feat: support shared application across organizations (#3108)

* feat: support share application

* revert: revert i18n

* fix: improve code format

* fix: improve code format and move GetSharedOrgFromApp to string.go

.github/workflows/build.yml

@@ -35,7 +35,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
           cache: 'yarn'
           cache-dependency-path: ./web/yarn.lock
       - run: yarn install && CI=false yarn run build
@@ -101,7 +101,7 @@ jobs:
         working-directory: ./
       - uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
           cache: 'yarn'
           cache-dependency-path: ./web/yarn.lock
       - run: yarn install
@@ -138,7 +138,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: 18
+          node-version: 20
 
       - name: Fetch Previous version
         id: get-previous-tag

Dockerfile

@@ -29,10 +29,6 @@ RUN adduser -D $USER -u 1000 \
     && mkdir logs \
     && chown -R $USER:$USER logs
 
-RUN mkdir -p /files \
-    && chmod -R 766 /files \
-    && chown casdoor:casdoor /files
-
 USER 1000
 WORKDIR /
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
@@ -69,9 +65,5 @@ COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build
 
-RUN mkdir -p /files \
-    && chmod -R 766 /files \
-    && chown casdoor:casdoor /files
-
 ENTRYPOINT ["/bin/bash"]
 CMD ["/docker-entrypoint.sh"]

controllers/account.go

@@ -169,7 +169,11 @@ func (c *ApiController) Signup() {
 
 	username := authForm.Username
 	if !application.IsSignupItemVisible("Username") {
-		username = id
+		if organization.UseEmailAsUsername && application.IsSignupItemVisible("Email") {
+			username = authForm.Email
+		} else {
+			username = id
+		}
 	}
 
 	initScore, err := organization.GetInitScore()

controllers/auth.go

@@ -665,6 +665,11 @@ func (c *ApiController) Login() {
 						return
 					}
 
+					if application.IsSignupItemRequired("Invitation code") {
+						c.ResponseError(c.T("check:Invitation code cannot be blank"))
+						return
+					}
+
 					// Handle username conflicts
 					var tmpUser *object.User
 					tmpUser, err = object.GetUser(util.GetId(application.Organization, userInfo.Username))

controllers/enforcer.go

@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"encoding/json"
+	"fmt"
 
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -163,11 +164,17 @@ func (c *ApiController) GetPolicies() {
 			c.ResponseError(err.Error())
 			return
 		}
+		if adapter == nil {
+			c.ResponseError(fmt.Sprintf(c.T("the adapter: %s is not found"), adapterId))
+			return
+		}
+
 		err = adapter.InitAdapter()
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
+
 		c.ResponseOk()
 		return
 	}

controllers/product.go

@@ -17,6 +17,7 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
+	"strconv"
 
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -164,6 +165,16 @@ func (c *ApiController) BuyProduct() {
 	host := c.Ctx.Request.Host
 	providerName := c.Input().Get("providerName")
 	paymentEnv := c.Input().Get("paymentEnv")
+	customPriceStr := c.Input().Get("customPrice")
+	if customPriceStr == "" {
+		customPriceStr = "0"
+	}
+
+	customPrice, err := strconv.ParseFloat(customPriceStr, 64)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
 
 	// buy `pricingName/planName` for `paidUserName`
 	pricingName := c.Input().Get("pricingName")
@@ -189,7 +200,7 @@ func (c *ApiController) BuyProduct() {
 		return
 	}
 
-	payment, attachInfo, err := object.BuyProduct(id, user, providerName, pricingName, planName, host, paymentEnv)
+	payment, attachInfo, err := object.BuyProduct(id, user, providerName, pricingName, planName, host, paymentEnv, customPrice)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/system_info.go

@@ -46,10 +46,10 @@ func (c *ApiController) GetSystemInfo() {
 // @Success 200 {object} util.VersionInfo The Response object
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
+	errInfo := ""
 	versionInfo, err := util.GetVersionInfo()
 	if err != nil {
-		c.ResponseError(err.Error())
-		return
+		errInfo = "Git error: " + err.Error()
 	}
 
 	if versionInfo.Version != "" {
@@ -59,9 +59,11 @@ func (c *ApiController) GetVersionInfo() {
 
 	versionInfo, err = util.GetVersionInfoFromFile()
 	if err != nil {
-		c.ResponseError(err.Error())
+		errInfo = errInfo + ", File error: " + err.Error()
+		c.ResponseError(errInfo)
 		return
 	}
+
 	c.ResponseOk(versionInfo)
 }
 

