.state.application.footerHtml} style={{marginBottom: "10px"}} onChange={e => {
+                this.updateApplicationField("footerHtml", e.target.value);
+              }} />
+            </Popover>
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          </Col>
+          <Button style={{marginLeft: "10px", marginBottom: "5px"}} onClick={() => this.updateApplicationField("footerHtml", Setting.getDefaultFooterContent())} >
+            {i18next.t("provider:Reset to Default HTML")}
+          </Button>
+          <Button style={{marginLeft: "10px", marginBottom: "5px"}} onClick={() => this.updateApplicationField("footerHtml", Setting.getEmptyFooterContent())} >
+            {i18next.t("application:Reset to Empty")}
+          </Button>
+        </Row>
        {
          <React.Fragment>
            <Row style={{marginTop: "20px"}} >
@ -1049,7 +1081,7 @@ class ApplicationEditPage extends React.Component {
  submitApplicationEdit(exitAfterSave) {
    const application = Setting.deepCopy(this.state.application);
    application.providers = application.providers?.filter(provider => this.state.providers.map(provider => provider.name).includes(provider.name));
-    application.signinMethods = application.signinMethods?.filter(signinMethod => ["Password", "Verification code", "WebAuthn", "LDAP"].includes(signinMethod.name));
+    application.signinMethods = application.signinMethods?.filter(signinMethod => ["Password", "Verification code", "WebAuthn", "LDAP", "Face ID"].includes(signinMethod.name));

    ApplicationBackend.updateApplication("admin", this.state.applicationName, application)
      .then((res) => {
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@ -171,48 +171,54 @@ class CertEditPage extends React.Component {
          <Col span={22} >
            <Select virtual={false} style={{width: "100%"}} value={this.state.cert.cryptoAlgorithm} onChange={(value => {
              this.updateCertField("cryptoAlgorithm", value);
-              if (value === "RS256") {
-                this.updateCertField("bitSize", 2048);
-              } else if (value === "HS256" || value === "ES256") {
-                this.updateCertField("bitSize", 256);
-              } else if (value === "ES384") {
-                this.updateCertField("bitSize", 384);
-              } else if (value === "ES521") {
-                this.updateCertField("bitSize", 521);
-              } else {
+
+              if (value.startsWith("ES")) {
                this.updateCertField("bitSize", 0);
+              } else {
+                if (this.state.cert.bitSize !== 1024 && this.state.cert.bitSize !== 2048 && this.state.cert.bitSize !== 4096) {
+                  this.updateCertField("bitSize", 2048);
+                }
              }
+
              this.updateCertField("certificate", "");
              this.updateCertField("privateKey", "");
            })}>
              {
                [
                  {id: "RS256", name: "RS256 (RSA + SHA256)"},
-                  {id: "HS256", name: "HS256 (HMAC + SHA256)"},
+                  {id: "RS384", name: "RS384 (RSA + SHA384)"},
+                  {id: "RS512", name: "RS512 (RSA + SHA512)"},
                  {id: "ES256", name: "ES256 (ECDSA using P-256 + SHA256)"},
-                  {id: "ES384", name: "ES384 (ECDSA using P-384 + SHA256)"},
-                  {id: "ES521", name: "ES521 (ECDSA using P-521 + SHA256)"},
+                  {id: "ES384", name: "ES384 (ECDSA using P-384 + SHA384)"},
+                  {id: "ES512", name: "ES512 (ECDSA using P-521 + SHA512)"},
+                  {id: "PS256", name: "PS256 (RSASSA-PSS using SHA256 and MGF1 with SHA256)"},
+                  {id: "PS384", name: "PS384 (RSASSA-PSS using SHA384 and MGF1 with SHA384)"},
+                  {id: "PS512", name: "PS512 (RSASSA-PSS using SHA512 and MGF1 with SHA512)"},
                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
              }
            </Select>
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("cert:Bit size"), i18next.t("cert:Bit size - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.cert.bitSize} onChange={(value => {
-              this.updateCertField("bitSize", value);
-              this.updateCertField("certificate", "");
-              this.updateCertField("privateKey", "");
-            })}>
-              {
-                Setting.getCryptoAlgorithmOptions(this.state.cert.cryptoAlgorithm).map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
-              }
-            </Select>
-          </Col>
-        </Row>
+        {
+          this.state.cert.cryptoAlgorithm.startsWith("ES") ? null : (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("cert:Bit size"), i18next.t("cert:Bit size - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Select virtual={false} style={{width: "100%"}} value={this.state.cert.bitSize} onChange={(value => {
+                  this.updateCertField("bitSize", value);
+                  this.updateCertField("certificate", "");
+                  this.updateCertField("privateKey", "");
+                })}>
+                  {
+                    Setting.getCryptoAlgorithmOptions(this.state.cert.cryptoAlgorithm).map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+                  }
+                </Select>
+              </Col>
+            </Row>
+          )
+        }
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("cert:Expire in years"), i18next.t("cert:Expire in years - Tooltip"))} :
--- a/web/src/EntryPage.js
+++ b/web/src/EntryPage.js
@ -69,6 +69,9 @@ class EntryPage extends React.Component {
      });
      const themeData = application !== null ? Setting.getThemeData(application.organizationObj, application) : Conf.ThemeDefault;
      this.props.updataThemeData(themeData);
+      this.props.updateApplication(application);
+
+      localStorage.setItem("applicationName", application.name);
    };

    const onUpdatePricing = (pricing) => {
--- a/web/src/ManagementPage.js
+++ b/web/src/ManagementPage.js
@ -90,6 +90,8 @@ import AccountAvatar from "./account/AccountAvatar";
 import {Content, Header} from "antd/es/layout/layout";
 import * as AuthBackend from "./auth/AuthBackend";
 import {clearWeb3AuthToken} from "./auth/Web3Auth";
+import TransactionListPage from "./TransactionListPage";
+import TransactionEditPage from "./TransactionEditPage";

 function ManagementPage(props) {

@ -218,9 +220,29 @@ function ManagementPage(props) {
      return [];
    }

-    const textColor = props.themeAlgorithm.includes("dark") ? "white" : "black";
+    let textColor = "black";
    const twoToneColor = props.themeData.colorPrimary;

+    let logo = props.account.organization.logo ? props.account.organization.logo : Setting.getLogo(props.themeAlgorithm);
+    if (props.themeAlgorithm.includes("dark")) {
+      if (props.account.organization.logoDark) {
+        logo = props.account.organization.logoDark;
+      }
+      textColor = "white";
+    }
+
+    !Setting.isMobile() ? res.push({
+      label:
+            <Link to="/">
+              <img className="logo" src={logo ?? props.logo} alt="logo" />
+            </Link>,
+      disabled: true,
+      style: {
+        padding: 0,
+        height: "auto",
+      },
+    }) : null;
+
    res.push(Setting.getItem(<Link style={{color: textColor}} to="/">{i18next.t("general:Home")}</Link>, "/home", <HomeTwoTone twoToneColor={twoToneColor} />, [
      Setting.getItem(<Link to="/">{i18next.t("general:Dashboard")}</Link>, "/"),
      Setting.getItem(<Link to="/shortcuts">{i18next.t("general:Shortcuts")}</Link>, "/shortcuts"),
@ -279,6 +301,7 @@ function ManagementPage(props) {
        Setting.getItem(<Link to="/plans">{i18next.t("general:Plans")}</Link>, "/plans"),
        Setting.getItem(<Link to="/pricings">{i18next.t("general:Pricings")}</Link>, "/pricings"),
        Setting.getItem(<Link to="/subscriptions">{i18next.t("general:Subscriptions")}</Link>, "/subscriptions"),
+        Setting.getItem(<Link to="/transactions">{i18next.t("general:Transactions")}</Link>, "/transactions"),
      ]));

      if (Setting.isAdminUser(props.account)) {
@ -365,6 +388,8 @@ function ManagementPage(props) {
        <Route exact path="/sysinfo" render={(props) => renderLoginIfNotLoggedIn(<SystemInfo account={account} {...props} />)} />
        <Route exact path="/syncers" render={(props) => renderLoginIfNotLoggedIn(<SyncerListPage account={account} {...props} />)} />
        <Route exact path="/syncers/:syncerName" render={(props) => renderLoginIfNotLoggedIn(<SyncerEditPage account={account} {...props} />)} />
+        <Route exact path="/transactions" render={(props) => renderLoginIfNotLoggedIn(<TransactionListPage account={account} {...props} />)} />
+        <Route exact path="/transactions/:organizationName/:transactionName" render={(props) => renderLoginIfNotLoggedIn(<TransactionEditPage account={account} {...props} />)} />
        <Route exact path="/webhooks" render={(props) => renderLoginIfNotLoggedIn(<WebhookListPage account={account} {...props} />)} />
        <Route exact path="/webhooks/:webhookName" render={(props) => renderLoginIfNotLoggedIn(<WebhookEditPage account={account} {...props} />)} />
        <Route exact path="/ldap/:organizationName/:ldapId" render={(props) => renderLoginIfNotLoggedIn(<LdapEditPage account={account} {...props} />)} />
@ -395,11 +420,6 @@ function ManagementPage(props) {
    <React.Fragment>
      <EnableMfaNotification account={props.account} />
      <Header style={{padding: "0", marginBottom: "3px", backgroundColor: props.themeAlgorithm.includes("dark") ? "black" : "white"}} >
-        {Setting.isMobile() ? null : (
-          <Link to={"/"}>
-            <div className="logo" style={{background: `url(${props.logo})`}} />
-          </Link>
-        )}
        {props.requiredEnableMfa || (Setting.isMobile() ?
          <React.Fragment>
            <Drawer title={i18next.t("general:Close")} placement="left" visible={menuVisible} onClose={onClose}>
@ -421,7 +441,7 @@ function ManagementPage(props) {
            items={getMenuItems()}
            mode={"horizontal"}
            selectedKeys={[props.selectedMenuKey]}
-            style={{position: "absolute", left: "145px", right: menuStyleRight, backgroundColor: props.themeAlgorithm.includes("dark") ? "black" : "white"}}
+            style={{position: "absolute", left: 0, right: menuStyleRight, backgroundColor: props.themeAlgorithm.includes("dark") ? "black" : "white"}}
          />
        )}
        {
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@ -56,6 +56,7 @@ class OrganizationEditPage extends React.Component {
            this.props.history.push("/404");
            return;
          }
+          organization["enableDarkLogo"] = !!organization["logoDark"];

          this.setState({
            organization: organization,
@ -141,6 +142,78 @@ class OrganizationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Enable dark logo"), i18next.t("general:Enable dark logo - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Switch checked={this.state.organization.enableDarkLogo} onChange={e => {
+              this.updateOrganizationField("enableDarkLogo", e);
+              if (!e) {
+                this.updateOrganizationField("logoDark", "");
+              }
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Logo"), i18next.t("general:Logo - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+                {Setting.getLabel(i18next.t("general:URL"), i18next.t("general:URL - Tooltip"))} :
+              </Col>
+              <Col span={23} >
+                <Input prefix={<LinkOutlined />} value={this.state.organization.logo} onChange={e => {
+                  this.updateOrganizationField("logo", e.target.value);
+                }} />
+              </Col>
+            </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+                {i18next.t("general:Preview")}:
+              </Col>
+              <Col span={23}>
+                <a target="_blank" rel="noreferrer" href={this.state.organization.logo}>
+                  <img src={this.state.organization.logo ? this.state.organization.logo : Setting.getLogo([""])} alt={this.state.organization.logo} height={90} style={{background: "white", marginBottom: "20px"}} />
+                </a>
+              </Col>
+            </Row>
+          </Col>
+        </Row>
+        {
+          !this.state.organization.enableDarkLogo ? null : (<Row style={{marginTop: "20px"}}>
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+              {Setting.getLabel(i18next.t("general:Logo dark"), i18next.t("general:Logo dark - Tooltip"))} :
+            </Col>
+            <Col span={22}>
+              <Row style={{marginTop: "20px"}}>
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+                  {Setting.getLabel(i18next.t("general:URL"), i18next.t("general:URL - Tooltip"))} :
+                </Col>
+                <Col span={23}>
+                  <Input prefix={<LinkOutlined />} value={this.state.organization.logoDark} onChange={e => {
+                    this.updateOrganizationField("logoDark", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}}>
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+                  {i18next.t("general:Preview")}:
+                </Col>
+                <Col span={23}>
+                  <a target="_blank" rel="noreferrer" href={this.state.organization.logoDark}>
+                    <img
+                      src={this.state.organization.logoDark ? this.state.organization.logoDark : Setting.getLogo(["dark"])}
+                      alt={this.state.organization.logoDark} height={90}
+                      style={{background: "#141414", marginBottom: "20px"}} />
+                  </a>
+                </Col>
+              </Row>
+            </Col>
+          </Row>)
+        }
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Favicon"), i18next.t("general:Favicon - Tooltip"))} :
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@ -191,7 +191,7 @@ class ProviderEditPage extends React.Component {
        return Setting.getLabel(i18next.t("provider:App key"), i18next.t("provider:App key - Tooltip"));
      } else if (provider.type === "UCloud SMS") {
        return Setting.getLabel(i18next.t("provider:Public key"), i18next.t("provider:Public key - Tooltip"));
-      } else if (provider.type === "Msg91 SMS" || provider.type === "Infobip SMS") {
+      } else if (provider.type === "Msg91 SMS" || provider.type === "Infobip SMS" || provider.type === "OSON SMS") {
        return Setting.getLabel(i18next.t("provider:Sender Id"), i18next.t("provider:Sender Id - Tooltip"));
      } else {
        return Setting.getLabel(i18next.t("provider:Client ID"), i18next.t("provider:Client ID - Tooltip"));
@ -234,7 +234,7 @@ class ProviderEditPage extends React.Component {
        return Setting.getLabel(i18next.t("general:Password"), i18next.t("general:Password - Tooltip"));
      }
    case "SMS":
-      if (provider.type === "Volc Engine SMS" || provider.type === "Amazon SNS" || provider.type === "Baidu Cloud SMS") {
+      if (provider.type === "Volc Engine SMS" || provider.type === "Amazon SNS" || provider.type === "Baidu Cloud SMS" || provider.type === "OSON SMS") {
        return Setting.getLabel(i18next.t("provider:Secret access key"), i18next.t("provider:Secret access key - Tooltip"));
      } else if (provider.type === "Huawei Cloud SMS") {
        return Setting.getLabel(i18next.t("provider:App secret"), i18next.t("provider:AppSecret - Tooltip"));
--- a/web/src/RecordListPage.js
+++ b/web/src/RecordListPage.js
@ -139,10 +139,18 @@ class RecordListPage extends BaseListPage {
        title: i18next.t("general:Request URI"),
        dataIndex: "requestUri",
        key: "requestUri",
-        // width: '300px',
+        // width: "300px",
        sorter: true,
        ...this.getColumnSearchProps("requestUri"),
      },
+      {
+        title: i18next.t("user:Language"),
+        dataIndex: "language",
+        key: "language",
+        width: "90px",
+        sorter: true,
+        ...this.getColumnSearchProps("language"),
+      },
      {
        title: i18next.t("general:Action"),
        dataIndex: "action",
--- a/web/src/ResourceListPage.js
+++ b/web/src/ResourceListPage.js
@ -124,7 +124,7 @@ class ResourceListPage extends BaseListPage {
        ...this.getColumnSearchProps("application"),
        render: (text, record, index) => {
          return (
-            <Link to={`/applications/${record.organization}/${text}`}>
+            <Link to={`/applications/${record.owner}/${text}`}>
              {text}
            </Link>
          );
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@ -89,6 +89,14 @@ export function getAlgorithmNames(themeData) {
  return algorithms;
 }

