fix: some minor bugs and make Dockerfile more productive. (#831)

* fix: some minor bugs and make Dockerfile more productive.

* fix: make GitHub CI configuration support build image with STANDARD target.

* fix: Naming the base stage in multi-stage builds with lowercase letters to support various operating systems.

* fix: copy swagger to the image as well.

.github/workflows/build.yml

@@ -114,6 +114,7 @@ jobs:
         uses: docker/build-push-action@v2
         if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
+          target: STANDARD
           push: true
           tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest
 

Dockerfile

@@ -1,8 +1,3 @@
-FROM golang:1.17.5 AS BACK
-WORKDIR /go/src/casdoor
-COPY . .
-RUN ./build.sh && apt update && apt install wait-for-it && chmod +x /usr/bin/wait-for-it
-
 FROM node:16.13.0 AS FRONT
 WORKDIR /web
 COPY ./web .
@@ -10,28 +5,43 @@ RUN yarn config set registry https://registry.npmmirror.com
 RUN yarn install && yarn run build
 
 
-FROM debian:latest AS ALLINONE
-RUN apt update
-RUN apt install -y ca-certificates && update-ca-certificates
-RUN apt install -y mariadb-server mariadb-client && mkdir -p web/build && chmod 777 /tmp
-LABEL MAINTAINER="https://casdoor.org/"
-COPY --from=BACK /go/src/casdoor/ ./
-COPY --from=BACK /usr/bin/wait-for-it ./
-COPY --from=FRONT /web/build /web/build
-CMD chmod 777 /tmp && service mariadb start&&\
-if [ "${MYSQL_ROOT_PASSWORD}" = "" ] ;then MYSQL_ROOT_PASSWORD=123456 ; fi&&\
-mysqladmin -u root password ${MYSQL_ROOT_PASSWORD} &&\
-./wait-for-it localhost:3306 -- ./server --createDatabase=true
+FROM golang:1.17.5 AS BACK
+WORKDIR /go/src/casdoor
+COPY . .
+RUN ./build.sh
 
 
-FROM alpine:latest
-RUN sed -i 's/https/http/' /etc/apk/repositories
-RUN apk add curl
-RUN apk add ca-certificates && update-ca-certificates
+FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
 
-COPY --from=BACK /go/src/casdoor/ ./
-COPY --from=BACK /usr/bin/wait-for-it ./
-RUN mkdir -p web/build && apk add --no-cache bash coreutils
-COPY --from=FRONT /web/build /web/build
-CMD  ./server
+WORKDIR /app
+COPY --from=BACK /go/src/casdoor/server ./server
+COPY --from=BACK /go/src/casdoor/swagger ./swagger
+COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
+COPY --from=FRONT /web/build ./web/build
+VOLUME /app/files /app/logs
+ENTRYPOINT ["/app/server"]
+
+
+FROM debian:latest AS db
+RUN apt update \
+    && apt install -y \
+        mariadb-server \
+        mariadb-client \
+    && rm -rf /var/lib/apt/lists/*
+
+
+FROM db AS ALLINONE
+LABEL MAINTAINER="https://casdoor.org/"
+
+ENV MYSQL_ROOT_PASSWORD=123456
+
+WORKDIR /app
+COPY --from=BACK /go/src/casdoor/server ./server
+COPY --from=BACK /go/src/casdoor/swagger ./swagger
+COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
+COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
+COPY --from=FRONT /web/build ./web/build
+
+ENTRYPOINT ["/bin/bash"]
+CMD ["/docker-entrypoint.sh"]