controllers/token.go

@@ -333,6 +333,35 @@ func (c *ApiController) IntrospectToken() {
 		return
 	}
 
+	if application.TokenFormat == "JWT-Standard" {
+		jwtToken, err := object.ParseStandardJwtTokenByApplication(tokenValue, application)
+		if err != nil || jwtToken.Valid() != nil {
+			// and token revoked case. but we not implement
+			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
+			// refs: https://tools.ietf.org/html/rfc7009
+			c.Data["json"] = &object.IntrospectionResponse{Active: false}
+			c.ServeJSON()
+			return
+		}
+
+		c.Data["json"] = &object.IntrospectionResponse{
+			Active:    true,
+			Scope:     jwtToken.Scope,
+			ClientId:  clientId,
+			Username:  token.User,
+			TokenType: token.TokenType,
+			Exp:       jwtToken.ExpiresAt.Unix(),
+			Iat:       jwtToken.IssuedAt.Unix(),
+			Nbf:       jwtToken.NotBefore.Unix(),
+			Sub:       jwtToken.Subject,
+			Aud:       jwtToken.Audience,
+			Iss:       jwtToken.Issuer,
+			Jti:       jwtToken.ID,
+		}
+		c.ServeJSON()
+		return
+	}
+
 	jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
 	if err != nil || jwtToken.Valid() != nil {
 		// and token revoked case. but we not implement

i18n/generate_test.go

@@ -45,6 +45,8 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	applyToOtherLanguage("frontend", "uk", data)
 	applyToOtherLanguage("frontend", "kk", data)
 	applyToOtherLanguage("frontend", "fa", data)
+	applyToOtherLanguage("frontend", "cs", data)
+	applyToOtherLanguage("frontend", "sk", data)
 }
 
 func TestGenerateI18nBackend(t *testing.T) {
@@ -73,4 +75,6 @@ func TestGenerateI18nBackend(t *testing.T) {
 	applyToOtherLanguage("backend", "uk", data)
 	applyToOtherLanguage("backend", "kk", data)
 	applyToOtherLanguage("backend", "fa", data)
+	applyToOtherLanguage("backend", "cs", data)
+	applyToOtherLanguage("backend", "sk", data)
 }