+export function getLogo(themes) {
+  if (themes.includes("dark")) {
+    return `${StaticBaseUrl}/img/casdoor-logo_1185x256_dark.png`;
+  } else {
+    return `${StaticBaseUrl}/img/casdoor-logo_1185x256.png`;
+  }
+}
+
 export const OtherProviderInfo = {
  SMS: {
    "Aliyun SMS": {
@ -143,6 +151,10 @@ export const OtherProviderInfo = {
      logo: `${StaticBaseUrl}/img/social_msg91.ico`,
      url: "https://control.msg91.com/app/",
    },
+    "OSON SMS": {
+      logo: "https://osonsms.com/images/osonsms-logo.svg",
+      url: "https://osonsms.com/",
+    },
    "Custom HTTP SMS": {
      logo: `${StaticBaseUrl}/img/social_default.png`,
      url: "https://casdoor.org/docs/provider/sms/overview",
@ -703,6 +715,15 @@ export function goToLinkSoft(ths, link) {
  ths.props.history.push(link);
 }

+export function goToLinkSoftOrJumpSelf(ths, link) {
+  if (link.startsWith("http")) {
+    goToLink(link);
+    return;
+  }
+
+  ths.props.history.push(link);
+}
+
 export function showMessage(type, text) {
  if (type === "success") {
    message.success(text);
@ -1005,6 +1026,7 @@ export function getProviderTypeOptions(category) {
        {id: "Azure ACS", name: "Azure ACS"},
        {id: "Custom HTTP SMS", name: "Custom HTTP SMS"},
        {id: "Mock SMS", name: "Mock SMS"},
+        {id: "OSON SMS", name: "OSON SMS"},
        {id: "Infobip SMS", name: "Infobip SMS"},
        {id: "Tencent Cloud SMS", name: "Tencent Cloud SMS"},
        {id: "Baidu Cloud SMS", name: "Baidu Cloud SMS"},
@ -1087,7 +1109,9 @@ export function getProviderTypeOptions(category) {
 }

 export function getCryptoAlgorithmOptions(cryptoAlgorithm) {
-  if (cryptoAlgorithm === "RS256") {
+  if (cryptoAlgorithm.startsWith("ES")) {
+    return [];
+  } else {
    return (
      [
        {id: 1024, name: "1024"},
@ -1095,26 +1119,6 @@ export function getCryptoAlgorithmOptions(cryptoAlgorithm) {
        {id: 4096, name: "4096"},
      ]
    );
-  } else if (cryptoAlgorithm === "HS256" || cryptoAlgorithm === "ES256") {
-    return (
-      [
-        {id: 256, name: "256"},
-      ]
-    );
-  } else if (cryptoAlgorithm === "ES384") {
-    return (
-      [
-        {id: 384, name: "384"},
-      ]
-    );
-  } else if (cryptoAlgorithm === "ES521") {
-    return (
-      [
-        {id: 521, name: "521"},
-      ]
-    );
-  } else {
-    return [];
  }
 }

@ -1160,6 +1164,10 @@ export function isLdapEnabled(application) {
  return isSigninMethodEnabled(application, "LDAP");
 }

+export function isFaceIdEnabled(application) {
+  return isSigninMethodEnabled(application, "Face ID");
+}
+
 export function getLoginLink(application) {
  let url;
  if (application === null) {
@ -1453,6 +1461,19 @@ export function getUserCommonFields() {
    "PreferredMfaType", "TotpSecret", "SignupApplication"];
 }

+export function getDefaultFooterContent() {
+  return "Powered by <a target=\"_blank\" href=\"https://casdoor.org\" rel=\"noreferrer\"><img style=\"padding-bottom: 3px\" height=\"20\" alt=\"Casdoor\" src=\"https://cdn.casbin.org/img/casdoor-logo_1185x256.png\"/></a>";
+}
+
+export function getEmptyFooterContent() {
+  return `<style>
+    #footer {
+        display: none;
+    }
+<style>
+  `;
+}
+
 export function getDefaultHtmlEmailContent() {
  return `<!DOCTYPE html>
 <html lang="en">
--- a/web/src/TransactionEditPage.js
+++ b/web/src/TransactionEditPage.js
@ -0,0 +1,324 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import * as TransactionBackend from "./backend/TransactionBackend";
+import * as Setting from "./Setting";
+import * as ApplicationBackend from "./backend/ApplicationBackend";
+import {Button, Card, Col, Input, Row} from "antd";
+import i18next from "i18next";
+
+class TransactionEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
+      transactionName: props.match.params.transactionName,
+      application: null,
+      transaction: null,
+      providers: [],
+      mode: props.location.mode !== undefined ? props.location.mode : "edit",
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getTransaction();
+  }
+
+  getTransaction() {
+    TransactionBackend.getTransaction(this.state.organizationName, this.state.transactionName)
+      .then((res) => {
+        if (res.data === null) {
+          this.props.history.push("/404");
+          return;
+        }
+
+        this.setState({
+          transaction: res.data,
+        });
+
+        Setting.scrollToDiv("invoice-area");
+      });
+  }
+
+  submitTransactionEdit(exitAfterSave) {
+    const transaction = Setting.deepCopy(this.state.transaction);
+    TransactionBackend.updateTransaction(this.state.transaction.owner, this.state.transactionName, transaction)
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully saved"));
+          this.setState({
+            transactionName: this.state.transaction.name,
+          });
+
+          if (exitAfterSave) {
+            this.props.history.push("/transactions");
+          } else {
+            this.props.history.push(`/transactions/${this.state.organizationName}/${this.state.transaction.name}`);
+          }
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
+          this.updatePaymentField("name", this.state.transactionName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteTransaction() {
+    TransactionBackend.deleteTransaction(this.state.transaction)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push("/transactions");
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  parseTransactionField(key, value) {
+    if ([""].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  getApplication() {
+    ApplicationBackend.getApplication("admin", this.state.applicationName)
+      .then((res) => {
+        if (res.data === null) {
+          this.props.history.push("/404");
+          return;
+        }
+
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
+        const application = res.data;
+        if (application.grantTypes === null || application.grantTypes === undefined || application.grantTypes.length === 0) {
+          application.grantTypes = ["authorization_code"];
+        }
+
+        if (application.tags === null || application.tags === undefined) {
+          application.tags = [];
+        }
+
+        this.setState({
+          application: application,
+        });
+
+        this.getCerts(application.organization);
+
+        this.getSamlMetadata(application.enableSamlPostBinding);
+      });
+  }
+
+  renderTransaction() {
+    return (
+      <Card size="small" title={
+        <div>
+          {this.state.mode === "add" ? i18next.t("transaction:New Transaction") : i18next.t("transaction:Edit Transaction")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitTransactionEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" onClick={() => this.submitTransactionEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteTransaction()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
+        <Row style={{marginTop: "10px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.owner} onChange={e => {
+              // this.updatePaymentField('organization', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.name} onChange={e => {
+              // this.updatePaymentField('name', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.displayName} onChange={e => {
+              this.updatePaymentField("displayName", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Provider"), i18next.t("general:Provider - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.provider} onChange={e => {
+              // this.updatePaymentField('provider', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Category"), i18next.t("provider:Category - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.category} onChange={e => {
+              this.updatePaymentField("displayName", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Type"), i18next.t("payment:Type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.type} onChange={e => {
+              // this.updatePaymentField('type', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("payment:Product"), i18next.t("payment:Product - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.productName} onChange={e => {
+              // this.updatePaymentField('productName', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("product:Detail"), i18next.t("product:Detail - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.detail} onChange={e => {
+              // this.updatePaymentField('currency', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Tag"), i18next.t("transaction:Tag - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.tag} onChange={e => {
+              // this.updatePaymentField('currency', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("payment:Currency"), i18next.t("payment:Currency - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.currency} onChange={e => {
+              // this.updatePaymentField('currency', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("transaction:Amount"), i18next.t("transaction:Amount - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.amount} onChange={e => {
+              // this.updatePaymentField('amount', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("product:Return URL"), i18next.t("product:Return URL - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.user} onChange={e => {
+              // this.updatePaymentField('amount', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:User"), i18next.t("general:User - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.user} onChange={e => {
+              // this.updatePaymentField('amount', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Application"), i18next.t("general:Application - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.application} onChange={e => {
+              // this.updatePaymentField('amount', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Payment"), i18next.t("general:Payment - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.payment} onChange={e => {
+              // this.updatePaymentField('amount', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:State"), i18next.t("general:State - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input disabled={true} value={this.state.transaction.state} onChange={e => {
+              // this.updatePaymentField('state', e.target.value);
+            }} />
+          </Col>
+        </Row>
+      </Card>
+    );
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.transaction !== null ? this.renderTransaction() : null
+        }
+        <div style={{marginTop: "20px", marginLeft: "40px"}}>
+          <Button size="large" onClick={() => this.submitTransactionEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" size="large" onClick={() => this.submitTransactionEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} size="large" onClick={() => this.deleteTransaction()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      </div>
+    );
+  }
+}
+
+export default TransactionEditPage;
--- a/web/src/TransactionListPage.js
+++ b/web/src/TransactionListPage.js
@ -0,0 +1,333 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import BaseListPage from "./BaseListPage";
+import i18next from "i18next";
+import {Link} from "react-router-dom";
+import * as Setting from "./Setting";
+import * as Provider from "./auth/Provider";
+import {Button, Table} from "antd";
+import PopconfirmModal from "./common/modal/PopconfirmModal";
+import React from "react";
+import * as TransactionBackend from "./backend/TransactionBackend";
+import moment from "moment/moment";
+
+class TransactionListPage extends BaseListPage {
+  newTransaction() {
+    const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
+    return {
+      owner: organizationName,
+      name: `transaction_${randomName}`,
+      createdTime: moment().format(),
+      displayName: `New Transaction - ${randomName}`,
+      provider: "provider_pay_paypal",
+      category: "",
+      type: "PayPal",
+      productName: "computer-1",
+      productDisplayName: "A notebook computer",
+      detail: "This is a computer with excellent CPU, memory and disk",
+      tag: "Promotion-1",
+      currency: "USD",
+      amount: 0,
+      returnUrl: "https://door.casdoor.com/transactions",
+      user: "admin",
+      application: "",
+      payment: "payment_bhn1ra",
+      state: "Paid",
+    };
+  }
+
+  deleteTransaction(i) {
+    TransactionBackend.deleteTransaction(this.state.data[i])
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  addTransaction() {
+    const newTransaction = this.newTransaction();
+    TransactionBackend.addTransaction(newTransaction)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push({pathname: `/transactions/${newTransaction.owner}/${newTransaction.name}`, mode: "add"});
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  renderTable(transactions) {
+    const columns = [
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "180px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("name"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/transactions/${record.owner}/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Provider"),
+        dataIndex: "provider",
+        key: "provider",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("provider"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/providers/${record.owner}/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:User"),
+        dataIndex: "user",
+        key: "user",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("user"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${record.owner}/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: "createdTime",
+        key: "createdTime",
+        width: "160px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        },
+      },
+      {
+        title: i18next.t("provider:Type"),
+        dataIndex: "type",
+        key: "type",
+        width: "140px",
+        align: "center",
+        filterMultiple: false,
+        filters: Setting.getProviderTypeOptions("Payment").map((o) => {return {text: o.id, value: o.name};}),
+        sorter: true,
+        render: (text, record, index) => {
+          record.category = "Payment";
+          return Provider.getProviderLogoWidget(record);
+        },
+      },
+      {
+        title: i18next.t("payment:Product"),
+        dataIndex: "productDisplayName",
+        key: "productDisplayName",
+        // width: '160px',
+        sorter: true,
+        ...this.getColumnSearchProps("productDisplayName"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/products/${record.owner}/${record.productName}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("payment:Currency"),
+        dataIndex: "currency",
+        key: "currency",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("currency"),
+      },
+      {
+        title: i18next.t("transaction:Amount"),
+        dataIndex: "amount",
+        key: "amount",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("amount"),
+      },
+      {
+        title: i18next.t("general:User"),
+        dataIndex: "user",
+        key: "user",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("user"),
+      },
+      {
+        title: i18next.t("general:Application"),
+        dataIndex: "application",
+        key: "application",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("application"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/applications/${record.owner}/${record.application}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Payment"),
+        dataIndex: "payment",
+        key: "payment",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("payment"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/payments/${record.owner}/${record.payment}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:State"),
+        dataIndex: "state",
+        key: "state",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("state"),
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: "",
+        key: "op",
+        width: "240px",
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/transactions/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <PopconfirmModal
+                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
+                onConfirm={() => this.deleteTransaction(index)}
+              >
+              </PopconfirmModal>
+            </div>
+          );
+        },
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={transactions} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
+          title={() => (
+            <div>
+              {i18next.t("general:Transactions")}&nbsp;&nbsp;&nbsp;&nbsp;
+              <Button type="primary" size="small" onClick={this.addTransaction.bind(this)}>{i18next.t("general:Add")}</Button>
+            </div>
+          )}
+          loading={this.state.loading}
+          onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({loading: true});
+    TransactionBackend.getTransactions(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        this.setState({
+          loading: false,
+        });
+        if (res.status === "ok") {
+          this.setState({
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        } else {
+          if (Setting.isResponseDenied(res)) {
+            this.setState({
+              isAuthorized: false,
+            });
+          } else {
+            Setting.showMessage("error", res.msg);
+          }
+        }
+      });
+  };
+}
+
+export default TransactionListPage;
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -40,6 +40,7 @@ import {DeleteMfa} from "./backend/MfaBackend";
 import {CheckCircleOutlined, HolderOutlined, UsergroupAddOutlined} from "@ant-design/icons";
 import * as MfaBackend from "./backend/MfaBackend";
 import AccountAvatar from "./account/AccountAvatar";
+import FaceIdTable from "./table/FaceIdTable";

 const {Option} = Select;

@ -59,12 +60,15 @@ class UserEditPage extends React.Component {
      loading: true,
      returnUrl: null,
      idCardInfo: ["ID card front", "ID card back", "ID card with person"],
+      openFaceRecognitionModal: false,
    };
  }