captcha/aliyun.go

@@ -0,0 +1,105 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package captcha
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/casdoor/casdoor/util"
+)
+
+const AliyunCaptchaVerifyUrl = "http://afs.aliyuncs.com"
+
+type AliyunCaptchaProvider struct {
+}
+
+func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
+	captcha := &AliyunCaptchaProvider{}
+	return captcha
+}
+
+func contentEscape(str string) string {
+	str = strings.Replace(str, " ", "%20", -1)
+	str = url.QueryEscape(str)
+	return str
+}
+
+func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+	pathData, err := url.ParseQuery(token)
+	if err != nil {
+		return false, err
+	}
+
+	pathData["Action"] = []string{"AuthenticateSig"}
+	pathData["Format"] = []string{"json"}
+	pathData["SignatureMethod"] = []string{"HMAC-SHA1"}
+	pathData["SignatureNonce"] = []string{strconv.FormatInt(time.Now().UnixNano(), 10)}
+	pathData["SignatureVersion"] = []string{"1.0"}
+	pathData["Timestamp"] = []string{time.Now().UTC().Format("2006-01-02T15:04:05Z")}
+	pathData["Version"] = []string{"2018-01-12"}
+
+	var keys []string
+	for k := range pathData {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	sortQuery := ""
+	for _, k := range keys {
+		sortQuery += k + "=" + contentEscape(pathData[k][0]) + "&"
+	}
+	sortQuery = strings.TrimSuffix(sortQuery, "&")
+
+	stringToSign := fmt.Sprintf("GET&%s&%s", url.QueryEscape("/"), url.QueryEscape(sortQuery))
+
+	signature := util.GetHmacSha1(clientSecret+"&", stringToSign)
+
+	resp, err := http.Get(fmt.Sprintf("%s?%s&Signature=%s", AliyunCaptchaVerifyUrl, sortQuery, url.QueryEscape(signature)))
+	if err != nil {
+		return false, err
+	}
+
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return false, err
+	}
+
+	type captchaResponse struct {
+		Code int    `json:"Code"`
+		Msg  string `json:"Msg"`
+	}
+	captchaResp := &captchaResponse{}
+
+	err = json.Unmarshal(body, captchaResp)
+	if err != nil {
+		return false, err
+	}
+
+	if captchaResp.Code != 100 {
+		return false, errors.New(captchaResp.Msg)
+	}
+
+	return true, nil
+}

captcha/provider.go

@@ -25,6 +25,8 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 		return NewReCaptchaProvider()
 	} else if captchaType == "hCaptcha" {
 		return NewHCaptchaProvider()
+	} else if captchaType == "Aliyun Captcha" {
+		return NewAliyunCaptchaProvider()
 	}
 	return nil
 }

controllers/account.go

@@ -76,13 +76,16 @@ type Response struct {
 }
 
 type Captcha struct {
-	Type         string `json:"type"`
-	AppKey       string `json:"appKey"`
-	Scene        string `json:"scene"`
-	CaptchaId    string `json:"captchaId"`
-	CaptchaImage []byte `json:"captchaImage"`
-	ClientId     string `json:"clientId"`
-	ClientSecret string `json:"clientSecret"`
+	Type          string `json:"type"`
+	AppKey        string `json:"appKey"`
+	Scene         string `json:"scene"`
+	CaptchaId     string `json:"captchaId"`
+	CaptchaImage  []byte `json:"captchaImage"`
+	ClientId      string `json:"clientId"`
+	ClientSecret  string `json:"clientSecret"`
+	ClientId2     string `json:"clientId2"`
+	ClientSecret2 string `json:"clientSecret2"`
+	SubType       string `json:"subType"`
 }
 
 // Signup
@@ -313,7 +316,14 @@ func (c *ApiController) GetCaptcha() {
 			c.ResponseOk(Captcha{Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
 			return
 		} else if captchaProvider.Type != "" {
-			c.ResponseOk(Captcha{Type: captchaProvider.Type, ClientId: captchaProvider.ClientId, ClientSecret: captchaProvider.ClientSecret})
+			c.ResponseOk(Captcha{
+				Type:          captchaProvider.Type,
+				SubType:       captchaProvider.SubType,
+				ClientId:      captchaProvider.ClientId,
+				ClientSecret:  captchaProvider.ClientSecret,
+				ClientId2:     captchaProvider.ClientId2,
+				ClientSecret2: captchaProvider.ClientSecret2,
+			})
 			return
 		}
 	}