i18n/locales/cs/data.json

@@ -0,0 +1,167 @@
+{
+  "account": {
+    "Failed to add user": "Nepodařilo se přidat uživatele",
+    "Get init score failed, error: %w": "Nepodařilo se získat počáteční skóre, chyba: %w",
+    "Please sign out first": "Nejprve se prosím odhlaste",
+    "The application does not allow to sign up new account": "Aplikace neumožňuje registraci nového účtu"
+  },
+  "auth": {
+    "Challenge method should be S256": "Metoda výzvy by měla být S256",
+    "Failed to create user, user information is invalid: %s": "Nepodařilo se vytvořit uživatele, informace o uživateli jsou neplatné: %s",
+    "Failed to login in: %s": "Nepodařilo se přihlásit: %s",
+    "Invalid token": "Neplatný token",
+    "State expected: %s, but got: %s": "Očekávaný stav: %s, ale získán: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) neexistuje a není povoleno se registrovat jako nový účet přes %%s, prosím použijte jiný způsob registrace",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) neexistuje a není povoleno se registrovat jako nový účet, prosím kontaktujte svou IT podporu",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) je již propojen s jiným účtem: %s (%s)",
+    "The application: %s does not exist": "Aplikace: %s neexistuje",
+    "The login method: login with LDAP is not enabled for the application": "Metoda přihlášení: přihlášení pomocí LDAP není pro aplikaci povolena",
+    "The login method: login with SMS is not enabled for the application": "Metoda přihlášení: přihlášení pomocí SMS není pro aplikaci povolena",
+    "The login method: login with email is not enabled for the application": "Metoda přihlášení: přihlášení pomocí emailu není pro aplikaci povolena",
+    "The login method: login with face is not enabled for the application": "Metoda přihlášení: přihlášení pomocí obličeje není pro aplikaci povolena",
+    "The login method: login with password is not enabled for the application": "Metoda přihlášení: přihlášení pomocí hesla není pro aplikaci povolena",
+    "The organization: %s does not exist": "Organizace: %s neexistuje",
+    "The provider: %s is not enabled for the application": "Poskytovatel: %s není pro aplikaci povolen",
+    "Unauthorized operation": "Neoprávněná operace",
+    "Unknown authentication type (not password or provider), form = %s": "Neznámý typ autentizace (není heslo nebo poskytovatel), formulář = %s",
+    "User's tag: %s is not listed in the application's tags": "Štítek uživatele: %s není uveden v štítcích aplikace",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Placený uživatel %s nemá aktivní nebo čekající předplatné a aplikace: %s nemá výchozí ceny"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Služba %s a %s se neshodují"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Příslušnost nemůže být prázdná",
+    "Default code does not match the code's matching rules": "Výchozí kód neodpovídá pravidlům pro shodu kódů",
+    "DisplayName cannot be blank": "Zobrazované jméno nemůže být prázdné",
+    "DisplayName is not valid real name": "Zobrazované jméno není platné skutečné jméno",
+    "Email already exists": "Email již existuje",
+    "Email cannot be empty": "Email nemůže být prázdný",
+    "Email is invalid": "Email je neplatný",
+    "Empty username.": "Prázdné uživatelské jméno.",
+    "Face data does not exist, cannot log in": "Data obličeje neexistují, nelze se přihlásit",
+    "Face data mismatch": "Neshoda dat obličeje",
+    "FirstName cannot be blank": "Křestní jméno nemůže být prázdné",
+    "Invitation code cannot be blank": "Pozvánkový kód nemůže být prázdný",
+    "Invitation code exhausted": "Pozvánkový kód vyčerpán",
+    "Invitation code is invalid": "Pozvánkový kód je neplatný",
+    "Invitation code suspended": "Pozvánkový kód pozastaven",
+    "LDAP user name or password incorrect": "Uživatelské jméno nebo heslo LDAP je nesprávné",
+    "LastName cannot be blank": "Příjmení nemůže být prázdné",
+    "Multiple accounts with same uid, please check your ldap server": "Více účtů se stejným uid, prosím zkontrolujte svůj ldap server",
+    "Organization does not exist": "Organizace neexistuje",
+    "Phone already exists": "Telefon již existuje",
+    "Phone cannot be empty": "Telefon nemůže být prázdný",
+    "Phone number is invalid": "Telefonní číslo je neplatné",
+    "Please register using the email corresponding to the invitation code": "Prosím zaregistrujte se pomocí emailu odpovídajícího pozvánkovému kódu",
+    "Please register using the phone  corresponding to the invitation code": "Prosím zaregistrujte se pomocí telefonu odpovídajícího pozvánkovému kódu",
+    "Please register using the username corresponding to the invitation code": "Prosím zaregistrujte se pomocí uživatelského jména odpovídajícího pozvánkovému kódu",
+    "Session outdated, please login again": "Relace je zastaralá, prosím přihlaste se znovu",
+    "The invitation code has already been used": "Pozvánkový kód již byl použit",
+    "The user is forbidden to sign in, please contact the administrator": "Uživatel má zakázáno se přihlásit, prosím kontaktujte administrátora",
+    "The user: %s doesn't exist in LDAP server": "Uživatel: %s neexistuje na LDAP serveru",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Uživatelské jméno může obsahovat pouze alfanumerické znaky, podtržítka nebo pomlčky, nemůže mít po sobě jdoucí pomlčky nebo podtržítka a nemůže začínat nebo končit pomlčkou nebo podtržítkem.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Hodnota \\\"%s\\\" pro pole účtu \\\"%s\\\" neodpovídá regulárnímu výrazu položky účtu",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Hodnota \\\"%s\\\" pro pole registrace \\\"%s\\\" neodpovídá regulárnímu výrazu položky registrace aplikace \\\"%s\\\"",
+    "Username already exists": "Uživatelské jméno již existuje",