  UNSAFE_componentWillMount() {
    this.getUser();
-    this.getOrganizations();
+    if (Setting.isLocalAdminUser(this.props.account)) {
+      this.getOrganizations();
+    }
    this.getApplicationsByOrganization(this.state.organizationName);
    this.getUserApplication();
    this.setReturnUrl();
@ -199,6 +203,10 @@ class UserEditPage extends React.Component {
  }

  updateUserField(key, value) {
+    if (this.props.account === null) {
+      return;
+    }
+
    value = this.parseUserField(key, value);

    const user = this.state.user;
@ -249,22 +257,8 @@ class UserEditPage extends React.Component {
  };

  renderAccountItem(accountItem) {
-    if (!accountItem.visible) {
-      return null;
-    }
-
    const isAdmin = Setting.isLocalAdminUser(this.props.account);

-    if (accountItem.viewRule === "Self") {
-      if (!this.isSelfOrAdmin()) {
-        return null;
-      }
-    } else if (accountItem.viewRule === "Admin") {
-      if (!isAdmin) {
-        return null;
-      }
-    }
-
    let disabled = false;
    if (accountItem.modifyRule === "Self") {
      if (!this.isSelfOrAdmin()) {
@ -350,7 +344,9 @@ class UserEditPage extends React.Component {
            {Setting.getLabel("ID", i18next.t("general:ID - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Input value={this.state.user.id} disabled={disabled} />
+            <Input value={this.state.user.id} disabled={disabled} onChange={e => {
+              this.updateUserField("id", e.target.value);
+            }} />
          </Col>
        </Row>
      );
@ -980,6 +976,21 @@ class UserEditPage extends React.Component {
          </Col>
        </Row>
      );
+    } else if (accountItem.name === "Face ID") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Face ids"), i18next.t("user:Face ids"))} :
+          </Col>
+          <Col span={22} >
+            <FaceIdTable
+              title={i18next.t("user:Face ids")}
+              table={this.state.user.faceIds}
+              onUpdateTable={(table) => {this.updateUserField("faceIds", table);}}
+            />
+          </Col>
+        </Row>
+      );
    }
  }

@ -999,7 +1010,11 @@ class UserEditPage extends React.Component {
              <div style={{verticalAlign: "middle", marginBottom: 10}}>{`(${i18next.t("general:empty")})`}</div>
            </Col>
        }
-        <CropperDivModal disabled={disabled} tag={tag} setTitle={set} buttonText={`${title}...`} title={title} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />
+        {
+          (this.props.account === null) ? null : (
+            <CropperDivModal disabled={disabled} tag={tag} setTitle={set} buttonText={`${title}...`} title={title} user={this.state.user} organization={this.getUserOrganization()} />
+          )
+        }
      </Col>
    );
  }
@ -1009,7 +1024,7 @@ class UserEditPage extends React.Component {
      <Card size="small" title={
        (this.props.account === null) ? i18next.t("user:User Profile") : (
          <div>
-            {this.state.mode === "add" ? i18next.t("user:New User") : i18next.t("user:Edit User")}&nbsp;&nbsp;&nbsp;&nbsp;
+            {this.state.mode === "add" ? i18next.t("user:New User") : (this.isSelf() ? i18next.t("account:My Account") : i18next.t("user:Edit User"))}&nbsp;&nbsp;&nbsp;&nbsp;
            <Button onClick={() => this.submitUserEdit(false)}>{i18next.t("general:Save")}</Button>
            <Button style={{marginLeft: "20px"}} type="primary" onClick={() => this.submitUserEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
            {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteUser()}>{i18next.t("general:Cancel")}</Button> : null}
@ -1019,6 +1034,21 @@ class UserEditPage extends React.Component {
        <Form>
          {
            this.getUserOrganization()?.accountItems?.map(accountItem => {
+              if (!accountItem.visible) {
+                return null;
+              }
+
+              const isAdmin = Setting.isLocalAdminUser(this.props.account);
+
+              if (accountItem.viewRule === "Self") {
+                if (!this.isSelfOrAdmin()) {
+                  return null;
+                }
+              } else if (accountItem.viewRule === "Admin") {
+                if (!isAdmin) {
+                  return null;
+                }
+              }
              return (
                <React.Fragment key={accountItem.name}>
                  <Form.Item name={accountItem.name}
@ -1089,7 +1119,9 @@ class UserEditPage extends React.Component {
                }
              }
            } else {
-              this.props.history.push(`/users/${this.state.user.owner}/${this.state.user.name}`);
+              if (location.pathname !== "/account") {
+                this.props.history.push(`/users/${this.state.user.owner}/${this.state.user.name}`);
+              }
            }
          } else {
            if (exitAfterSave) {
--- a/web/src/WebhookEditPage.js
+++ b/web/src/WebhookEditPage.js
@ -309,6 +309,16 @@ class WebhookEditPage extends React.Component {
            </div>
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("webhook:Single org only"), i18next.t("webhook:Single org only - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.webhook.singleOrgOnly} onChange={checked => {
+              this.updateWebhookField("singleOrgOnly", checked);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
            {Setting.getLabel(i18next.t("general:Is enabled"), i18next.t("general:Is enabled - Tooltip"))} :
--- a/web/src/WebhookListPage.js
+++ b/web/src/WebhookListPage.js
@ -111,7 +111,7 @@ class WebhookListPage extends BaseListPage {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
        key: "createdTime",
-        width: "180px",
+        width: "150px",
        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
@ -121,7 +121,7 @@ class WebhookListPage extends BaseListPage {
        title: i18next.t("general:URL"),
        dataIndex: "url",
        key: "url",
-        width: "300px",
+        width: "200px",
        sorter: true,
        ...this.getColumnSearchProps("url"),
        render: (text, record, index) => {
@ -138,7 +138,7 @@ class WebhookListPage extends BaseListPage {
        title: i18next.t("general:Method"),
        dataIndex: "method",
        key: "method",
-        width: "120px",
+        width: "100px",
        sorter: true,
        ...this.getColumnSearchProps("method"),
      },
@ -146,7 +146,7 @@ class WebhookListPage extends BaseListPage {
        title: i18next.t("webhook:Content type"),
        dataIndex: "contentType",
        key: "contentType",
-        width: "200px",
+        width: "140px",
        sorter: true,
        filterMultiple: false,
        filters: [
@ -169,7 +169,19 @@ class WebhookListPage extends BaseListPage {
        title: i18next.t("webhook:Is user extended"),
        dataIndex: "isUserExtended",
        key: "isUserExtended",
-        width: "160px",
+        width: "140px",
+        sorter: true,
+        render: (text, record, index) => {
+          return (
+            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
+          );
+        },
+      },
+      {
+        title: i18next.t("webhook:Single org only"),
+        dataIndex: "singleOrgOnly",
+        key: "singleOrgOnly",
+        width: "140px",
        sorter: true,
        render: (text, record, index) => {
          return (
@ -183,6 +195,7 @@ class WebhookListPage extends BaseListPage {
        key: "isEnabled",
        width: "120px",
        sorter: true,
+        fixed: (Setting.isMobile()) ? "false" : "right",
        render: (text, record, index) => {
          return (
            <Switch disabled checkedChildren="ON" unCheckedChildren="OFF" checked={text} />
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@ -172,7 +172,7 @@ class AuthCallback extends React.Component {
            Setting.goToLink(`${oAuthParams.redirectUri}${concatChar}${responseType}=${token}&state=${oAuthParams.state}&token_type=bearer`);
          } else if (responseType === "link") {
            const from = innerParams.get("from");
-            Setting.goToLinkSoft(this, from);
+            Setting.goToLinkSoftOrJumpSelf(this, from);
          } else if (responseType === "saml") {
            if (res.data2.method === "POST") {
              this.setState({
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@ -156,7 +156,7 @@ class ForgetPage extends React.Component {
      if (res.status === "ok") {
        const linkInStorage = sessionStorage.getItem("signinUrl");
        if (linkInStorage !== null && linkInStorage !== "") {
-          Setting.goToLinkSoft(linkInStorage);
+          Setting.goToLinkSoft(this, linkInStorage);
        } else {
          Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
        }
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-import React from "react";
+import React, {Suspense, lazy} from "react";
 import {Button, Checkbox, Col, Form, Input, Result, Spin, Tabs} from "antd";
 import {ArrowLeftOutlined, LockOutlined, UserOutlined} from "@ant-design/icons";
 import {withRouter} from "react-router-dom";
@ -36,6 +36,7 @@ import {CaptchaModal, CaptchaRule} from "../common/modal/CaptchaModal";
 import RedirectForm from "../common/RedirectForm";
 import {MfaAuthVerifyForm, NextMfa, RequiredMfa} from "./mfa/MfaAuthVerifyForm";
 import {GoogleOneTapLoginVirtualButton} from "./GoogleLoginButton";
+const FaceRecognitionModal = lazy(() => import("../common/modal/FaceRecognitionModal"));

 class LoginPage extends React.Component {
  constructor(props) {
@ -52,6 +53,7 @@ class LoginPage extends React.Component {
      validEmail: false,
      enableCaptchaModal: CaptchaRule.Never,
      openCaptchaModal: false,
+      openFaceRecognitionModal: false,
      verifyCaptcha: undefined,
      samlResponse: "",
      relayState: "",
@ -214,6 +216,7 @@ class LoginPage extends React.Component {
      }
      case "WebAuthn": return "webAuthn";
      case "LDAP": return "ldap";
+      case "Face ID": return "faceId";
      }
    }

@ -263,6 +266,8 @@ class LoginPage extends React.Component {
      values["signinMethod"] = "WebAuthn";
    } else if (this.state.loginMethod === "ldap") {
      values["signinMethod"] = "LDAP";
+    } else if (this.state.loginMethod === "faceId") {
+      values["signinMethod"] = "Face ID";
    }
    const oAuthParams = Util.getOAuthGetParameters();

@ -340,6 +345,13 @@ class LoginPage extends React.Component {
      this.signInWithWebAuthn(username, values);
      return;
    }
+    if (this.state.loginMethod === "faceId") {
+      this.setState({
+        openFaceRecognitionModal: true,
+        values: values,
+      });
+      return;
+    }
    if (this.state.loginMethod === "password" || this.state.loginMethod === "ldap") {
      if (this.state.enableCaptchaModal === CaptchaRule.Always) {
        this.setState({
@ -521,6 +533,15 @@ class LoginPage extends React.Component {
        </div>
      );
    } else if (signinItem.name === "Languages") {
+      const languages = application.organizationObj.languages;
+      if (languages.length <= 1) {
+        const language = (languages.length === 1) ? languages[0] : "en";
+        if (Setting.getLanguage() !== language) {
+          Setting.setLanguage(language);
+        }
+        return null;
+      }
+
      return (
        <div className="login-languages">
          <div dangerouslySetInnerHTML={{__html: signinItem.label}} />
@ -648,6 +669,25 @@ class LoginPage extends React.Component {
                i18next.t("login:Sign In")
            }
          </Button>
+          {
+            this.state.loginMethod === "faceId" ?
+              <Suspense fallback={null}>
+                <FaceRecognitionModal
+                  visible={this.state.openFaceRecognitionModal}
+                  onOk={(faceId) => {
+                    const values = this.state.values;
+                    values["faceId"] = faceId;
+
+                    this.login(values);
+                    this.setState({openFaceRecognitionModal: false});
+                  }}
+                  onCancel={() => this.setState({openFaceRecognitionModal: false})}
+                />
+              </Suspense>
+              :
+              <>
+              </>
+          }
          {
            this.renderCaptchaModal(application)
          }
@ -712,7 +752,7 @@ class LoginPage extends React.Component {
      );
    }

-    const showForm = Setting.isPasswordEnabled(application) || Setting.isCodeSigninEnabled(application) || Setting.isWebAuthnEnabled(application) || Setting.isLdapEnabled(application);
+    const showForm = Setting.isPasswordEnabled(application) || Setting.isCodeSigninEnabled(application) || Setting.isWebAuthnEnabled(application) || Setting.isLdapEnabled(application) || Setting.isFaceIdEnabled(application);
    if (showForm) {
      let loginWidth = 320;
      if (Setting.getLanguage() === "fr") {
@ -1020,6 +1060,7 @@ class LoginPage extends React.Component {
      [generateItemKey("Verification code", "Phone only"), {label: i18next.t("login:Verification code"), key: "verificationCodePhone"}],
      [generateItemKey("WebAuthn", "None"), {label: i18next.t("login:WebAuthn"), key: "webAuthn"}],
      [generateItemKey("LDAP", "None"), {label: i18next.t("login:LDAP"), key: "ldap"}],
+      [generateItemKey("Face ID", "None"), {label: i18next.t("login:Face ID"), key: "faceId"}],
    ]);

    application?.signinMethods?.forEach((signinMethod) => {
@ -1108,7 +1149,7 @@ class LoginPage extends React.Component {
    };

    return (
-      <div style={{height: 300, width: 300}}>
+      <div style={{height: 300}}>
        {renderChoiceBox()}
      </div>
    );
@ -1179,11 +1220,9 @@ class LoginPage extends React.Component {
            </div>
            <div className="login-form">
              <div>
-                <div>
-                  {
-                    this.renderLoginPanel(application)
-                  }
-                </div>
+                {
+                  this.renderLoginPanel(application)
+                }
              </div>
            </div>
          </div>
--- a/web/src/auth/ProviderButton.js
+++ b/web/src/auth/ProviderButton.js
@ -17,7 +17,6 @@ import i18next from "i18next";
 import * as Provider from "./Provider";
 import {getProviderLogoURL} from "../Setting";
 import {GithubLoginButton, GoogleLoginButton} from "react-social-login-buttons";
-import {authViaMetaMask, authViaWeb3Onboard} from "./Web3Auth";
 import QqLoginButton from "./QqLoginButton";
 import FacebookLoginButton from "./FacebookLoginButton";
 import WeiboLoginButton from "./WeiboLoginButton";
@ -43,9 +42,7 @@ import OktaLoginButton from "./OktaLoginButton";
 import DouyinLoginButton from "./DouyinLoginButton";
 import LoginButton from "./LoginButton";
 import * as AuthBackend from "./AuthBackend";
-import * as Setting from "../Setting";
-import {getEvent} from "./Util";
-import {Modal} from "antd";
+import {WechatOfficialAccountModal} from "./Util";

 function getSigninButton(provider) {
  const text = i18next.t("login:Sign in with {type}").replace("{type}", provider.displayName !== "" ? provider.displayName : provider.type);
@ -124,9 +121,17 @@ function goToSamlUrl(provider, location) {

 export function goToWeb3Url(application, provider, method) {
  if (provider.type === "MetaMask") {
-    authViaMetaMask(application, provider, method);
+    import("./Web3Auth")
+      .then(module => {
+        const authViaMetaMask = module.authViaMetaMask;
+        authViaMetaMask(application, provider, method);
+      });
  } else if (provider.type === "Web3Onboard") {
-    authViaWeb3Onboard(application, provider, method);
+    import("./Web3Auth")
+      .then(module => {
+        const authViaWeb3Onboard = module.authViaWeb3Onboard;
+        authViaWeb3Onboard(application, provider, method);
+      });
  }
 }