docker-compose.yml

@@ -5,6 +5,7 @@ services:
     build:
       context: ./
       dockerfile: Dockerfile
+      target: STANDARD
     entrypoint: /bin/sh -c './server --createDatabase=true'
     ports:
       - "8000:8000"

docker-entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+service mariadb start
+
+mysqladmin -u root password ${MYSQL_ROOT_PASSWORD}
+
+exec /app/server --createDatabase=true

object/application.go

@@ -46,6 +46,7 @@ type Application struct {
 	EnableSignUp        bool            `json:"enableSignUp"`
 	EnableSigninSession bool            `json:"enableSigninSession"`
 	EnableCodeSignin    bool            `json:"enableCodeSignin"`
+	EnableSamlCompress  bool            `json:"enableSamlCompress"`
 	Providers           []*ProviderItem `xorm:"mediumtext" json:"providers"`
 	SignupItems         []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
 	GrantTypes          []string        `xorm:"varchar(1000)" json:"grantTypes"`

object/init.go

@@ -104,7 +104,7 @@ func initBuiltInUser() {
 		IsGlobalAdmin:     true,
 		IsForbidden:       false,
 		IsDeleted:         false,
-		SignupApplication: "built-in-app",
+		SignupApplication: "app-built-in",
 		CreatedIp:         "127.0.0.1",
 		Properties:        make(map[string]string),
 	}

object/saml_idp.go

@@ -36,7 +36,7 @@ import (
 )
 
 //returns a saml2 response
-func NewSamlResponse(user *User, host string, publicKey string, destination string, iss string, redirectUri []string) (*etree.Element, error) {
+func NewSamlResponse(user *User, host string, publicKey string, destination string, iss string, requestId string, redirectUri []string) (*etree.Element, error) {
 	samlResponse := &etree.Element{
 		Space: "samlp",
 		Tag:   "Response",
@@ -51,7 +51,7 @@ func NewSamlResponse(user *User, host string, publicKey string, destination stri
 	samlResponse.CreateAttr("Version", "2.0")
 	samlResponse.CreateAttr("IssueInstant", now)
 	samlResponse.CreateAttr("Destination", destination)
-	samlResponse.CreateAttr("InResponseTo", fmt.Sprintf("_%s", arId))
+	samlResponse.CreateAttr("InResponseTo", requestId)
 	samlResponse.CreateElement("saml:Issuer").SetText(host)
 
 	samlResponse.CreateElement("samlp:Status").CreateElement("samlp:StatusCode").CreateAttr("Value", "urn:oasis:names:tc:SAML:2.0:status:Success")
@@ -68,7 +68,7 @@ func NewSamlResponse(user *User, host string, publicKey string, destination stri
 	subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
 	subjectConfirmation.CreateAttr("Method", "urn:oasis:names:tc:SAML:2.0:cm:bearer")
 	subjectConfirmationData := subjectConfirmation.CreateElement("saml:SubjectConfirmationData")
-	subjectConfirmationData.CreateAttr("InResponseTo", fmt.Sprintf("_%s", arId))
+	subjectConfirmationData.CreateAttr("InResponseTo", requestId)
 	subjectConfirmationData.CreateAttr("Recipient", destination)
 	subjectConfirmationData.CreateAttr("NotOnOrAfter", expireTime)
 	condition := assertion.CreateElement("saml:Conditions")
@@ -225,14 +225,15 @@ func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, e
 	return &d, nil
 }
 