+    "Username cannot be an email address": "Uživatelské jméno nemůže být emailová adresa",
+    "Username cannot contain white spaces": "Uživatelské jméno nemůže obsahovat mezery",
+    "Username cannot start with a digit": "Uživatelské jméno nemůže začínat číslicí",
+    "Username is too long (maximum is 39 characters).": "Uživatelské jméno je příliš dlouhé (maximálně 39 znaků).",
+    "Username must have at least 2 characters": "Uživatelské jméno musí mít alespoň 2 znaky",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali jste špatné heslo nebo kód příliš mnohokrát, prosím počkejte %d minut a zkuste to znovu",
+    "Your region is not allow to signup by phone": "Vaše oblast neumožňuje registraci pomocí telefonu",
+    "password or code is incorrect": "heslo nebo kód je nesprávné",
+    "password or code is incorrect, you have %d remaining chances": "heslo nebo kód je nesprávné, máte %d zbývajících pokusů",
+    "unsupported password type: %s": "nepodporovaný typ hesla: %s"
+  },
+  "general": {
+    "Missing parameter": "Chybějící parametr",
+    "Please login first": "Prosím, přihlaste se nejprve",
+    "The organization: %s should have one application at least": "Organizace: %s by měla mít alespoň jednu aplikaci",
+    "The user: %s doesn't exist": "Uživatel: %s neexistuje",
+    "don't support captchaProvider: ": "nepodporuje captchaProvider: ",
+    "this operation is not allowed in demo mode": "tato operace není povolena v demo režimu",
+    "this operation requires administrator to perform": "tato operace vyžaduje administrátora"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server existuje"
+  },
+  "link": {
+    "Please link first": "Prosím, nejprve propojte",
+    "This application has no providers": "Tato aplikace nemá žádné poskytovatele",
+    "This application has no providers of type": "Tato aplikace nemá žádné poskytovatele typu",
+    "This provider can't be unlinked": "Tento poskytovatel nemůže být odpojen",
+    "You are not the global admin, you can't unlink other users": "Nejste globální administrátor, nemůžete odpojovat jiné uživatele",
+    "You can't unlink yourself, you are not a member of any application": "Nemůžete odpojit sami sebe, nejste členem žádné aplikace"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Pouze administrátor může upravit %s.",
+    "The %s is immutable.": "%s je neměnný.",
+    "Unknown modify rule %s.": "Neznámé pravidlo úpravy %s."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "Oprávnění: \\\"%s\\\" neexistuje"
+  },
+  "provider": {
+    "Invalid application id": "Neplatné ID aplikace",
+    "the provider: %s does not exist": "poskytovatel: %s neexistuje"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "Uživatel je nil pro tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Uživatelské jméno nebo úplná cesta k souboru je prázdná: uživatelské jméno = %s, úplná cesta k souboru = %s"
+  },
+  "saml": {
+    "Application %s not found": "Aplikace %s nebyla nalezena"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "poskytovatel %s není kategorie SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Prázdné parametry pro emailForm: %v",
+    "Invalid Email receivers: %s": "Neplatní příjemci emailu: %s",
+    "Invalid phone receivers: %s": "Neplatní příjemci telefonu: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "objectKey: %s není povolen",
+    "The provider type: %s is not supported": "typ poskytovatele: %s není podporován"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s není v této aplikaci podporován",
+    "Invalid application or wrong clientSecret": "Neplatná aplikace nebo špatný clientSecret",
+    "Invalid client_id": "Neplatné client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Přesměrovací URI: %s neexistuje v seznamu povolených přesměrovacích URI",
+    "Token not found, invalid accessToken": "Token nenalezen, neplatný accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Zobrazované jméno nemůže být prázdné",
+    "New password cannot contain blank space.": "Nové heslo nemůže obsahovat prázdné místo."
+  },
+  "user_upload": {
+    "Failed to import users": "Nepodařilo se importovat uživatele"
+  },
+  "util": {
+    "No application is found for userId: %s": "Pro userId: %s nebyla nalezena žádná aplikace",
+    "No provider for category: %s is found for application: %s": "Pro kategorii: %s nebyl nalezen žádný poskytovatel pro aplikaci: %s",
+    "The provider: %s is not found": "Poskytovatel: %s nebyl nalezen"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Neplatný poskytovatel captcha.",
+    "Phone number is invalid in your region %s": "Telefonní číslo je ve vaší oblasti %s neplatné",
+    "The verification code has not been sent yet!": "Ověřovací kód ještě nebyl odeslán!",
+    "The verification code has not been sent yet, or has already been used!": "Ověřovací kód ještě nebyl odeslán, nebo již byl použit!",
+    "Turing test failed.": "Turingův test selhal.",
+    "Unable to get the email modify rule.": "Nelze získat pravidlo pro úpravu emailu.",
+    "Unable to get the phone modify rule.": "Nelze získat pravidlo pro úpravu telefonu.",
+    "Unknown type": "Neznámý typ",
+    "Wrong verification code!": "Špatný ověřovací kód!",
+    "You should verify your code in %d min!": "Měli byste ověřit svůj kód do %d minut!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "prosím přidejte poskytovatele SMS do seznamu \\\"Providers\\\" pro aplikaci: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "prosím přidejte poskytovatele emailu do seznamu \\\"Providers\\\" pro aplikaci: %s",
+    "the user does not exist, please sign up first": "uživatel neexistuje, prosím nejprve se zaregistrujte"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Nebyly nalezeny žádné přihlašovací údaje pro tohoto uživatele",
+    "Please call WebAuthnSigninBegin first": "Prosím, nejprve zavolejte WebAuthnSigninBegin"
+  }
+}