@ -134,32 +139,11 @@ export function renderProviderLogo(provider, application, width, margin, size, l
  if (size === "small") {
    if (provider.category === "OAuth") {
      if (provider.type === "WeChat" && provider.clientId2 !== "" && provider.clientSecret2 !== "" && provider.disableSsl === true && !navigator.userAgent.includes("MicroMessenger")) {
-        const info = async() => {
-          AuthBackend.getWechatQRCode(`${provider.owner}/${provider.name}`).then(
-            async res => {
-              if (res.status !== "ok") {
-                Setting.showMessage("error", res?.msg);
-                return;
-              }
-
-              const t1 = setInterval(await getEvent, 1000, application, provider, res.data2);
-              {Modal.info({
-                title: i18next.t("provider:Please use WeChat to scan the QR code and follow the official account for sign in"),
-                content: (
-                  <div style={{marginRight: "34px"}}>
-                    <img src = {"data:image/png;base64," + res.data} alt="Wechat QR code" style={{width: "100%"}} />
-                  </div>
-                ),
-                onOk() {
-                  window.clearInterval(t1);
-                },
-              });}
-            }
-          );
-        };
        return (
          <a key={provider.displayName} >
-            <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} className="provider-img" style={{margin: margin}} onClick={info} />
+            <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} className="provider-img" style={{margin: margin}} onClick={() => {
+              WechatOfficialAccountModal(application, provider, "signup");
+            }} />
          </a>
        );
      } else {
--- a/web/src/auth/Util.js
+++ b/web/src/auth/Util.js
@ -13,11 +13,12 @@
 // limitations under the License.

 import React from "react";
-import {Alert, Button, Result} from "antd";
+import {Alert, Button, Modal, Result} from "antd";
 import i18next from "i18next";
 import {getWechatMessageEvent} from "./AuthBackend";
 import * as Setting from "../Setting";
 import * as Provider from "./Provider";
+import * as AuthBackend from "./AuthBackend";

 export function renderMessage(msg) {
  if (msg !== null) {
@ -188,12 +189,36 @@ export function getQueryParamsFromState(state) {
  }
 }

-export function getEvent(application, provider, ticket) {
+export function getEvent(application, provider, ticket, method) {
  getWechatMessageEvent(ticket)
    .then(res => {
      if (res.data === "SCAN" || res.data === "subscribe") {
        const code = res?.data2;
-        Setting.goToLink(Provider.getAuthUrl(application, provider, "signup", code));
+        Setting.goToLink(Provider.getAuthUrl(application, provider, method ?? "signup", code));
      }
    });
 }
+
+export async function WechatOfficialAccountModal(application, provider, method) {
+  AuthBackend.getWechatQRCode(`${provider.owner}/${provider.name}`).then(
+    async res => {
+      if (res.status !== "ok") {
+        Setting.showMessage("error", res?.msg);
+        return;
+      }
+
+      const t1 = setInterval(await getEvent, 1000, application, provider, res.data2, method);
+      {Modal.info({
+        title: i18next.t("provider:Please use WeChat to scan the QR code and follow the official account for sign in"),
+        content: (
+          <div style={{marginRight: "34px"}}>
+            <img src = {"data:image/png;base64," + res.data} alt="Wechat QR code" style={{width: "100%"}} />
+          </div>
+        ),
+        onOk() {
+          window.clearInterval(t1);
+        },
+      });}
+    }
+  );
+}
--- a/web/src/backend/TransactionBackend.js
+++ b/web/src/backend/TransactionBackend.js
@ -0,0 +1,71 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getTransactions(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-transactions?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function getTransaction(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-transaction?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function updateTransaction(owner, name, transaction) {
+  const newTransaction = Setting.deepCopy(transaction);
+  return fetch(`${Setting.ServerUrl}/api/update-transaction?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newTransaction),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function addTransaction(transaction) {
+  const newTransaction = Setting.deepCopy(transaction);
+  return fetch(`${Setting.ServerUrl}/api/add-transaction`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newTransaction),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function deleteTransaction(transaction) {
+  const newTransaction = Setting.deepCopy(transaction);
+  return fetch(`${Setting.ServerUrl}/api/delete-transaction`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newTransaction),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/basic/CustomHead.js
+++ b/web/src/basic/CustomHead.js
@ -14,39 +14,36 @@

 import {useEffect} from "react";

+let customHeadLoaded = false;
+
 function CustomHead(props) {
  useEffect(() => {
-    const suffix = new Date().getTime().toString();
+    if (!customHeadLoaded) {
+      const suffix = new Date().getTime().toString();

-    if (!props.headerHtml) {return;}
-    const node = document.createElement("div");
-    node.innerHTML = props.headerHtml;
+      if (!props.headerHtml) {return;}
+      const node = document.createElement("div");
+      node.innerHTML = props.headerHtml;

-    node.childNodes.forEach(el => {
-      if (el.nodeName === "#text") {
-        return;
-      }
-      let innerNode = el;
-      innerNode.setAttribute("app-custom-head" + suffix, "");
-
-      if (innerNode.localName === "script") {
-        const scriptNode = document.createElement("script");
-        Array.from(innerNode.attributes).forEach(attr => {
-          scriptNode.setAttribute(attr.name, attr.value);
-        });
-        scriptNode.text = innerNode.textContent;
-        innerNode = scriptNode;
-      }
-      document.head.appendChild(innerNode);
-    });
-
-    return () => {
-      for (const el of document.head.children) {
-        if (el.getAttribute("app-custom-head" + suffix) !== null) {
-          document.head.removeChild(el);
+      node.childNodes.forEach(el => {
+        if (el.nodeName === "#text") {
+          return;
        }
-      }
-    };
+        let innerNode = el;
+        innerNode.setAttribute("app-custom-head" + suffix, "");
+
+        if (innerNode.localName === "script") {
+          const scriptNode = document.createElement("script");
+          Array.from(innerNode.attributes).forEach(attr => {
+            scriptNode.setAttribute(attr.name, attr.value);
+          });
+          scriptNode.text = innerNode.textContent;
+          innerNode = scriptNode;
+        }
+        document.head.appendChild(innerNode);
+      });
+      customHeadLoaded = true;
+    }
  });
 }

--- a/web/src/basic/Dashboard.js
+++ b/web/src/basic/Dashboard.js
@ -31,17 +31,32 @@ const Dashboard = (props) => {
    return () => window.removeEventListener("storageTourChanged", handleTourChange);
  }, []);

+  React.useEffect(() => {
+    window.addEventListener("storageOrganizationChanged", handleOrganizationChange);
+    return () => window.removeEventListener("storageOrganizationChanged", handleOrganizationChange);
+  }, [props.owner]);
+
  React.useEffect(() => {
    if (!Setting.isLocalAdminUser(props.account)) {
      props.history.push("/apps");
    }
  }, [props.account]);

+  const getOrganizationName = () => {
+    let organization = localStorage.getItem("organization") === "All" ? "" : localStorage.getItem("organization");
+    if (!Setting.isAdminUser(props.account) && Setting.isLocalAdminUser(props.account)) {
+      organization = props.account.owner;
+    }
+    return organization;
+  };
+
  React.useEffect(() => {
    if (!Setting.isLocalAdminUser(props.account)) {
      return;
    }
-    DashboardBackend.getDashboard(props.account.owner).then((res) => {
+
+    const organization = getOrganizationName();
+    DashboardBackend.getDashboard(organization).then((res) => {
      if (res.status === "ok") {
        setDashboardData(res.data);
      } else {
@ -54,6 +69,21 @@ const Dashboard = (props) => {
    setIsTourVisible(TourConfig.getTourVisible());
  };

+  const handleOrganizationChange = () => {
+    if (!Setting.isLocalAdminUser(props.account)) {
+      return;
+    }
+
+    const organization = getOrganizationName();
+    DashboardBackend.getDashboard(organization).then((res) => {
+      if (res.status === "ok") {
+        setDashboardData(res.data);
+      } else {
+        Setting.showMessage("error", res.msg);
+      }
+    });
+  };
+
  const setIsTourToLocal = () => {
    TourConfig.setIsTourVisible(false);
    setIsTourVisible(false);
--- a/web/src/common/OAuthWidget.js
+++ b/web/src/common/OAuthWidget.js
@ -20,8 +20,8 @@ import * as Setting from "../Setting";
 import * as Provider from "../auth/Provider";
 import * as AuthBackend from "../auth/AuthBackend";
 import {goToWeb3Url} from "../auth/ProviderButton";
-import {delWeb3AuthToken} from "../auth/Web3Auth";
 import AccountAvatar from "../account/AccountAvatar";
+import {WechatOfficialAccountModal} from "../auth/Util";

 class OAuthWidget extends React.Component {
  constructor(props) {
@ -98,7 +98,22 @@ class OAuthWidget extends React.Component {
      user: this.props.user,
    };
    if (providerType === "MetaMask" || providerType === "Web3Onboard") {
-      delWeb3AuthToken(linkedValue);
+      import("../auth/Web3Auth")
+        .then(module => {
+          const delWeb3AuthToken = module.delWeb3AuthToken;
+          delWeb3AuthToken(linkedValue);
+          AuthBackend.unlink(body)
+            .then((res) => {
+              if (res.status === "ok") {
+                Setting.showMessage("success", "Unlinked successfully");
+
+                this.unlinked();
+              } else {
+                Setting.showMessage("error", `Failed to unlink: ${res.msg}`);
+              }
+            });
+        });
+      return;
    }
    AuthBackend.unlink(body)
      .then((res) => {
@ -183,9 +198,19 @@ class OAuthWidget extends React.Component {
              provider.category === "Web3" ? (
                <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id} onClick={() => goToWeb3Url(application, provider, "link")}>{i18next.t("user:Link")}</Button>
              ) : (
-                <a key={provider.displayName} href={user.id !== account.id ? null : Provider.getAuthUrl(application, provider, "link")}>
-                  <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id}>{i18next.t("user:Link")}</Button>
-                </a>
+                provider.type === "WeChat" && provider.clientId2 !== "" && provider.clientSecret2 !== "" && provider.disableSsl === true && !navigator.userAgent.includes("MicroMessenger") ? (
+                  <a key={provider.displayName}>
+                    <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id} onClick={
+                      () => {
+                        WechatOfficialAccountModal(application, provider, "link");
+                      }
+                    }>{i18next.t("user:Link")}</Button>
+                  </a>
+                ) : (
+                  <a key={provider.displayName} href={user.id !== account.id ? null : Provider.getAuthUrl(application, provider, "link")}>
+                    <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id}>{i18next.t("user:Link")}</Button>
+                  </a>
+                )
              )
            ) : (
              <Button disabled={!providerItem.canUnlink && !Setting.isAdminUser(account)} style={{marginLeft: "20px", width: linkButtonWidth}} onClick={() => this.unlinkUser(provider.type, linkedValue)}>{i18next.t("user:Unlink")}</Button>
--- a/web/src/common/modal/FaceRecognitionModal.js
+++ b/web/src/common/modal/FaceRecognitionModal.js
@ -0,0 +1,175 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as faceapi from "face-api.js";
+import React, {useState} from "react";
+import Webcam from "react-webcam";
+import {Button, Modal, Progress, Spin, message} from "antd";
+import i18next from "i18next";
+
+const FaceRecognitionModal = (props) => {
+  const {visible, onOk, onCancel} = props;
+  const [modelsLoaded, setModelsLoaded] = React.useState(false);
+
+  const webcamRef = React.useRef();
+  const canvasRef = React.useRef();
+  const detection = React.useRef(null);
+  const [percent, setPercent] = useState(0);
+
+  React.useEffect(() => {
+    const loadModels = async() => {
+      // const MODEL_URL = process.env.PUBLIC_URL + "/models";
+      // const MODEL_URL = "https://justadudewhohacks.github.io/face-api.js/models";
+      // const MODEL_URL = "https://cdn.casbin.org/site/casdoor/models";
+      const MODEL_URL = "https://cdn.casdoor.com/casdoor/models";
+
+      Promise.all([
+        faceapi.nets.tinyFaceDetector.loadFromUri(MODEL_URL),
+        faceapi.nets.faceLandmark68Net.loadFromUri(MODEL_URL),
+        faceapi.nets.faceRecognitionNet.loadFromUri(MODEL_URL),
+      ]).then((val) => {
+        setModelsLoaded(true);
+      }).catch((err) => {
+        message.error(i18next.t("login:Model loading failure"));
+        onCancel();
+      });
+    };
+    loadModels();
+  }, []);
+
+  React.useEffect(() => {
+    if (visible) {
+      setPercent(0);
+      if (modelsLoaded && webcamRef.current?.video) {
+        handleStreamVideo(null);
+      }
+    } else {
+      clearInterval(detection.current);
+      detection.current = null;
+    }
+    return () => {
+      clearInterval(detection.current);
+      detection.current = null;
+    };
+  }, [visible]);
+
+  const handleStreamVideo = (e) => {
+    let count = 0;
+    let goodCount = 0;
+    if (!detection.current) {
+      detection.current = setInterval(async() => {
+        if (modelsLoaded && webcamRef.current?.video && visible) {
+          const faces = await faceapi.detectAllFaces(webcamRef.current.video, new faceapi.TinyFaceDetectorOptions()).withFaceLandmarks().withFaceDescriptors();
+
+          count++;
+          if (count % 50 === 0) {
+            message.warning(i18next.t("login:Please ensure sufficient lighting and align your face in the center of the recognition box"));
+          } else if (count > 300) {
+            message.error(i18next.t("login:Face recognition failed"));
+            onCancel();
+          }
+          if (faces.length === 1) {
+            const face = faces[0];
+            setPercent(Math.round(face.detection.score * 100));
+            const array = Array.from(face.descriptor);
+            if (face.detection.score > 0.9) {
+              goodCount++;
+              if (face.detection.score > 0.99 || goodCount > 10) {
+                clearInterval(detection.current);
+                onOk(array);
+              }
+            }
+          } else {
+            setPercent(Math.round(percent / 2));
+          }
+        }
+      }, 100);
+    }
+  };
+
+  const handleCameraError = () => {
+    message.error(i18next.t("login:There was a problem accessing the WEBCAM. Grant permission and reload the page."));
+  };
+
+  return (
+    <div>
+      <Modal
+        closable={false}
+        maskClosable={false}
+        open={visible}
+        title={i18next.t("login:Face Recognition")}
+        width={350}
+        footer={[
+          <Button key="back" onClick={onCancel}>
+            Cancel
+          </Button>,
+        ]}
+      >
+        <Progress percent={percent} />
+        <div style={{marginTop: "20px", marginBottom: "50px", justifyContent: "center", alignContent: "center", position: "relative", flexDirection: "column"}}>
+          {
+            modelsLoaded ?
+              <div style={{display: "flex", justifyContent: "center", alignContent: "center"}}>
+                <Webcam
+                  ref={webcamRef}
+                  videoConstraints={{facingMode: "user"}}
+                  onUserMedia={handleStreamVideo}
+                  onUserMediaError={handleCameraError}
+                  style={{
+                    borderRadius: "50%",
+                    height: "220px",
+                    verticalAlign: "middle",
+                    width: "220px",
+                    objectFit: "cover",
+                  }}
+                ></Webcam>
+                <div style={{
+                  position: "absolute",
+                  width: "240px",
+                  height: "240px",
+                  top: "50%",
+                  left: "50%",
+                  transform: "translate(-50%, -50%)",
+                }}>
+                  <svg width="240" height="240" fill="none">
+                    <circle
+                      strokeDasharray="700"
+                      strokeDashoffset={700 - 6.9115 * percent}
+                      strokeWidth="4"
+                      cx="120"
+                      cy="120"
+                      r="110"
+                      stroke="#5734d3"
+                      transform="rotate(-90, 120, 120)"
+                      strokeLinecap="round"
+                      style={{transition: "all .2s linear"}}
+                    ></circle>
+                  </svg>
+                </div>
+                <canvas ref={canvasRef} style={{position: "absolute"}} />
+              </div>
+              :
+              <div>
+                <Spin tip={i18next.t("login:Loading")} size="large" style={{display: "flex", justifyContent: "center", alignContent: "center"}}>
+                  <div className="content" />
+                </Spin>
+              </div>
+          }
+        </div>
+      </Modal>
+    </div>
+  );
+};
+
+export default FaceRecognitionModal;
--- a/web/src/i18n.js
+++ b/web/src/i18n.js
@ -13,57 +13,34 @@
 // limitations under the License.