-//GenerateSamlResponse generates a SAML2.0 response
-//parameter samlRequest is saml request in base64 format
+// GetSamlResponse generates a SAML2.0 response
+// parameter samlRequest is saml request in base64 format
 func GetSamlResponse(application *Application, user *User, samlRequest string, host string) (string, string, error) {
-	//decode samlRequest
+	// base64 decode
 	defated, err := base64.StdEncoding.DecodeString(samlRequest)
 	if err != nil {
 		return "", "", fmt.Errorf("err: %s", err.Error())
 	}
+	// decompress
 	var buffer bytes.Buffer
 	rdr := flate.NewReader(bytes.NewReader(defated))
 	io.Copy(&buffer, rdr)
@@ -241,20 +242,21 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	if err != nil {
 		return "", "", fmt.Errorf("err: %s", err.Error())
 	}
-	//verify samlRequest
+
+	// verify samlRequest
 	if valid := CheckRedirectUriValid(application, authnRequest.Issuer.Url); !valid {
 		return "", "", fmt.Errorf("err: invalid issuer url")
 	}
 
-	//get publickey string
+	// get public key string
 	cert := getCertByApplication(application)
 	block, _ := pem.Decode([]byte(cert.PublicKey))
 	publicKey := base64.StdEncoding.EncodeToString(block.Bytes)
 
 	_, originBackend := getOriginFromHost(host)
 
-	//build signedResponse
-	samlResponse, _ := NewSamlResponse(user, originBackend, publicKey, authnRequest.AssertionConsumerServiceURL, authnRequest.Issuer.Url, application.RedirectUris)
+	// build signedResponse
+	samlResponse, _ := NewSamlResponse(user, originBackend, publicKey, authnRequest.AssertionConsumerServiceURL, authnRequest.Issuer.Url, authnRequest.ID, application.RedirectUris)
 	randomKeyStore := &X509Key{
 		PrivateKey:      cert.PrivateKey,
 		X509Certificate: publicKey,
@@ -270,15 +272,28 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 
 	doc := etree.NewDocument()
 	doc.SetRoot(samlResponse)
-	xmlStr, err := doc.WriteToString()
+	xmlBytes, err := doc.WriteToBytes()
 	if err != nil {
 		return "", "", fmt.Errorf("err: %s", err.Error())
 	}
-	res := base64.StdEncoding.EncodeToString([]byte(xmlStr))
+
+	// compress
+	if application.EnableSamlCompress {
+		flated := bytes.NewBuffer(nil)
+		writer, err := flate.NewWriter(flated, flate.DefaultCompression)
+		if err != nil {
+			return "", "", fmt.Errorf("err: %s", err.Error())
+		}
+		writer.Write(xmlBytes)
+		writer.Close()
+		xmlBytes = flated.Bytes()
+	}
+	// base64 encode
+	res := base64.StdEncoding.EncodeToString(xmlBytes)
 	return res, authnRequest.AssertionConsumerServiceURL, nil
 }
 
-//return a saml1.1 response(not 2.0)
+// NewSamlResponse11 return a saml1.1 response(not 2.0)
 func NewSamlResponse11(user *User, requestID string, host string) *etree.Element {
 	samlResponse := &etree.Element{
 		Space: "samlp",

proxy/proxy.go

@@ -76,7 +76,7 @@ func getProxyHttpClient() *http.Client {
 }
 
 func GetHttpClient(url string) *http.Client {
-	if strings.Contains(url, "githubusercontent.com") {
+	if strings.Contains(url, "githubusercontent.com") || strings.Contains(url, "googleusercontent.com") {
 		return ProxyHttpClient
 	} else {
 		return DefaultHttpClient

util/crypto.go

@@ -0,0 +1,30 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+	"encoding/base64"
+)
+
+func GetHmacSha1(keyStr, value string) string {
+	key := []byte(keyStr)
+	mac := hmac.New(sha1.New, key)
+	mac.Write([]byte(value))
+	res := base64.StdEncoding.EncodeToString(mac.Sum(nil))
+
+	return res
+}