i18n/locales/sk/data.json

@@ -0,0 +1,167 @@
+{
+  "account": {
+    "Failed to add user": "Nepodarilo sa pridať používateľa",
+    "Get init score failed, error: %w": "Získanie počiatočného skóre zlyhalo, chyba: %w",
+    "Please sign out first": "Najskôr sa prosím odhláste",
+    "The application does not allow to sign up new account": "Aplikácia neumožňuje registráciu nového účtu"
+  },
+  "auth": {
+    "Challenge method should be S256": "Metóda výzvy by mala byť S256",
+    "Failed to create user, user information is invalid: %s": "Nepodarilo sa vytvoriť používateľa, informácie o používateľovi sú neplatné: %s",
+    "Failed to login in: %s": "Prihlásenie zlyhalo: %s",
+    "Invalid token": "Neplatný token",
+    "State expected: %s, but got: %s": "Očakávaný stav: %s, ale dostali sme: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Účet pre poskytovateľa: %s a používateľské meno: %s (%s) neexistuje a nie je povolené zaregistrovať nový účet cez %%s, prosím použite iný spôsob registrácie",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Účet pre poskytovateľa: %s a používateľské meno: %s (%s) neexistuje a nie je povolené zaregistrovať nový účet, prosím kontaktujte vašu IT podporu",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Účet pre poskytovateľa: %s a používateľské meno: %s (%s) je už prepojený s iným účtom: %s (%s)",
+    "The application: %s does not exist": "Aplikácia: %s neexistuje",
+    "The login method: login with LDAP is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou LDAP nie je pre aplikáciu povolená",
+    "The login method: login with SMS is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou SMS nie je pre aplikáciu povolená",
+    "The login method: login with email is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou e-mailu nie je pre aplikáciu povolená",
+    "The login method: login with face is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou tváre nie je pre aplikáciu povolená",
+    "The login method: login with password is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou hesla nie je pre aplikáciu povolená",
+    "The organization: %s does not exist": "Organizácia: %s neexistuje",
+    "The provider: %s is not enabled for the application": "Poskytovateľ: %s nie je pre aplikáciu povolený",
+    "Unauthorized operation": "Neautorizovaná operácia",
+    "Unknown authentication type (not password or provider), form = %s": "Neznámy typ autentifikácie (nie heslo alebo poskytovateľ), forma = %s",
+    "User's tag: %s is not listed in the application's tags": "Štítok používateľa: %s nie je uvedený v štítkoch aplikácie",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "platiaci používateľ %s nemá aktívne alebo čakajúce predplatné a aplikácia: %s nemá predvolenú cenovú politiku"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Služba %s a %s sa nezhodujú"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Príslušnosť nemôže byť prázdna",
+    "Default code does not match the code's matching rules": "Predvolený kód nezodpovedá pravidlám zodpovedania kódu",
+    "DisplayName cannot be blank": "Zobrazované meno nemôže byť prázdne",
+    "DisplayName is not valid real name": "Zobrazované meno nie je platné skutočné meno",
+    "Email already exists": "E-mail už existuje",
+    "Email cannot be empty": "E-mail nemôže byť prázdny",
+    "Email is invalid": "E-mail je neplatný",
+    "Empty username.": "Prázdne používateľské meno.",
+    "Face data does not exist, cannot log in": "Dáta o tvári neexistujú, nemožno sa prihlásiť",
+    "Face data mismatch": "Nesúlad dát o tvári",
+    "FirstName cannot be blank": "Meno nemôže byť prázdne",
+    "Invitation code cannot be blank": "Kód pozvania nemôže byť prázdny",
+    "Invitation code exhausted": "Kód pozvania bol vyčerpaný",
+    "Invitation code is invalid": "Kód pozvania je neplatný",
+    "Invitation code suspended": "Kód pozvania bol pozastavený",
+    "LDAP user name or password incorrect": "LDAP používateľské meno alebo heslo sú nesprávne",
+    "LastName cannot be blank": "Priezvisko nemôže byť prázdne",
+    "Multiple accounts with same uid, please check your ldap server": "Viacero účtov s rovnakým uid, skontrolujte svoj ldap server",
+    "Organization does not exist": "Organizácia neexistuje",
+    "Phone already exists": "Telefón už existuje",
+    "Phone cannot be empty": "Telefón nemôže byť prázdny",
+    "Phone number is invalid": "Telefónne číslo je neplatné",
+    "Please register using the email corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou e-mailu zodpovedajúceho kódu pozvania",
+    "Please register using the phone corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou telefónu zodpovedajúceho kódu pozvania",
+    "Please register using the username corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou používateľského mena zodpovedajúceho kódu pozvania",
+    "Session outdated, please login again": "Relácia je zastaraná, prosím, prihláste sa znova",
+    "The invitation code has already been used": "Kód pozvania už bol použitý",
+    "The user is forbidden to sign in, please contact the administrator": "Používateľovi je zakázané prihlásenie, prosím, kontaktujte administrátora",
+    "The user: %s doesn't exist in LDAP server": "Používateľ: %s neexistuje na LDAP serveri",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Používateľské meno môže obsahovať iba alfanumerické znaky, podtržníky alebo pomlčky, nemôže obsahovať po sebe idúce pomlčky alebo podtržníky a nemôže začínať alebo končiť pomlčkou alebo podtržníkom.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Hodnota \\\"%s\\\" pre pole účtu \\\"%s\\\" nezodpovedá regulárnemu výrazu položky účtu",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Hodnota \\\"%s\\\" pre pole registrácie \\\"%s\\\" nezodpovedá regulárnemu výrazu položky registrácie aplikácie \\\"%s\\\"",
+    "Username already exists": "Používateľské meno už existuje",