 import i18n from "i18next";
-import en from "./locales/en/data.json";
-import zh from "./locales/zh/data.json";
-import es from "./locales/es/data.json";
-import fr from "./locales/fr/data.json";
-import de from "./locales/de/data.json";
-import id from "./locales/id/data.json";
-import ja from "./locales/ja/data.json";
-import ko from "./locales/ko/data.json";
-import ru from "./locales/ru/data.json";
-import vi from "./locales/vi/data.json";
-import pt from "./locales/pt/data.json";
-import it from "./locales/it/data.json";
-import ms from "./locales/ms/data.json";
-import tr from "./locales/tr/data.json";
-import ar from "./locales/ar/data.json";
-import he from "./locales/he/data.json";
-import nl from "./locales/nl/data.json";
-import pl from "./locales/pl/data.json";
-import fi from "./locales/fi/data.json";
-import sv from "./locales/sv/data.json";
-import uk from "./locales/uk/data.json";
-import kk from "./locales/kk/data.json";
-import fa from "./locales/fa/data.json";
 import * as Conf from "./Conf";
 import {initReactI18next} from "react-i18next";
+import en from "./locales/en/data.json";

-const resources = {
-  en: en,
-  zh: zh,
-  es: es,
-  fr: fr,
-  de: de,
-  id: id,
-  ja: ja,
-  ko: ko,
-  ru: ru,
-  vi: vi,
-  pt: pt,
-  it: it,
-  ms: ms,
-  tr: tr,
-  ar: ar,
-  he: he,
-  nl: nl,
-  pl: pl,
-  fi: fi,
-  sv: sv,
-  uk: uk,
-  kk: kk,
-  fa: fa,
-};
+const resourcesToBackend = (res) => ({
+  type: "backend",
+  init(services, backendOptions, i18nextOptions) {/* use services and options */},
+  read(language, namespace, callback) {
+    if (typeof res === "function") {
+      if (res.length < 3) {
+        try {
+          const r = res(language, namespace);
+          if (r && typeof r.then === "function") {
+            r.then((data) => callback(null, (data && data.default) || data)).catch(callback);
+          } else {
+            callback(null, r);
+          }
+        } catch (err) {
+          callback(err);
+        }
+        return;
+      }
+      res(language, namespace, callback);
+      return;
+    }
+    callback(null, res && res[language] && res[language][namespace]);
+  },
+});

 function initLanguage() {
  let language = localStorage.getItem("language");
@ -157,18 +134,23 @@ function initLanguage() {
  return language;
 }

-i18n.use(initReactI18next).init({
-  lng: initLanguage(),
+i18n.use(resourcesToBackend(async(language, namespace) => {
+  const res = await import(`./locales/${language}/data.json`);
+  return res.default[namespace];
+}
+))
+  .use(initReactI18next)
+  .init({
+    lng: initLanguage(),
+    ns: Object.keys(en),
+    fallbackLng: "en",

-  resources: resources,
-
-  keySeparator: false,
-
-  interpolation: {
-    escapeValue: true,
-  },
-  // debug: true,
-  saveMissing: true,
-});
+    keySeparator: false,

+    interpolation: {
+      escapeValue: true,
+    },
+    // debug: true,
+    saveMissing: true,
+  });
 export default i18n;
--- a/web/src/index.css
+++ b/web/src/index.css
@ -27,9 +27,6 @@ code {
 }