web/src/ApplicationEditPage.js

@@ -474,6 +474,16 @@ class ApplicationEditPage extends React.Component {
             </Select>
           </Col>
         </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("application:Enable SAML compress"), i18next.t("application:Enable SAML compress - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.application.enableSamlCompress} onChange={checked => {
+              this.updateApplicationField('enableSamlCompress', checked);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: '20px'}} >
           <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("application:SAML metadata"), i18next.t("application:SAML metadata - Tooltip"))} :
@@ -484,6 +494,14 @@ class ApplicationEditPage extends React.Component {
               options={{mode: 'xml', theme: 'default'}}
               onBeforeChange={(editor, data, value) => {}}
             />
+            <br/>
+            <Button style={{marginBottom: "10px"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={() => {
+              copy(`${window.location.origin}/api/saml/metadata?application=admin/${encodeURIComponent(this.state.applicationName)}`);
+              Setting.showMessage("success", i18next.t("application:SAML metadata URL copied to clipboard successfully"));
+            }}
+            >
+              {i18next.t("application:Copy SAML metadata URL")}
+            </Button>
           </Col>
         </Row>
         <Row style={{marginTop: '20px'}} >

web/src/ApplicationListPage.js

@@ -35,6 +35,7 @@ class ApplicationListPage extends BaseListPage {
       enableSignUp: true,
       enableSigninSession: false,
       enableCodeSignin: false,
+      enableSamlCompress: false,
       providers: [
         {name: "provider_captcha_default", canSignUp: false, canSignIn: false, canUnlink: false, prompted: false, alertType: "None"},
       ],

web/src/PermissionListPage.js

@@ -93,7 +93,7 @@ class PermissionListPage extends BaseListPage {
         ...this.getColumnSearchProps('name'),
         render: (text, record, index) => {
           return (
-            <Link to={`/permissions/${text}`}>
+            <Link to={`/permissions/${record.owner}/${text}`}>
               {text}
             </Link>
           )