+    "Username cannot be an email address": "Používateľské meno nemôže byť e-mailová adresa",
+    "Username cannot contain white spaces": "Používateľské meno nemôže obsahovať medzery",
+    "Username cannot start with a digit": "Používateľské meno nemôže začínať číslicou",
+    "Username is too long (maximum is 39 characters).": "Používateľské meno je príliš dlhé (maximum je 39 znakov).",
+    "Username must have at least 2 characters": "Používateľské meno musí mať aspoň 2 znaky",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali ste nesprávne heslo alebo kód príliš veľa krát, prosím, počkajte %d minút a skúste to znova",
+    "Your region is not allow to signup by phone": "Váš región neumožňuje registráciu cez telefón",
+    "password or code is incorrect": "heslo alebo kód je nesprávne",
+    "password or code is incorrect, you have %d remaining chances": "heslo alebo kód je nesprávne, máte %d zostávajúcich pokusov",
+    "unsupported password type: %s": "nepodporovaný typ hesla: %s"
+  },
+  "general": {
+    "Missing parameter": "Chýbajúci parameter",
+    "Please login first": "Najskôr sa prosím prihláste",
+    "The organization: %s should have one application at least": "Organizácia: %s by mala mať aspoň jednu aplikáciu",
+    "The user: %s doesn't exist": "Používateľ: %s neexistuje",
+    "don't support captchaProvider: ": "nepodporuje captchaProvider: ",
+    "this operation is not allowed in demo mode": "táto operácia nie je povolená v demo režime",
+    "this operation requires administrator to perform": "táto operácia vyžaduje vykonanie administrátorom"
+  },
+  "ldap": {
+    "Ldap server exist": "LDAP server existuje"
+  },
+  "link": {
+    "Please link first": "Najskôr sa prosím prepojte",
+    "This application has no providers": "Táto aplikácia nemá žiadnych poskytovateľov",
+    "This application has no providers of type": "Táto aplikácia nemá poskytovateľov typu",
+    "This provider can't be unlinked": "Tento poskytovateľ nemôže byť odpojený",
+    "You are not the global admin, you can't unlink other users": "Nie ste globálny administrátor, nemôžete odpojiť iných používateľov",
+    "You can't unlink yourself, you are not a member of any application": "Nemôžete sa odpojiť, nie ste členom žiadnej aplikácie"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Len administrátor môže upravovať %s.",
+    "The %s is immutable.": "%s je nemenný.",
+    "Unknown modify rule %s.": "Neznáme pravidlo úprav %s."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "Povolenie: \\\"%s\\\" neexistuje"
+  },
+  "provider": {
+    "Invalid application id": "Neplatné id aplikácie",
+    "the provider: %s does not exist": "poskytovateľ: %s neexistuje"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "Používateľ je nil pre tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Používateľské meno alebo fullFilePath je prázdny: používateľské meno = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Aplikácia %s nebola nájdená"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "kategória poskytovateľa %s nie je SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Prázdne parametre pre emailForm: %v",
+    "Invalid Email receivers: %s": "Neplatní príjemcovia e-mailu: %s",
+    "Invalid phone receivers: %s": "Neplatní príjemcovia telefónu: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "objectKey: %s nie je povolený",
+    "The provider type: %s is not supported": "Typ poskytovateľa: %s nie je podporovaný"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s nie je podporovaný v tejto aplikácii",
+    "Invalid application or wrong clientSecret": "Neplatná aplikácia alebo nesprávny clientSecret",
+    "Invalid client_id": "Neplatný client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s neexistuje v zozname povolených Redirect URI",
+    "Token not found, invalid accessToken": "Token nebol nájdený, neplatný accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Zobrazované meno nemôže byť prázdne",
+    "New password cannot contain blank space.": "Nové heslo nemôže obsahovať medzery."
+  },
+  "user_upload": {
+    "Failed to import users": "Nepodarilo sa importovať používateľov"
+  },
+  "util": {
+    "No application is found for userId: %s": "Nebola nájdená žiadna aplikácia pre userId: %s",
+    "No provider for category: %s is found for application: %s": "Pre aplikáciu: %s nebol nájdený žiadny poskytovateľ pre kategóriu: %s",
+    "The provider: %s is not found": "Poskytovateľ: %s nebol nájdený"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Neplatný captcha poskytovateľ.",
+    "Phone number is invalid in your region %s": "Telefónne číslo je neplatné vo vašom regióne %s",
+    "The verification code has not been sent yet!": "Overovací kód ešte nebol odoslaný!",
+    "The verification code has not been sent yet, or has already been used!": "Overovací kód ešte nebol odoslaný, alebo bol už použitý!",
+    "Turing test failed.": "Test Turinga zlyhal.",
+    "Unable to get the email modify rule.": "Nepodarilo sa získať pravidlo úpravy e-mailu.",
+    "Unable to get the phone modify rule.": "Nepodarilo sa získať pravidlo úpravy telefónu.",
+    "Unknown type": "Neznámy typ",
+    "Wrong verification code!": "Nesprávny overovací kód!",
+    "You should verify your code in %d min!": "Overte svoj kód za %d minút!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "prosím pridajte SMS poskytovateľa do zoznamu \\\"Poskytovatelia\\\" pre aplikáciu: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "prosím pridajte e-mailového poskytovateľa do zoznamu \\\"Poskytovatelia\\\" pre aplikáciu: %s",
+    "the user does not exist, please sign up first": "používateľ neexistuje, prosím, zaregistrujte sa najskôr"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Nenašli sa žiadne prihlasovacie údaje pre tohto používateľa",
+    "Please call WebAuthnSigninBegin first": "Najskôr prosím zavolajte WebAuthnSigninBegin"
+  }
+}