 .logo {
-  background: url("https://cdn.casbin.org/img/casdoor-logo_1185x256.png");
-  background-size: 130px, 27px !important;
-  width: 130px;
  height: 27px;
  margin: 17px 0 16px 15px;
  float: left;
--- a/web/src/locales/ar/data.json
+++ b/web/src/locales/ar/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "URL der Prompt-Seite kopieren",
    "Copy signin page URL": "Kopieren Sie die URL der Anmeldeseite",
    "Copy signup page URL": "URL der Anmeldeseite kopieren",
+    "Custom CSS": "Formular CSS",
+    "Custom CSS - Edit": "Custom CSS - Bearbeiten",
+    "Custom CSS - Tooltip": "CSS-Styling der Anmelde-, Registrierungs- und Passwort-vergessen-Seite (z. B. Hinzufügen von Rahmen und Schatten)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Bearbeitungsanwendung",
    "Enable Email linking": "E-Mail-Verknüpfung aktivieren",
@ -52,12 +58,9 @@
    "File uploaded successfully": "Datei erfolgreich hochgeladen",
    "First, last": "First, last",
    "Follow organization theme": "Folge dem Theme der Organisation",
-    "Form CSS": "Formular CSS",
-    "Form CSS - Edit": "Form CSS - Bearbeiten",
-    "Form CSS - Tooltip": "CSS-Styling der Anmelde-, Registrierungs- und Passwort-vergessen-Seite (z. B. Hinzufügen von Rahmen und Schatten)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Formposition",
    "Form position - Tooltip": "Position der Anmelde-, Registrierungs- und Passwort-vergessen-Formulare",
    "Grant types": "Grant-Typen",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Liste erlaubter Umleitungs-URLs mit Unterstützung von regulärer Ausdrucksprüfung; URLs, die nicht in der Liste enthalten sind, können nicht umgeleitet werden",
    "Refresh token expire": "Gültigkeitsdauer des Refresh-Tokens",
    "Refresh token expire - Tooltip": "Angabe der Gültigkeitsdauer des Refresh Tokens",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Rechts",
    "Rule": "Regel",
    "SAML metadata": "SAML-Metadaten",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Gültige E-Mail-Adresse",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Symbole, die die Anwendung der Außenwelt präsentiert",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Hauptpasswort",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "Dies ist eine schreibgeschützte Demo-Seite!",
    "Timestamp": "Timestamp",
    "Tokens": "Token",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token-Typ",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "Drittanbieter-Logins",
    "3rd-party logins - Tooltip": "Drittanbieter-Anmeldungen, die mit dem Benutzer verknüpft sind",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Sollten die erweiterten Felder des Benutzers in das JSON inkludiert werden?",
    "Method - Tooltip": "HTTP Methode",
    "New Webhook": "Neue Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Wert"
  }
 }
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copiar URL de la página del prompt",
    "Copy signin page URL": "Copiar la URL de la página de inicio de sesión",
    "Copy signup page URL": "Copiar URL de la página de registro",
+    "Custom CSS": "Formulario CSS",
+    "Custom CSS - Edit": "Formulario CSS - Editar",
+    "Custom CSS - Tooltip": "Estilo CSS de los formularios de registro, inicio de sesión y olvido de contraseña (por ejemplo, agregar bordes y sombras)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Editar solicitud",
    "Enable Email linking": "Habilitar enlace de correo electrónico",
@ -52,12 +58,9 @@
    "File uploaded successfully": "Archivo subido exitosamente",
    "First, last": "First, last",
    "Follow organization theme": "Seguir el tema de la organización",
-    "Form CSS": "Formulario CSS",
-    "Form CSS - Edit": "Formulario CSS - Editar",
-    "Form CSS - Tooltip": "Estilo CSS de los formularios de registro, inicio de sesión y olvido de contraseña (por ejemplo, agregar bordes y sombras)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Posición de la Forma",
    "Form position - Tooltip": "Ubicación de los formularios de registro, inicio de sesión y olvido de contraseña",
    "Grant types": "Tipos de subvenciones",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Lista de URL de redireccionamiento permitidos, con soporte para coincidencias de expresiones regulares; las URL que no estén en la lista no se redirigirán",
    "Refresh token expire": "Token de actualización expirado",
    "Refresh token expire - Tooltip": "Tiempo de caducidad del token de actualización",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Correcto",
    "Rule": "Regla",
    "SAML metadata": "Metadatos de SAML",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Dirección de correo electrónico válida",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logotipo",
    "Logo - Tooltip": "Iconos que la aplicación presenta al mundo exterior",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Contraseña maestra",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "¡Este es un sitio de demostración solo de lectura!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "Dirección URL",
@ -1031,6 +1040,13 @@
    "Token type": "Tipo de token",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "Inicio de sesión de terceros",
    "3rd-party logins - Tooltip": "Accesos sociales ligados por el usuario",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "¿Incluir los campos extendidos del usuario en el JSON?",
    "Method - Tooltip": "Método HTTP",
    "New Webhook": "Nuevo Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Valor"
  }
 }
--- a/web/src/locales/fa/data.json
+++ b/web/src/locales/fa/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/fi/data.json
+++ b/web/src/locales/fi/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copier l'URL de la page de l'invite",
    "Copy signin page URL": "Copier l'URL de la page de connexion",
    "Copy signup page URL": "Copiez l'URL de la page d'inscription",
+    "Custom CSS": "CSS du formulaire",
+    "Custom CSS - Edit": "CSS du formulaire - Modifier",
+    "Custom CSS - Tooltip": "Mise en forme CSS des formulaires d'inscription, de connexion et de récupération de mot de passe (par exemple, en ajoutant des bordures et des ombres)",
+    "Custom CSS Mobile": "CSS du formulaire sur téléphone",
+    "Custom CSS Mobile - Edit": "CSS du formulaire sur téléphone - Modifier",
+    "Custom CSS Mobile - Tooltip": "CSS du formulaire sur téléphone - Info-bulle",
    "Dynamic": "Dynamique",
    "Edit Application": "Modifier l'application",
    "Enable Email linking": "Autoriser à lier l'e-mail",
@ -52,12 +58,9 @@
    "File uploaded successfully": "Fichier téléchargé avec succès",
    "First, last": "Prénom, nom",
    "Follow organization theme": "Suivre le thème de l'organisation",
-    "Form CSS": "CSS du formulaire",
-    "Form CSS - Edit": "CSS du formulaire - Modifier",
-    "Form CSS - Tooltip": "Mise en forme CSS des formulaires d'inscription, de connexion et de récupération de mot de passe (par exemple, en ajoutant des bordures et des ombres)",
-    "Form CSS Mobile": "CSS du formulaire sur téléphone",
-    "Form CSS Mobile - Edit": "CSS du formulaire sur téléphone - Modifier",
-    "Form CSS Mobile - Tooltip": "CSS du formulaire sur téléphone - Info-bulle",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Position du formulaire",
    "Form position - Tooltip": "Emplacement des formulaires d'inscription, de connexion et de récupération de mot de passe",
    "Grant types": "Types d'autorisation",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Liste des URL de redirection autorisées, les expressions régulières sont supportées ; les URL n'étant pas dans la liste ne seront pas redirigées",
    "Refresh token expire": "Expiration du jeton de rafraîchissement",
    "Refresh token expire - Tooltip": "Durée avant expiration du jeton de rafraîchissement",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Droit",
    "Rule": "Règle",
    "SAML metadata": "Métadonnées SAML",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Adresse e-mail valide",
    "Email only": "Email only",
    "Enable": "Activer",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Activé",
    "Enabled successfully": "Activé avec succès",
    "Enforcers": "Exécuteurs",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Journalisation et Audit",
    "Logo": "Logo",
    "Logo - Tooltip": "Icônes que l'application présente au monde extérieur",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "Type d'authentification multifacteur",
    "MFA items - Tooltip": "Types d'authentification multifacteur - Infobulle",
    "Master password": "Mot de passe passe-partout",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "Ceci est un site de démonstration en lecture seule !",
    "Timestamp": "Timestamp",
    "Tokens": "Jetons",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Infobulle",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Type de jeton",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "Services de connexions tiers",
    "3rd-party logins - Tooltip": "Service de connexions tiers liés au compte",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Inclure les champs étendus du compte dans l'objet JSON",
    "Method - Tooltip": "Méthode HTTP",
    "New Webhook": "Nouveau webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Valeur"
  }
 }
--- a/web/src/locales/he/data.json
+++ b/web/src/locales/he/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/id/data.json
+++ b/web/src/locales/id/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Salin URL halaman prompt",
    "Copy signin page URL": "Salin URL halaman masuk",
    "Copy signup page URL": "Salin URL halaman pendaftaran",
+    "Custom CSS": "Formulir CSS",
+    "Custom CSS - Edit": "Formulir CSS - Edit",
+    "Custom CSS - Tooltip": "Pengaturan CSS dari formulir pendaftaran, masuk, dan lupa kata sandi (misalnya menambahkan batas dan bayangan)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Mengedit aplikasi",
    "Enable Email linking": "Aktifkan pengaitan email",
@ -52,12 +58,9 @@
    "File uploaded successfully": "Berkas telah diunggah dengan sukses",
    "First, last": "First, last",
    "Follow organization theme": "Ikuti tema organisasi",
-    "Form CSS": "Formulir CSS",
-    "Form CSS - Edit": "Formulir CSS - Edit",
-    "Form CSS - Tooltip": "Pengaturan CSS dari formulir pendaftaran, masuk, dan lupa kata sandi (misalnya menambahkan batas dan bayangan)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Posisi formulir",
    "Form position - Tooltip": "Tempat pendaftaran, masuk, dan lupa kata sandi",
    "Grant types": "Jenis-jenis hibah",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Daftar URL redirect yang diizinkan, mendukung pencocokan ekspresi reguler; URL yang tidak ada dalam daftar akan gagal dialihkan",
    "Refresh token expire": "Token segar kedaluwarsa",
    "Refresh token expire - Tooltip": "Waktu kedaluwarsa token penyegaran",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Benar",
    "Rule": "Aturan",
    "SAML metadata": "Metadata SAML",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Alamat email yang valid",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Ikon-ikon yang disajikan aplikasi ke dunia luar",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Kata sandi utama",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "Ini adalah situs demo hanya untuk dibaca saja!",
    "Timestamp": "Timestamp",
    "Tokens": "Token-token",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Jenis token",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "Masuk pihak ketiga",
    "3rd-party logins - Tooltip": "Masuk sosial yang terhubung oleh pengguna",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Apakah akan menyertakan bidang-bidang tambahan pengguna dalam JSON?",
    "Method - Tooltip": "Metode HTTP",
    "New Webhook": "Webhook Baru",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Nilai"
  }
 }
--- a/web/src/locales/it/data.json
+++ b/web/src/locales/it/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "プロンプトページのURLをコピーしてください",
    "Copy signin page URL": "サインインページのURLをコピーしてください",
    "Copy signup page URL": "サインアップページのURLをコピーしてください",
+    "Custom CSS": "フォームCSS",
+    "Custom CSS - Edit": "フォームのCSS - 編集",
+    "Custom CSS - Tooltip": "サインアップ、サインイン、パスワード忘れのフォームのCSSスタイリング（例：境界線や影の追加）",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "アプリケーションを編集する",
    "Enable Email linking": "イーメールリンクの有効化",
@ -52,12 +58,9 @@
    "File uploaded successfully": "ファイルが正常にアップロードされました",
    "First, last": "First, last",
    "Follow organization theme": "組織のテーマに従ってください",
-    "Form CSS": "フォームCSS",
-    "Form CSS - Edit": "フォームのCSS - 編集",
-    "Form CSS - Tooltip": "サインアップ、サインイン、パスワード忘れのフォームのCSSスタイリング（例：境界線や影の追加）",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "フォームのポジション",
    "Form position - Tooltip": "登録、ログイン、パスワード忘れフォームの位置",
    "Grant types": "グラント種類",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "許可されたリダイレクトURLリストは、正規表現マッチングをサポートしています。リストに含まれていないURLはリダイレクトできません",
    "Refresh token expire": "リフレッシュトークンの有効期限が切れました",
    "Refresh token expire - Tooltip": "リフレッシュトークンの有効期限時間",
+    "Reset to Empty": "Reset to Empty",
    "Right": "右",
    "Rule": "ルール",
    "SAML metadata": "SAMLメタデータ",
@ -225,6 +229,8 @@
    "Email - Tooltip": "有効な電子メールアドレス",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "ロゴ",
    "Logo - Tooltip": "アプリケーションが外部世界に示すアイコン",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "マスターパスワード",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "これは読み取り専用のデモサイトです！",
    "Timestamp": "Timestamp",
    "Tokens": "トークン",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "トークンタイプ",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "サードパーティログイン",
    "3rd-party logins - Tooltip": "ユーザーによってリンクされたソーシャルログイン",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "ユーザーの拡張フィールドをJSONに含めるかどうか",
    "Method - Tooltip": "HTTPメソッド",
    "New Webhook": "新しいWebhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "値"
  }
 }
--- a/web/src/locales/kk/data.json
+++ b/web/src/locales/kk/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "프롬프트 페이지 URL을 복사하세요",
    "Copy signin page URL": "사인인 페이지 URL 복사",
    "Copy signup page URL": "가입 페이지 URL을 복사하세요",
+    "Custom CSS": "CSS 양식",
+    "Custom CSS - Edit": "폼 CSS - 편집",
+    "Custom CSS - Tooltip": "가입, 로그인 및 비밀번호를 잊어버린 양식의 CSS 스타일링 (예 : 테두리와 그림자 추가)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "앱 편집하기",
    "Enable Email linking": "이메일 링크 사용 가능하도록 설정하기",
@ -52,12 +58,9 @@
    "File uploaded successfully": "파일이 성공적으로 업로드되었습니다",
    "First, last": "First, last",
    "Follow organization theme": "조직의 주제를 따르세요",
-    "Form CSS": "CSS 양식",
-    "Form CSS - Edit": "폼 CSS - 편집",
-    "Form CSS - Tooltip": "가입, 로그인 및 비밀번호를 잊어버린 양식의 CSS 스타일링 (예 : 테두리와 그림자 추가)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "양식 위치",
    "Form position - Tooltip": "가입, 로그인 및 비밀번호 재설정 양식의 위치",
    "Grant types": "Grant types: 부여 유형",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "허용된 리디렉션 URL 목록은 정규 표현식 일치를 지원합니다. 목록에 없는 URL은 리디렉션에 실패합니다",
    "Refresh token expire": "리프레시 토큰 만료",
    "Refresh token expire - Tooltip": "리프레시 토큰 만료 시간",
+    "Reset to Empty": "Reset to Empty",
    "Right": "옳은",
    "Rule": "규칙",
    "SAML metadata": "SAML 메타데이터",
@ -225,6 +229,8 @@
    "Email - Tooltip": "유효한 이메일 주소",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "로고",
    "Logo - Tooltip": "애플리케이션이 외부 세계에 제시하는 아이콘들",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "마스터 비밀번호",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "이것은 읽기 전용 데모 사이트입니다!",
    "Timestamp": "Timestamp",
    "Tokens": "토큰",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "토큰 유형",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "제3자 로그인",
    "3rd-party logins - Tooltip": "사용자가 연결한 소셜 로그인",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "사용자의 확장 필드를 JSON에 포함할지 여부",
    "Method - Tooltip": "HTTP 방법",
    "New Webhook": "새로운 웹훅",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "가치"
  }
 }
--- a/web/src/locales/ms/data.json
+++ b/web/src/locales/ms/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/nl/data.json
+++ b/web/src/locales/nl/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/pl/data.json
+++ b/web/src/locales/pl/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/pt/data.json
+++ b/web/src/locales/pt/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copiar URL da página de prompt",
    "Copy signin page URL": "Copiar URL da página de login",
    "Copy signup page URL": "Copiar URL da página de registro",
+    "Custom CSS": "CSS do formulário",
+    "Custom CSS - Edit": "Editar CSS do formulário",
+    "Custom CSS - Tooltip": "Estilização CSS dos formulários de registro, login e recuperação de senha (por exemplo, adicionando bordas e sombras)",
+    "Custom CSS Mobile": "CSS do formulário em dispositivos móveis",
+    "Custom CSS Mobile - Edit": "Editar CSS do formulário em dispositivos móveis",
+    "Custom CSS Mobile - Tooltip": "CSS do formulário em dispositivos móveis - Dica",
    "Dynamic": "Dinâmico",
    "Edit Application": "Editar Aplicação",
    "Enable Email linking": "Ativar vinculação de e-mail",
@ -52,12 +58,9 @@
    "File uploaded successfully": "Arquivo enviado com sucesso",
    "First, last": "Primeiro, último",
    "Follow organization theme": "Seguir tema da organização",
-    "Form CSS": "CSS do formulário",
-    "Form CSS - Edit": "Editar CSS do formulário",
-    "Form CSS - Tooltip": "Estilização CSS dos formulários de registro, login e recuperação de senha (por exemplo, adicionando bordas e sombras)",
-    "Form CSS Mobile": "CSS do formulário em dispositivos móveis",
-    "Form CSS Mobile - Edit": "Editar CSS do formulário em dispositivos móveis",
-    "Form CSS Mobile - Tooltip": "CSS do formulário em dispositivos móveis - Dica",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Posição do formulário",
    "Form position - Tooltip": "Localização dos formulários de registro, login e recuperação de senha",
    "Grant types": "Tipos de concessão",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Lista de URLs de redirecionamento permitidos, com suporte à correspondência por expressões regulares; URLs que não estão na lista falharão ao redirecionar",
    "Refresh token expire": "Expiração do token de atualização",
    "Refresh token expire - Tooltip": "Tempo de expiração do token de atualização",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Direita",
    "Rule": "Regra",
    "SAML metadata": "Metadados do SAML",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Endereço de e-mail válido",
    "Email only": "Email only",
    "Enable": "Habilitar",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Habilitado",
    "Enabled successfully": "Habilitado com sucesso",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Ícones que o aplicativo apresenta para o mundo externo",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Senha mestra",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "Este é um site de demonstração apenas para leitura!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Tipo",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Tipo de Token",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "Logins de terceiros",
    "3rd-party logins - Tooltip": "Logins sociais vinculados pelo usuário",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Se incluir os campos estendidos do usuário no JSON",
    "Method - Tooltip": "Método HTTP",
    "New Webhook": "Novo Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Valor"
  }
 }
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Скопируйте URL страницы предложения",
    "Copy signin page URL": "Скопируйте URL-адрес страницы входа",
    "Copy signup page URL": "Скопируйте URL страницы регистрации",
+    "Custom CSS": "Форма CSS",
+    "Custom CSS - Edit": "Форма CSS - Редактирование",
+    "Custom CSS - Tooltip": "CSS-оформление форм регистрации, входа и восстановления пароля (например, добавление границ и теней)",
+    "Custom CSS Mobile": "CSS формы для мобильных",
+    "Custom CSS Mobile - Edit": "CSS формы для мобильный - редактировать",
+    "Custom CSS Mobile - Tooltip": "Редактирование CSS кода для мобильных устройств",
    "Dynamic": "Динамическое",
    "Edit Application": "Изменить приложение",
    "Enable Email linking": "Включить связывание электронной почты",
@ -52,12 +58,9 @@
    "File uploaded successfully": "Файл успешно загружен",
    "First, last": "Имя, Фамилия",
    "Follow organization theme": "Cледуйте теме организации",
-    "Form CSS": "Форма CSS",
-    "Form CSS - Edit": "Форма CSS - Редактирование",
-    "Form CSS - Tooltip": "CSS-оформление форм регистрации, входа и восстановления пароля (например, добавление границ и теней)",
-    "Form CSS Mobile": "CSS формы для мобильных",
-    "Form CSS Mobile - Edit": "CSS формы для мобильный - редактировать",
-    "Form CSS Mobile - Tooltip": "Редактирование CSS кода для мобильных устройств",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Позиция формы",
    "Form position - Tooltip": "Местоположение форм регистрации, входа и восстановления пароля",
    "Grant types": "Типы грантов",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Разрешенный список URL-адресов для перенаправления с поддержкой сопоставления регулярных выражений; URL-адреса, которые не находятся в списке, не будут перенаправляться",
    "Refresh token expire": "Срок действия токена обновления истек",
    "Refresh token expire - Tooltip": "Время истечения токена обновления",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Правильно",
    "Rule": "Правило",
    "SAML metadata": "Метаданные SAML",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Действительный адрес электронной почты",
    "Email only": "Email only",
    "Enable": "Включить",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Включено",
    "Enabled successfully": "Успешно включено",
    "Enforcers": "Контролёры доступа",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Логотип",
    "Logo - Tooltip": "Иконки, которые приложение представляет во внешний мир",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Главный пароль",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "Это демонстрационный сайт только для чтения!",
    "Timestamp": "Timestamp",
    "Tokens": "Токены",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Тип токена",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "Авторизация сторонних участников",
    "3rd-party logins - Tooltip": "Социальные логины, связанные пользователем",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Нужно ли включать расширенные поля пользователя в формате JSON?",
    "Method - Tooltip": "Метод HTTP",
    "New Webhook": "Новый вебхук",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Значение"
  }
 }
--- a/web/src/locales/sv/data.json
+++ b/web/src/locales/sv/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/tr/data.json
+++ b/web/src/locales/tr/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Prompt Page URL 'ini kopyala",
    "Copy signin page URL": "Giriş sayfası URL 'ini kopyala",
    "Copy signup page URL": "Kayıt sayfası URL 'ini kopyala",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dinamik",
    "Edit Application": "Uygulamayı düzenle",
    "Enable Email linking": "Eposta bağlantısı aktif",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "Adı, Soyadı",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Kabul edilen yönlendirme URL listesi, düzenli ifadeleri (regexp) kullanabilirsiniz. Eğer url bu lşistede yoksa hata sayfasına yönlendirilirsiniz",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Sağ",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Geçerli e-posta adresi",
    "Email only": "Sadece eposta",
    "Enable": "Etkinleştir",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Etkin",
    "Enabled successfully": "Başarıyla etkinleştirildi",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "Bu site sadece görüntüleme amaçlıdır!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/uk/data.json
+++ b/web/src/locales/uk/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copy signin page URL",
    "Copy signup page URL": "Copy signup page URL",
+    "Custom CSS": "Custom CSS",
+    "Custom CSS - Edit": "Custom CSS - Edit",
+    "Custom CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Edit Application",
    "Enable Email linking": "Enable Email linking",
@ -52,12 +58,9 @@
    "File uploaded successfully": "File uploaded successfully",
    "First, last": "First, last",
    "Follow organization theme": "Follow organization theme",
-    "Form CSS": "Form CSS",
-    "Form CSS - Edit": "Form CSS - Edit",
-    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Allowed redirect URL list, supporting regular expression matching; URLs not in the list will fail to redirect",
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expiration time",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Right",
    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Valid email address",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Logo",
    "Logo - Tooltip": "Icons that the application presents to the outside world",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Master password",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Token type",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "3rd-party logins",
    "3rd-party logins - Tooltip": "Social logins linked by the user",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Whether to include the user's extended fields in the JSON",
    "Method - Tooltip": "HTTP method",
    "New Webhook": "New Webhook",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Value"
  }
 }
--- a/web/src/locales/vi/data.json
+++ b/web/src/locales/vi/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "Sao chép URL của trang nhắc nhở",
    "Copy signin page URL": "Sao chép URL trang đăng nhập",
    "Copy signup page URL": "Sao chép URL trang đăng ký",
+    "Custom CSS": "Mẫu CSS",
+    "Custom CSS - Edit": "Biểu mẫu CSS - Sửa",
+    "Custom CSS - Tooltip": "Phong cách CSS của các biểu mẫu đăng ký, đăng nhập và quên mật khẩu (ví dụ: thêm đường viền và bóng)",
+    "Custom CSS Mobile": "Custom CSS Mobile",
+    "Custom CSS Mobile - Edit": "Custom CSS Mobile - Edit",
+    "Custom CSS Mobile - Tooltip": "Custom CSS Mobile - Tooltip",
    "Dynamic": "Dynamic",
    "Edit Application": "Sửa ứng dụng",
    "Enable Email linking": "Cho phép liên kết Email",
@ -52,12 +58,9 @@
    "File uploaded successfully": "Tệp được tải lên thành công",
    "First, last": "Tên, Họ",
    "Follow organization theme": "Theo giao diện tổ chức",
-    "Form CSS": "Mẫu CSS",
-    "Form CSS - Edit": "Biểu mẫu CSS - Sửa",
-    "Form CSS - Tooltip": "Phong cách CSS của các biểu mẫu đăng ký, đăng nhập và quên mật khẩu (ví dụ: thêm đường viền và bóng)",
-    "Form CSS Mobile": "Form CSS Mobile",
-    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
-    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "Custom the footer of your application",
    "Form position": "Vị trí của hình thức",
    "Form position - Tooltip": "Vị trí của các biểu mẫu đăng ký, đăng nhập và quên mật khẩu",
    "Grant types": "Loại hỗ trợ",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "Danh sách URL chuyển hướng được phép, hỗ trợ khớp biểu thức chính quy; các URL không có trong danh sách sẽ không được chuyển hướng",
    "Refresh token expire": "Làm mới mã thông báo hết hạn",
    "Refresh token expire - Tooltip": "Thời gian hết hạn của mã thông báo làm mới",
+    "Reset to Empty": "Reset to Empty",
    "Right": "Đúng",
    "Rule": "Quy tắc",
    "SAML metadata": "SAML metadata: Siêu dữ liệu SAML",
@ -225,6 +229,8 @@
    "Email - Tooltip": "Địa chỉ email hợp lệ",
    "Email only": "Email only",
    "Enable": "Enable",
+    "Enable dark logo": "Enable dark logo",
+    "Enable dark logo - Tooltip": "Enable dark logo",
    "Enabled": "Enabled",
    "Enabled successfully": "Enabled successfully",
    "Enforcers": "Enforcers",
@ -264,6 +270,8 @@
    "Logging & Auditing": "Logging & Auditing",
    "Logo": "Biểu tượng",
    "Logo - Tooltip": "Biểu tượng mà ứng dụng hiển thị ra ngoài thế giới",
+    "Logo dark": "Logo dark",
+    "Logo dark - Tooltip": "The logo used in dark theme",
    "MFA items": "MFA items",
    "MFA items - Tooltip": "MFA items - Tooltip",
    "Master password": "Mật khẩu chính",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "Đây là trang web giới thiệu chỉ có chức năng đọc!",
    "Timestamp": "Timestamp",
    "Tokens": "Mã thông báo",
+    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "URL": "URL",
@ -1031,6 +1040,13 @@
    "Token type": "Loại mã thông báo",
    "Token type - Tooltip": "Token type - Tooltip"
  },
+  "transaction": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "The amount of traded products",
+    "Edit Transaction": "Edit Transaction",
+    "New Transaction": "New Transaction",
+    "Tag - Tooltip": "The tag of the transaction"
+  },
  "user": {
    "3rd-party logins": "Đăng nhập bên thứ ba",
    "3rd-party logins - Tooltip": "Đăng nhập xã hội liên kết bởi người dùng",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "Có nên bao gồm các trường mở rộng của người dùng trong định dạng JSON không?",
    "Method - Tooltip": "Phương thức HTTP",
    "New Webhook": "Webhook mới",
+    "Single org only": "Single org only",
+    "Single org only - Tooltip": "Triggered only in the organization that the webhook belongs to",
    "Value": "Giá trị"
  }
 }
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@ -30,6 +30,12 @@
    "Copy prompt page URL": "复制提醒页面URL",
    "Copy signin page URL": "复制登录页面URL",
    "Copy signup page URL": "复制注册页面URL",
+    "Custom CSS": "表单CSS",
+    "Custom CSS - Edit": "编辑表单CSS",
+    "Custom CSS - Tooltip": "注册、登录、忘记密码等表单的CSS样式（如增加边框和阴影）",
+    "Custom CSS Mobile": "表单CSS（移动端）",
+    "Custom CSS Mobile - Edit": "编辑表单CSS（移动端）",
+    "Custom CSS Mobile - Tooltip": "注册、登录、忘记密码等表单的CSS样式（如增加边框和阴影）（移动端）",
    "Dynamic": "动态开启",
    "Edit Application": "编辑应用",
    "Enable Email linking": "自动关联邮箱相同的账号",
@ -52,12 +58,9 @@
    "File uploaded successfully": "文件上传成功",
    "First, last": "名字, 姓氏",
    "Follow organization theme": "使用组织主题",
-    "Form CSS": "表单CSS",
-    "Form CSS - Edit": "编辑表单CSS",
-    "Form CSS - Tooltip": "注册、登录、忘记密码等表单的CSS样式（如增加边框和阴影）",
-    "Form CSS Mobile": "表单CSS（移动端）",
-    "Form CSS Mobile - Edit": "编辑表单CSS（移动端）",
-    "Form CSS Mobile - Tooltip": "注册、登录、忘记密码等表单的CSS样式（如增加边框和阴影）（移动端）",
+    "Footer HTML": "Footer HTML",
+    "Footer HTML - Edit": "Footer HTML - Edit",
+    "Footer HTML - Tooltip": "自定义应用的footer",
    "Form position": "表单位置",
    "Form position - Tooltip": "注册、登录、忘记密码等表单的位置",
    "Grant types": "OAuth授权类型",
@ -88,6 +91,7 @@
    "Redirect URLs - Tooltip": "允许的重定向URL列表，支持正则匹配，不在列表中的URL将会跳转失败",
    "Refresh token expire": "Refresh Token过期",
    "Refresh token expire - Tooltip": "Refresh Token过期时间",
+    "Reset to Empty": "重置为空",
    "Right": "居右",
    "Rule": "规则",
    "SAML metadata": "SAML元数据",
@ -225,6 +229,8 @@
    "Email - Tooltip": "合法的电子邮件地址",
    "Email only": "仅支持邮件",
    "Enable": "启用",
+    "Enable dark logo": "开启暗黑Logo",
+    "Enable dark logo - Tooltip": "开启暗黑Logo",
    "Enabled": "已开启",
    "Enabled successfully": "启用成功",
    "Enforcers": "Casbin执行器",
@ -264,6 +270,8 @@
    "Logging & Auditing": "日志 & 审计",
    "Logo": "Logo",
    "Logo - Tooltip": "应用程序向外展示的图标",
+    "Logo dark": "暗黑logo",
+    "Logo dark - Tooltip": "暗黑主题下使用的logo",
    "MFA items": "MFA 项",
    "MFA items - Tooltip": "MFA 项 - Tooltip",
    "Master password": "万能密码",
@ -367,6 +375,7 @@
    "This is a read-only demo site!": "这是一个只读演示站点！",
    "Timestamp": "时间",
    "Tokens": "令牌",
+    "Transactions": "交易",
    "Type": "类型",
    "Type - Tooltip": "类型",
    "URL": "链接",
@ -1031,6 +1040,13 @@
    "Token type": "令牌类型",
    "Token type - Tooltip": "令牌类型"
  },
+  "transaction": {
+    "Amount": "数量",
+    "Amount - Tooltip": "交易产品的数量",
+    "Edit Transaction": "编辑交易",
+    "New Transaction": "添加交易",
+    "Tag - Tooltip": "交易的标签"
+  },
  "user": {
    "3rd-party logins": "第三方登录",
    "3rd-party logins - Tooltip": "用户所绑定的社会化登录",
@ -1142,6 +1158,8 @@
    "Is user extended - Tooltip": "是否在JSON里加入用户的扩展字段",
    "Method - Tooltip": "HTTP方法",
    "New Webhook": "添加Webhook",
+    "Single org only": "仅本组织",
+    "Single org only - Tooltip": "仅在Webhook所在组织触发",
    "Value": "值"
  }
 }
--- a/web/src/table/AccountTable.js
+++ b/web/src/table/AccountTable.js
@ -105,6 +105,7 @@ class AccountTable extends React.Component {
      {name: "Multi-factor authentication", label: i18next.t("user:Multi-factor authentication")},
      {name: "WebAuthn credentials", label: i18next.t("user:WebAuthn credentials")},
      {name: "Managed accounts", label: i18next.t("user:Managed accounts")},
+      {name: "Face ID", label: i18next.t("user:Face ID")},
    ];
  };