web/src/ProviderEditPage.js

@@ -81,7 +81,11 @@ class ProviderEditPage extends React.Component {
           return Setting.getLabel(i18next.t("provider:Client ID"), i18next.t("provider:Client ID - Tooltip"));
         }
       case "Captcha":
-        return Setting.getLabel(i18next.t("provider:Site key"), i18next.t("provider:Site key - Tooltip"));
+        if (this.state.provider.type === "Aliyun Captcha") {
+          return Setting.getLabel(i18next.t("provider:Access key"), i18next.t("provider:Access key - Tooltip"));
+        } else {
+          return Setting.getLabel(i18next.t("provider:Site key"), i18next.t("provider:Site key - Tooltip"));
+        }
       default:
         return Setting.getLabel(i18next.t("provider:Client ID"), i18next.t("provider:Client ID - Tooltip"));
     }
@@ -100,7 +104,11 @@ class ProviderEditPage extends React.Component {
           return Setting.getLabel(i18next.t("provider:Client secret"), i18next.t("provider:Client secret - Tooltip"));
         }
       case "Captcha":
-        return Setting.getLabel(i18next.t("provider:Secret key"), i18next.t("provider:Secret key - Tooltip"));
+        if (this.state.provider.type === "Aliyun Captcha") {
+          return Setting.getLabel(i18next.t("provider:Secret access key"), i18next.t("provider:SecretAccessKey - Tooltip"));
+        } else {
+          return Setting.getLabel(i18next.t("provider:Secret key"), i18next.t("provider:Secret key - Tooltip"));
+        }
       default:
         return Setting.getLabel(i18next.t("provider:Client secret"), i18next.t("provider:Client secret - Tooltip"));
     }
@@ -242,7 +250,7 @@ class ProviderEditPage extends React.Component {
           </Col>
         </Row>
         {
-          this.state.provider.type !== "WeCom" && this.state.provider.type !== "Infoflow" ? null : (
+          this.state.provider.type !== "WeCom" && this.state.provider.type !== "Infoflow" && this.state.provider.type !== "Aliyun Captcha" ? null : (
             <React.Fragment>
               <Row style={{marginTop: '20px'}} >
                 <Col style={{marginTop: '5px'}} span={2}>
@@ -378,11 +386,13 @@ class ProviderEditPage extends React.Component {
           )
         }
         {
-          this.state.provider.type !== "WeChat" ? null : (
+          this.state.provider.type !== "WeChat" && this.state.provider.type !== "Aliyun Captcha" ? null : (
             <React.Fragment>
               <Row style={{marginTop: '20px'}} >
                 <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
-                  {Setting.getLabel(i18next.t("provider:Client ID 2"), i18next.t("provider:Client ID 2 - Tooltip"))}
+                  {this.state.provider.type === "Aliyun Captcha"
+                    ? Setting.getLabel(i18next.t("provider:Scene"), i18next.t("provider:Scene - Tooltip"))
+                    : Setting.getLabel(i18next.t("provider:Client ID 2"), i18next.t("provider:Client ID 2 - Tooltip"))}
                 </Col>
                 <Col span={22} >
                   <Input value={this.state.provider.clientId2} onChange={e => {
@@ -392,7 +402,9 @@ class ProviderEditPage extends React.Component {
               </Row>
               <Row style={{marginTop: '20px'}} >
                 <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
-                  {Setting.getLabel(i18next.t("provider:Client secret 2"), i18next.t("provider:Client secret 2 - Tooltip"))}
+                  {this.state.provider.type === "Aliyun Captcha"
+                    ? Setting.getLabel(i18next.t("provider:App key"), i18next.t("provider:App key - Tooltip"))
+                    : Setting.getLabel(i18next.t("provider:Client secret 2"), i18next.t("provider:Client secret 2 - Tooltip"))}
                 </Col>
                 <Col span={22} >
                   <Input value={this.state.provider.clientSecret2} onChange={e => {
@@ -686,10 +698,13 @@ class ProviderEditPage extends React.Component {
                   providerName={this.state.providerName}
                   clientSecret={this.state.provider.clientSecret}
                   captchaType={this.state.provider.type}
+                  subType={this.state.provider.subType}
                   owner={this.state.provider.owner}
                   clientId={this.state.provider.clientId}
                   name={this.state.provider.name}
                   providerUrl={this.state.provider.providerUrl}
+                  clientId2={this.state.provider.clientId2}
+                  clientSecret2={this.state.provider.clientSecret2}
                 />
               </Col>
             </Row>

web/src/Setting.js

@@ -118,6 +118,10 @@ export const OtherProviderInfo = {
     "hCaptcha": {
       logo: `${StaticBaseUrl}/img/social_hcaptcha.png`,
       url: "https://www.hcaptcha.com",
+    },
+    "Aliyun Captcha": {
+      logo: `${StaticBaseUrl}/img/social_aliyun.png`,
+      url: "https://help.aliyun.com/product/28308.html",
     }
   }
 };
@@ -614,6 +618,7 @@ export function getProviderTypeOptions(category) {
       {id: 'Default', name: 'Default'},
       {id: 'reCAPTCHA', name: 'reCAPTCHA'},
       {id: 'hCaptcha', name: 'hCaptcha'},
+      {id: 'Aliyun Captcha', name: 'Aliyun Captcha'},
     ]);
   } else {
     return [];
@@ -628,6 +633,11 @@ export function getProviderSubTypeOptions(type) {
         {id: 'Third-party', name: 'Third-party'},
       ]
     );
+  } else if (type === "Aliyun Captcha") {
+    return [
+      {id: 'nc', name: 'Sliding Validation'},
+      {id: 'ic', name: 'Intelligent Validation'},
+    ];
   } else {
     return [];
   }

web/src/common/CaptchaPreview.js

@@ -20,18 +20,27 @@ import * as ProviderBackend from "../backend/ProviderBackend";
 import { SafetyOutlined } from "@ant-design/icons";
 import { CaptchaWidget } from "./CaptchaWidget";
 