idp/lark.go

@@ -22,6 +22,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/nyaruka/phonenumbers"
 	"golang.org/x/oauth2"
 )
 
@@ -199,12 +200,25 @@ func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 		return nil, err
 	}
 
+	var phoneNumber string
+	var countryCode string
+	if len(larkUserInfo.Data.Mobile) != 0 {
+		phoneNumberParsed, err := phonenumbers.Parse(larkUserInfo.Data.Mobile, "")
+		if err != nil {
+			return nil, err
+		}
+		countryCode = phonenumbers.GetRegionCodeForNumber(phoneNumberParsed)
+		phoneNumber = fmt.Sprintf("%d", phoneNumberParsed.GetNationalNumber())
+	}
+
 	userInfo := UserInfo{
 		Id:          larkUserInfo.Data.OpenId,
-		DisplayName: larkUserInfo.Data.EnName,
-		Username:    larkUserInfo.Data.Name,
+		DisplayName: larkUserInfo.Data.Name,
+		Username:    larkUserInfo.Data.UserId,
 		Email:       larkUserInfo.Data.Email,
 		AvatarUrl:   larkUserInfo.Data.AvatarUrl,
+		Phone:       phoneNumber,
+		CountryCode: countryCode,
 	}
 	return &userInfo, nil
 }

init_data.json.template

@@ -35,7 +35,9 @@
         "FI",
         "SE",
         "UA",
-        "KZ"
+        "KZ",
+        "CZ",
+        "SK"
       ],
       "defaultAvatar": "",
       "defaultApplication": "",
@@ -62,7 +64,9 @@
         "sv",
         "uk",
         "kk",
-        "fa"
+        "fa",
+        "cs",
+        "sk"
       ],
       "masterPassword": "",
       "defaultPassword": "",

ldap/server.go

@@ -59,7 +59,15 @@ func handleBind(w ldap.ResponseWriter, m *ldap.Message) {
 		}
 
 		bindPassword := string(r.AuthenticationSimple())
-		bindUser, err := object.CheckUserPassword(bindOrg, bindUsername, bindPassword, "en")
+
+		enableCaptcha := false
+		isSigninViaLdap := false
+		isPasswordWithLdapEnabled := false
+		if bindPassword != "" {
+			isPasswordWithLdapEnabled = true
+		}
+
+		bindUser, err := object.CheckUserPassword(bindOrg, bindUsername, bindPassword, "en", enableCaptcha, isSigninViaLdap, isPasswordWithLdapEnabled)
 		if err != nil {
 			log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
 			res.SetResultCode(ldap.LDAPResultInvalidCredentials)
@@ -122,6 +130,9 @@ func handleSearch(w ldap.ResponseWriter, m *ldap.Message) {
 		e.AddAttribute("homeDirectory", message.AttributeValue("/home/"+user.Name))
 		e.AddAttribute("cn", message.AttributeValue(user.Name))
 		e.AddAttribute("uid", message.AttributeValue(user.Id))
+		for _, group := range user.Groups {
+			e.AddAttribute(ldapMemberOfAttr, message.AttributeValue(group))
+		}
 		attrs := r.Attributes()
 		for _, attr := range attrs {
 			if string(attr) == "*" {