--- a/web/src/table/FaceIdTable.js
+++ b/web/src/table/FaceIdTable.js
@ -0,0 +1,134 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React, {Suspense, lazy} from "react";
+import {Button, Col, Input, Row, Table} from "antd";
+import i18next from "i18next";
+import * as Setting from "../Setting";
+const FaceRecognitionModal = lazy(() => import("../common/modal/FaceRecognitionModal"));
+
+class FaceIdTable extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      openFaceRecognitionModal: false,
+    };
+  }
+
+  updateTable(table) {
+    this.props.onUpdateTable(table);
+  }
+
+  updateField(table, index, key, value) {
+    table[index][key] = value;
+    this.updateTable(table);
+  }
+
+  deleteRow(table, i) {
+    table = Setting.deleteRow(table, i);
+    this.updateTable(table);
+  }
+
+  addFaceId(table, faceIdData) {
+    const faceId = {
+      name: Setting.getRandomName(),
+      faceIdData: faceIdData,
+    };
+    if (table === undefined || table === null) {
+      table = [];
+    }
+    table = Setting.addRow(table, faceId);
+    this.updateTable(table);
+  }
+
+  renderTable(table) {
+    const columns = [
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "200px",
+        render: (text, record, index) => {
+          return (
+            <Input defaultValue={text} onChange={e => {
+              this.updateField(table, index, "name", e.target.value);
+            }} />
+          );
+        },
+      },
+      {
+        title: i18next.t("general:FaceIdData"),
+        dataIndex: "faceIdData",
+        key: "faceIdData",
+        render: (text, record, index) => {
+          const front = text.slice(0, 3).join(", ");
+          const back = text.slice(-3).join(", ");
+          return "[" + front + " ... " + back + "]";
+        },
+      },
+      {
+        title: i18next.t("general:Action"),
+        key: "action",
+        width: "100px",
+        render: (text, record, index) => {
+          return (
+            <Button style={{marginTop: "5px", marginBottom: "5px", marginRight: "5px"}} type="primary" danger onClick={() => {this.deleteRow(table, index);}}>
+              {i18next.t("general:Delete")}
+            </Button>
+          );
+        },
+      },
+    ];
+
+    return (
+      <Table scroll={{x: "max-content"}} columns={columns} dataSource={this.props.table} size="middle" bordered pagination={false}
+        title={() => (
+          <div>
+            {i18next.t("user:Face ids")}&nbsp;&nbsp;&nbsp;&nbsp;
+            <Button disabled={this.props.table?.length >= 5} style={{marginRight: "5px"}} type="primary" size="small" onClick={() => this.setState({openFaceRecognitionModal: true})}>
+              {i18next.t("general:Add Face Id")}
+            </Button>
+            <Suspense fallback={null}>
+              <FaceRecognitionModal
+                visible={this.state.openFaceRecognitionModal}
+                onOk={(faceIdData) => {
+                  this.addFaceId(table, faceIdData);
+                  this.setState({openFaceRecognitionModal: false});
+                }}
+                onCancel={() => this.setState({openFaceRecognitionModal: false})}
+              />
+            </Suspense>
+          </div>
+        )}
+      />
+    );
+  }
+
+  render() {
+    return (
+      <div>
+        <Row style={{marginTop: "20px"}}>
+          <Col span={24}>
+            {
+              this.renderTable(this.props.table)
+            }
+          </Col>
+        </Row>
+      </div>
+    );
+  }
+}
+
+export default FaceIdTable;
--- a/web/src/table/ManagedAccountTable.js
+++ b/web/src/table/ManagedAccountTable.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {DeleteOutlined, DownOutlined, UpOutlined} from "@ant-design/icons";
+import {DeleteOutlined, DownOutlined, LinkOutlined, UpOutlined} from "@ant-design/icons";
 import {Button, Col, Input, Row, Select, Table, Tooltip} from "antd";
 import * as Setting from "../Setting";
 import i18next from "i18next";
@ -98,14 +98,27 @@ class ManagedAccountTable extends React.Component {
          );
        },
      },
+      {
+        title: i18next.t("general:Signin URL"),
+        dataIndex: "signinUrl",
+        key: "signinUrl",
+        // width: "420px",
+        render: (text, record, index) => {
+          return (
+            <Input prefix={<LinkOutlined />} value={text} onChange={e => {
+              this.updateField(table, index, "signinUrl", e.target.value);
+            }} />
+          );
+        },
+      },
      {
        title: i18next.t("signup:Username"),
        dataIndex: "username",
        key: "username",
-        width: "420px",
+        width: "200px",
        render: (text, record, index) => {
          return (
-            <Input defaultValue={text} onChange={e => {
+            <Input value={text} onChange={e => {
              this.updateField(table, index, "username", e.target.value);
            }} />
          );
@ -115,10 +128,10 @@ class ManagedAccountTable extends React.Component {
        title: i18next.t("general:Password"),
        dataIndex: "password",
        key: "password",
-        width: "420px",
+        width: "200px",
        render: (text, record, index) => {
          return (
-            <Input defaultValue={text} onChange={e => {
+            <Input.Password value={text} onChange={e => {
              this.updateField(table, index, "password", e.target.value);
            }} />
          );
--- a/web/src/table/SigninMethodTable.js
+++ b/web/src/table/SigninMethodTable.js
@ -71,6 +71,7 @@ class SigninMethodTable extends React.Component {
      {name: "Verification code", displayName: i18next.t("login:Verification code")},
      {name: "WebAuthn", displayName: i18next.t("login:WebAuthn")},
      {name: "LDAP", displayName: i18next.t("login:LDAP")},
+      {name: "Face ID", displayName: i18next.t("login:Face ID")},
    ];
    const columns = [
      {
--- a/web/src/table/SigninTable.js
+++ b/web/src/table/SigninTable.js
@ -178,7 +178,7 @@ class SigninTable extends React.Component {
        },
      },
      {
-        title: i18next.t("application:Form CSS"),
+        title: i18next.t("application:Custom CSS"),
        dataIndex: "label",
        key: "label",
        width: "200px",
--- a/web/yarn.lock
+++ b/web/yarn.lock
@ -3718,6 +3718,18 @@
    "@svgr/plugin-svgo" "^5.5.0"
    loader-utils "^2.0.0"

+"@tensorflow/tfjs-core@1.7.0":
+  version "1.7.0"
+  resolved "https://registry.yarnpkg.com/@tensorflow/tfjs-core/-/tfjs-core-1.7.0.tgz#9207c8f2481c52a6a40135a6aaf21a9bb0339bdf"
+  integrity sha512-uwQdiklNjqBnHPeseOdG0sGxrI3+d6lybaKu2+ou3ajVeKdPEwpWbgqA6iHjq1iylnOGkgkbbnQ6r2lwkiIIHw==
+  dependencies:
+    "@types/offscreencanvas" "~2019.3.0"
+    "@types/seedrandom" "2.4.27"
+    "@types/webgl-ext" "0.0.30"
+    "@types/webgl2" "0.0.4"
+    node-fetch "~2.1.2"
+    seedrandom "2.4.3"
+
 "@testing-library/dom@*":
  version "9.3.1"
  resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-9.3.1.tgz#8094f560e9389fb973fe957af41bf766937a9ee9"
@ -4026,6 +4038,11 @@
  resolved "https://registry.yarnpkg.com/@types/normalize-package-data/-/normalize-package-data-2.4.1.tgz#d3357479a0fdfdd5907fe67e17e0a85c906e1301"
  integrity sha512-Gj7cI7z+98M282Tqmp2K5EIsoouUEzbBJhQQzDE3jSIRk6r9gsz0oUokqIUR4u1R3dMHo0pDHM7sNOHyhulypw==

+"@types/offscreencanvas@~2019.3.0":
+  version "2019.3.0"
+  resolved "https://registry.yarnpkg.com/@types/offscreencanvas/-/offscreencanvas-2019.3.0.tgz#3336428ec7e9180cf4566dfea5da04eb586a6553"
+  integrity sha512-esIJx9bQg+QYF0ra8GnvfianIY8qWB0GBx54PK5Eps6m+xTj86KLavHv6qDhzKcu5UUOgNfJ2pWaIIV7TRUd9Q==
+
 "@types/parse-json@^4.0.0":
  version "4.0.0"
  resolved "https://registry.yarnpkg.com/@types/parse-json/-/parse-json-4.0.0.tgz#2f8bb441434d163b35fb8ffdccd7138927ffb8c0"
@ -4089,6 +4106,11 @@
  resolved "https://registry.yarnpkg.com/@types/scheduler/-/scheduler-0.16.3.tgz#cef09e3ec9af1d63d2a6cc5b383a737e24e6dcf5"
  integrity sha512-5cJ8CB4yAx7BH1oMvdU0Jh9lrEXyPkar6F9G/ERswkCuvP4KQZfZkSjcMbAICCpQTN4OuZn8tz0HiKv9TGZgrQ==