-export const CaptchaPreview = ({ provider, providerName, clientSecret, captchaType, owner, clientId, name, providerUrl }) => {
+export const CaptchaPreview = ({
+  provider,
+  providerName,
+  clientSecret,
+  captchaType,
+  subType,
+  owner,
+  clientId,
+  name,
+  providerUrl,
+  clientId2,
+  clientSecret2,
+}) => {
   const [visible, setVisible] = React.useState(false);
   const [captchaImg, setCaptchaImg] = React.useState("");
   const [captchaToken, setCaptchaToken] = React.useState("");
   const [secret, setSecret] = React.useState(clientSecret);
+  const [secret2, setSecret2] = React.useState(clientSecret2);
 
   const handleOk = () => {
-    UserBackend.verifyCaptcha(
-      captchaType,
-      captchaToken,
-      secret
-    ).then(() => {
+    UserBackend.verifyCaptcha(captchaType, captchaToken, secret).then(() => {
       setCaptchaToken("");
       setVisible(false);
     });
@@ -48,9 +57,10 @@ export const CaptchaPreview = ({ provider, providerName, clientSecret, captchaTy
         setCaptchaImg(res.captchaImage);
       } else {
         setSecret(res.clientSecret);
+        setSecret2(res.clientSecret2);
       }
     });
-  }
+  };
 
   const clickPreview = () => {
     setVisible(true);
@@ -100,24 +110,50 @@ export const CaptchaPreview = ({ provider, providerName, clientSecret, captchaTy
     setCaptchaToken(token);
   };
 
-
   const renderCheck = () => {
     if (captchaType === "Default") {
       return renderDefaultCaptcha();
     } else {
       return (
-        <CaptchaWidget
-          captchaType={captchaType}
-          siteKey={clientId}
-          onChange={onSubmit}
-        />
+        <Col>
+          <Row>
+            <CaptchaWidget
+              captchaType={captchaType}
+              subType={subType}
+              siteKey={clientId}
+              clientSecret={secret}
+              onChange={onSubmit}
+              clientId2={clientId2}
+              clientSecret2={secret2}
+            />
+          </Row>
+        </Col>
       );
     }
   };
 
+  const getButtonDisabled = () => {
+    if (captchaType !== "Default") {
+      if (!clientId || !clientSecret) {
+        return true;
+      }
+      if (captchaType === "Aliyun Captcha") {
+        if (!subType || !clientId2 || !clientSecret2) {
+          return true;
+        }
+      }
+    }
+    return false;
+  };
+
   return (
     <React.Fragment>
-      <Button style={{ fontSize: 14 }} type={"primary"} onClick={clickPreview} disabled={captchaType !== "Default" && (!clientId || !clientSecret)}>
+      <Button
+        style={{ fontSize: 14 }}
+        type={"primary"}
+        onClick={clickPreview}
+        disabled={getButtonDisabled()}
+      >
         {i18next.t("general:Preview")}
       </Button>
       <Modal

web/src/common/CaptchaWidget.js

@@ -14,7 +14,7 @@
 
 import React, { useEffect } from "react";
 
-export const CaptchaWidget = ({ captchaType, siteKey, onChange }) => {
+export const CaptchaWidget = ({ captchaType, subType, siteKey, clientSecret, onChange, clientId2, clientSecret2 }) => {
   const loadScript = (src) => {
     var tag = document.createElement("script");
     tag.async = false;
@@ -53,11 +53,34 @@ export const CaptchaWidget = ({ captchaType, siteKey, onChange }) => {
           }
         }, 300);
         break;
+      case "Aliyun Captcha":
+        const AWSCTimer = setInterval(() => {
+          if (!window.AWSC) {
+            loadScript("https://g.alicdn.com/AWSC/AWSC/awsc.js");
+          }
+
+          if (window.AWSC) {
+            if (clientSecret2 && clientSecret2 !== "***") {
+              window.AWSC.use(subType, function (state, module) {
+                module.init({
+                  appkey: clientSecret2,
+                  scene: clientId2,
+                  renderTo: "captcha",
+                  success: function (data) {
+                    onChange(`SessionId=${data.sessionId}&AccessKeyId=${siteKey}&Scene=${clientId2}&AppKey=${clientSecret2}&Token=${data.token}&Sig=${data.sig}&RemoteIp=192.168.0.1`);
+                  },
+                });
+              });
+            }
+            clearInterval(AWSCTimer);
+          }
+        }, 300);
+        break;
       default:
         break;
     }
     // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [captchaType, siteKey]);
+  }, [captchaType, subType, siteKey, clientSecret, clientId2, clientSecret2]);
 
   return <div id="captcha"></div>;
 };

web/src/common/CountDownInput.js

@@ -14,7 +14,6 @@
 
 import {Button, Col, Input, Modal, Row} from "antd";
 import React from "react";
-import * as Setting from "../Setting";
 import i18next from "i18next";
 import * as UserBackend from "../backend/UserBackend";
 import {SafetyOutlined} from "@ant-design/icons";
@@ -34,6 +33,9 @@ export const CountDownInput = (props) => {
   const [buttonLoading, setButtonLoading] = React.useState(false);
   const [buttonDisabled, setButtonDisabled] = React.useState(true);
   const [clientId, setClientId] = React.useState("");
+  const [subType, setSubType] = React.useState("");
+  const [clientId2, setClientId2] = React.useState("");
+  const [clientSecret2, setClientSecret2] = React.useState("");
 
   const handleCountDown = (leftTime = 60) => {
     let leftTimeSecond = leftTime
@@ -79,13 +81,14 @@ export const CountDownInput = (props) => {
         setCaptchaImg(res.captchaImage);
         setCheckType("Default");
         setVisible(true);
-      } else if (res.type === "reCAPTCHA" || res.type === "hCaptcha") {
+      } else {
         setCheckType(res.type);
         setClientId(res.clientId);
         setCheckId(res.clientSecret);
         setVisible(true);
-      } else {
-        Setting.showMessage("error", i18next.t("signup:Unknown Check Type"));
+        setSubType(res.subType);
+        setClientId2(res.clientId2);
+        setClientSecret2(res.clientSecret2);
       }
     })
   }
@@ -123,8 +126,12 @@ export const CountDownInput = (props) => {
       return (
         <CaptchaWidget
           captchaType={checkType}
+          subType={subType}
           siteKey={clientId}
+          clientSecret={checkId}
           onChange={onSubmit}
+          clientId2={clientId2}
+          clientSecret2={clientSecret2}
         />
       );
     }

web/src/locales/zh/data.json

@@ -7,11 +7,14 @@
   },
   "application": {
     "Copy prompt page URL": "复制提醒页面URL",
+    "Copy SAML metadata URL": "复制SAML元数据URL",
     "Copy signin page URL": "复制登录页面URL",
     "Copy signup page URL": "复制注册页面URL",
     "Edit Application": "编辑应用",
     "Enable code signin": "启用验证码登录",
     "Enable code signin - Tooltip": "是否允许用手机或邮箱验证码登录",
+    "Enable SAML compress": "压缩SAML响应",
+    "Enable SAML compress - Tooltip": "Casdoor作为SAML idp时，是否压缩SAML响应信息",
     "Enable signin session - Tooltip": "从应用登录Casdoor后，Casdoor是否保持会话",
     "Enable signup": "启用注册",
     "Enable signup - Tooltip": "是否允许用户注册",
@@ -30,6 +33,7 @@
     "Refresh token expire - Tooltip": "Refresh Token过期时间",
     "SAML metadata": "SAML元数据",
     "SAML metadata - Tooltip": "SAML协议的元数据（Metadata）信息",
+    "SAML metadata URL copied to clipboard successfully": "SAML元数据URL已成功复制到剪贴板",
     "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "登录页面URL已成功复制到剪贴板，请粘贴到当前浏览器的隐身模式窗口或另一个浏览器访问",
     "Signin session": "保持登录会话",
     "Signup items": "注册项",