+"@types/seedrandom@2.4.27":
+  version "2.4.27"
+  resolved "https://registry.yarnpkg.com/@types/seedrandom/-/seedrandom-2.4.27.tgz#9db563937dd86915f69092bc43259d2f48578e41"
+  integrity sha512-YvMLqFak/7rt//lPBtEHv3M4sRNA+HGxrhFZ+DQs9K2IkYJbNwVIb8avtJfhDiuaUBX/AW0jnjv48FV8h3u9bQ==
+
 "@types/semver@^7.3.12":
  version "7.5.0"
  resolved "https://registry.yarnpkg.com/@types/semver/-/semver-7.5.0.tgz#591c1ce3a702c45ee15f47a42ade72c2fd78978a"
@ -4168,6 +4190,16 @@
  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.3.tgz#a136f83b0758698df454e328759dbd3d44555311"
  integrity sha512-NfQ4gyz38SL8sDNrSixxU2Os1a5xcdFxipAFxYEuLUlvU2uDwS4NUpsImcf1//SlWItCVMMLiylsxbmNMToV/g==

+"@types/webgl-ext@0.0.30":
+  version "0.0.30"
+  resolved "https://registry.yarnpkg.com/@types/webgl-ext/-/webgl-ext-0.0.30.tgz#0ce498c16a41a23d15289e0b844d945b25f0fb9d"
+  integrity sha512-LKVgNmBxN0BbljJrVUwkxwRYqzsAEPcZOe6S2T6ZaBDIrFp0qu4FNlpc5sM1tGbXUYFgdVQIoeLk1Y1UoblyEg==
+
+"@types/webgl2@0.0.4":
+  version "0.0.4"
+  resolved "https://registry.yarnpkg.com/@types/webgl2/-/webgl2-0.0.4.tgz#c3b0f9d6b465c66138e84e64cb3bdf8373c2c279"
+  integrity sha512-PACt1xdErJbMUOUweSrbVM7gSIYm1vTncW2hF6Os/EeWi6TXYAYMPp+8v6rzHmypE5gHrxaxZNXgMkJVIdZpHw==
+
 "@types/ws@^7.4.4":
  version "7.4.7"
  resolved "https://registry.yarnpkg.com/@types/ws/-/ws-7.4.7.tgz#f7c390a36f7a0679aa69de2d501319f4f8d9b702"
@ -7720,6 +7752,14 @@ eyes@^0.1.8:
  resolved "https://registry.yarnpkg.com/eyes/-/eyes-0.1.8.tgz#62cf120234c683785d902348a800ef3e0cc20bc0"
  integrity sha512-GipyPsXO1anza0AOZdy69Im7hGFCNB7Y/NGjDlZGJ3GJJLtwNSb2vrzYrTYJRrRloVx7pl+bhUaTB8yiccPvFQ==

+face-api.js@^0.22.2:
+  version "0.22.2"
+  resolved "https://registry.yarnpkg.com/face-api.js/-/face-api.js-0.22.2.tgz#5accbf7e53b1569685d116a7e18dbc4800770d39"
+  integrity sha512-9Bbv/yaBRTKCXjiDqzryeKhYxmgSjJ7ukvOvEBy6krA0Ah/vNBlsf7iBNfJljWiPA8Tys1/MnB3lyP2Hfmsuyw==
+  dependencies:
+    "@tensorflow/tfjs-core" "1.7.0"
+    tslib "^1.11.1"
+
 fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3:
  version "3.1.3"
  resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525"
@ -10493,6 +10533,11 @@ node-fetch@^2.6.12:
  dependencies:
    whatwg-url "^5.0.0"

+node-fetch@~2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.1.2.tgz#ab884e8e7e57e38a944753cec706f788d1768bb5"
+  integrity sha512-IHLHYskTc2arMYsHZH82PVX8CSKT5lzb7AXeyO06QnjGDKtkv+pv3mEki6S7reB/x1QPo+YPxQRNEVgR5V/w3Q==
+
 node-forge@^1:
  version "1.3.1"
  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.1.tgz#be8da2af243b2417d5f646a770663a92b7e9ded3"
@ -12620,6 +12665,11 @@ react-social-login-buttons@^3.4.0:
  resolved "https://registry.yarnpkg.com/react-social-login-buttons/-/react-social-login-buttons-3.9.1.tgz#c0595ac314a09e4d6024134ff0cc9901879179ff"
  integrity sha512-KtucVWvdnIZ0icG99WJ3usQUJYmlKsOIBYGyngcuNSVyyYdZtif4KHY80qnCg+teDlgYr54ToQtg3x26ZqaS2w==

+react-webcam@^7.2.0:
+  version "7.2.0"
+  resolved "https://registry.yarnpkg.com/react-webcam/-/react-webcam-7.2.0.tgz#64141c4c7bdd3e956620500187fa3fcc77e1fd49"
+  integrity sha512-xkrzYPqa1ag2DP+2Q/kLKBmCIfEx49bVdgCCCcZf88oF+0NPEbkwYk3/s/C7Zy0mhM8k+hpdNkBLzxg8H0aWcg==
+
 react@^18.2.0:
  version "18.2.0"
  resolved "https://registry.yarnpkg.com/react/-/react-18.2.0.tgz#555bd98592883255fa00de14f1151a917b5d77d5"
@ -13073,6 +13123,11 @@ scrypt-js@3.0.1:
  resolved "https://registry.yarnpkg.com/scrypt-js/-/scrypt-js-3.0.1.tgz#d314a57c2aef69d1ad98a138a21fe9eafa9ee312"
  integrity sha512-cdwTTnqPu0Hyvf5in5asVdZocVDTNRmR7XEcJuIzMjJeSHybHl7vpB66AzwTaIg6CLSbtjcxc8fqcySfnTkccA==

+seedrandom@2.4.3:
+  version "2.4.3"
+  resolved "https://registry.yarnpkg.com/seedrandom/-/seedrandom-2.4.3.tgz#2438504dad33917314bff18ac4d794f16d6aaecc"
+  integrity sha512-2CkZ9Wn2dS4mMUWQaXLsOAfGD+irMlLEeSP3cMxpGbgyOOzJGFa+MWCOMTOCMyZinHRPxyOj/S/C57li/1to6Q==
+
 select-hose@^2.0.0:
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/select-hose/-/select-hose-2.0.0.tgz#625d8658f865af43ec962bfc376a37359a4994ca"
@ -14211,7 +14266,7 @@ tslib@2.3.0:
  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.3.0.tgz#803b8cdab3e12ba581a4ca41c8839bbb0dacb09e"
  integrity sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==

-tslib@^1.8.1, tslib@^1.9.0:
+tslib@^1.11.1, tslib@^1.8.1, tslib@^1.9.0:
  version "1.14.1"
  resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00"
  integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==
Author	SHA1	Message	Date
HGZ-20	391a533ce1	feat: add "Face ID" login method (#2782 ) Face Login via face-api.js	2024-03-16 09:04:00 +08:00
Will.Feng	57431a59ad	fix: Ensure /api/get-app-login Returns Captcha Provider for Applications Configured with Captcha (#2800 ) In LoginPage.js, the line 92:const captchaProviderItems = this.getCaptchaProviderItems(this.props.application); captchaProviderItems have no Captcha Provider.	2024-03-15 19:56:12 +08:00
Yang Luo	88a4736520	feat: fix GetDashboard() page	2024-03-15 19:52:19 +08:00
xiao-kong-long	2cb6ff69ae	fix: show selected organizations' statistics in dashboard page (#2805 ) * fix: show selected organizations' statistics in dashboard page * Update get-dashboard.go * Update saml_idp.go --------- Co-authored-by: Eric Luo <hsluoyz@qq.com>	2024-03-15 19:36:39 +08:00
leon.zhao	e1e5943a3e	fix: fix the issue of adding xmlns="" when generating XML (#2799 ) * fix:solve the problem of adding xmlns="" when generating XML * fix:remove fmt.Println * Update saml_idp.go --------- Co-authored-by: zhaoxianfei <zhaoxianfei@meiqia.cn> Co-authored-by: Eric Luo <hsluoyz@qq.com>	2024-03-13 23:59:05 +08:00
DacongDA	3875896c1e	feat: support custom header logo (#2801 ) * feat: support custom header logo * feat: add i18n * feat: preview default logo when field is empty * feat: improve logo setting and display logic * feat: change logoLight to logo	2024-03-13 23:33:43 +08:00
DacongDA	7e2f265420	feat: improve organization select UI (#2798 )	2024-03-12 19:39:53 +08:00
Yang Luo	53ef179e9b	Set Webhook.Url length to 200	2024-03-11 18:18:01 +08:00
Yang Luo	376ef0ed14	feat: support custom Email content in /send-email API	2024-03-11 11:48:00 +08:00
Yang Luo	ca183be336	Improve ManagedAccountTable UI	2024-03-11 00:13:34 +08:00
Yang Luo	e5da57a005	feat: fix cert's ES options	2024-03-10 19:30:05 +08:00
Yang Luo	e4e225db32	Use "ES512" value	2024-03-10 19:25:41 +08:00
Yang Luo	a1add992ee	Support legacy "RSA" value	2024-03-10 19:23:54 +08:00
Yang Luo	2aac265ed4	Improve populateContent()	2024-03-10 18:58:53 +08:00
xiao-kong-long	2dc755f529	fix: add more cert algorithms like ES256 and PS256 (#2793 )	2024-03-10 18:39:41 +08:00
Yang Luo	0dd474d5fc	feat: fix public profile page shows blank page bug	2024-03-10 14:12:24 +08:00
Yang Luo	6998451e97	fix: support roles and permissions in /userinfo API	2024-03-10 12:34:56 +08:00
Yang Luo	9175e5b664	Fix bug in GetMaskedEmail()	2024-03-10 11:49:55 +08:00
DacongDA	dbc6b0dc45	feat: fix issue that forget password page fails to redirect back to signin page (#2792 )	2024-03-10 09:55:44 +08:00
Yang Luo	31b7000f6a	fix: enable the only language for login page	2024-03-09 11:28:23 +08:00
DacongDA	d25eaa65cd	feat: support custom page footer (#2790 )	2024-03-08 23:11:03 +08:00
Yang Luo	f5bcd00652	Add language to records page	2024-03-08 23:03:30 +08:00
Yang Luo	0d5f49e40a	fix: fix GetResources() bug for app users	2024-03-08 16:15:31 +08:00
Yang Luo	3527e070a0	Fix my account page UI	2024-03-08 15:18:18 +08:00
Yang Luo	0108b58db4	Return status 200 for unauthorized operation, revert commit: `2fd2d88d20`	2024-03-08 15:11:25 +08:00
Yang Luo	976b5766a5	feat: refactor out token_oauth.go	2024-03-08 15:03:28 +08:00
Yang Luo	a92d20162a	feat: show all resources for org admin	2024-03-08 15:03:03 +08:00
Yang Luo	204b1c2b8c	Fix resource page link error	2024-03-08 14:44:39 +08:00
Yang Luo	49fb269170	Improve error handling for GetSamlResponse()	2024-03-08 02:17:50 +08:00
Yang Luo	c532a5d54d	Remove suspense fallback loading.	2024-03-07 23:21:25 +08:00
DacongDA	89df80baca	feat: remove loading fallback in Suspense and use spin to display (#2780 )	2024-03-06 20:30:54 +08:00
DacongDA	d988ac814c	fix: fix account items display error (#2781 )	2024-03-06 20:30:34 +08:00
Yang Luo	e4b25055d5	Improve isAllowedInDemoMode()	2024-03-06 02:17:28 +08:00
DacongDA	4123d47174	feat: callback will jump to blank page when from param start with "http" (#2778 )	2024-03-06 01:07:52 +08:00
Yang Luo	fbdd5a926d	Fix normal user my-account page blank bug	2024-03-06 01:07:28 +08:00
xiao-kong-long	92b6fda0f6	feat: support more objects in init_data JSON (#2776 )	2024-03-05 23:41:46 +08:00
DacongDA	6a7ac35e65	fix: fix wechat media account can not bind issue (#2774 ) * fix: fix wechat media account can not bind * fix: improve code format	2024-03-05 18:46:28 +08:00
DacongDA	fc137b9f76	feat: fix custom JS doesn't reload after refresh bug (#2773 )	2024-03-05 15:03:25 +08:00
DacongDA	11dbd5ba9a	fix: fix duplicated load bug of custom JS (#2771 )	2024-03-05 00:09:37 +08:00
Yang Luo	19942a8bd4	Add webhook.SingleOrgOnly	2024-03-04 21:14:52 +08:00
Yang Luo	f9ee8a68cb	Support Chrome extension redirecting	2024-03-04 18:31:56 +08:00
Ron	f241336ad7	feat: add OSON SMS provider (#2769 ) * implemented SMS provider 'OSON SMS' for frontend * feat: add 'OSON SMS' provider for frontend	2024-03-04 01:05:53 +08:00
Yang Luo	8b64d113fb	Upgrade go-sms-sender dependency to 0.20.0	2024-03-04 01:05:28 +08:00
DacongDA	a8800c4d5c	fix: add missing / for style tag in signin items (#2768 )	2024-03-03 23:46:57 +08:00
Yang Luo	75fc9ab9f7	Improve GetMaskedApplication()'s logic	2024-03-03 22:01:49 +08:00
Yang Luo	d06da76c3d	feat: fix bug in /get-organization-applications API	2024-03-03 21:08:36 +08:00
Yang Luo	bc399837cc	Rename label to "Custom CSS"	2024-03-03 20:45:14 +08:00
Yang Luo	265abfe102	fix: handle error in storage.GetStorageProvider()	2024-03-03 18:18:54 +08:00
DacongDA	12acb24dbc	feat: add transaction pages (#2761 )	2024-03-02 10:41:16 +08:00
Yang Luo	ba1ddc7e50	fix: admin can modify user ID now	2024-02-28 18:07:53 +08:00
Yang Luo	59e07a35aa	Add balance to user	2024-02-28 16:54:30 +08:00
DacongDA	cabe830f55	feat: use dynamic import to load web3Auth (#2757 ) * feat: use dynamic import to load web3Auth and success reduce the size of signin page to 720KB when web3 idp disabled * feat: avoid frequent import in OAuthWidget.js which may cause e2e test EPIPE error * feat: remove import may cause e2e error * feat: remove import may cause e2e error * feat: remove bug may cause e2e error * feat: try use chrome in ci/cd instead of electron to solve e2e error	2024-02-28 15:58:04 +08:00
DacongDA	78af5daec3	feat: use resourcesToBackend to load i18n files (#2755 )	2024-02-28 01:43:55 +08:00