ldap/util.go

@@ -79,6 +79,8 @@ var ldapAttributesMapping = map[string]FieldRelation{
 	},
 }
 
+const ldapMemberOfAttr = "memberOf"
+
 var AdditionalLdapAttributes []message.LDAPString
 
 func init() {
@@ -180,7 +182,22 @@ func buildUserFilterCondition(filter interface{}) (builder.Cond, error) {
 		}
 		return builder.Not{cond}, nil
 	case message.FilterEqualityMatch:
-		field, err := getUserFieldFromAttribute(string(f.AttributeDesc()))
+		attr := string(f.AttributeDesc())
+
+		if attr == ldapMemberOfAttr {
+			groupId := string(f.AssertionValue())
+			users, err := object.GetGroupUsers(groupId)
+			if err != nil {
+				return nil, err
+			}
+			var names []string
+			for _, user := range users {
+				names = append(names, user.Name)
+			}
+			return builder.In("name", names), nil
+		}
+
+		field, err := getUserFieldFromAttribute(attr)
 		if err != nil {
 			return nil, err
 		}
@@ -246,7 +263,7 @@ func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int)
 		return nil, code
 	}
 
-	if name == "*" && m.Client.IsOrgAdmin { // get all users from organization 'org'
+	if name == "*" { // get all users from organization 'org'
 		if m.Client.IsGlobalAdmin && org == "*" {
 			filteredUsers, err = object.GetGlobalUsersWithFilter(buildSafeCondition(r.Filter()))
 			if err != nil {

object/application.go

@@ -91,6 +91,7 @@ type Application struct {
 	CertPublicKey         string          `xorm:"-" json:"certPublicKey"`
 	Tags                  []string        `xorm:"mediumtext" json:"tags"`
 	SamlAttributes        []*SamlItem     `xorm:"varchar(1000)" json:"samlAttributes"`
+	IsShared              bool            `json:"isShared"`
 
 	ClientId             string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret         string     `xorm:"varchar(100)" json:"clientSecret"`
@@ -123,9 +124,9 @@ func GetApplicationCount(owner, field, value string) (int64, error) {
 	return session.Count(&Application{})
 }
 
-func GetOrganizationApplicationCount(owner, Organization, field, value string) (int64, error) {
+func GetOrganizationApplicationCount(owner, organization, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Application{Organization: Organization})
+	return session.Where("organization = ? or is_shared = ? ", organization, true).Count(&Application{})
 }
 
 func GetApplications(owner string) ([]*Application, error) {
@@ -140,7 +141,7 @@ func GetApplications(owner string) ([]*Application, error) {
 
 func GetOrganizationApplications(owner string, organization string) ([]*Application, error) {
 	applications := []*Application{}
-	err := ormer.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
+	err := ormer.Engine.Desc("created_time").Where("organization = ? or is_shared = ? ", organization, true).Find(&applications, &Application{})
 	if err != nil {
 		return applications, err
 	}
@@ -162,7 +163,7 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) ([]*Application, error) {
 	applications := []*Application{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&applications, &Application{Organization: organization})
+	err := session.Where("organization = ? or is_shared = ? ", organization, true).Find(&applications, &Application{})
 	if err != nil {
 		return applications, err
 	}
@@ -337,12 +338,18 @@ func getApplication(owner string, name string) (*Application, error) {
 		return nil, nil
 	}
 
-	application := Application{Owner: owner, Name: name}
+	realApplicationName, sharedOrg := util.GetSharedOrgFromApp(name)
+
+	application := Application{Owner: owner, Name: realApplicationName}
 	existed, err := ormer.Engine.Get(&application)
 	if err != nil {
 		return nil, err
 	}
 
+	if application.IsShared && sharedOrg != "" {
+		application.Organization = sharedOrg
+	}
+
 	if existed {
 		err = extendApplicationWithProviders(&application)
 		if err != nil {
@@ -428,11 +435,18 @@ func GetApplicationByUserId(userId string) (application *Application, err error)
 
 func GetApplicationByClientId(clientId string) (*Application, error) {
 	application := Application{}
-	existed, err := ormer.Engine.Where("client_id=?", clientId).Get(&application)
+
+	realClientId, sharedOrg := util.GetSharedOrgFromApp(clientId)
+
+	existed, err := ormer.Engine.Where("client_id=?", realClientId).Get(&application)
 	if err != nil {
 		return nil, err
 	}
 
+	if application.IsShared && sharedOrg != "" {
+		application.Organization = sharedOrg
+	}
+
 	if existed {
 		err = extendApplicationWithProviders(&application)
 		if err != nil {
@@ -626,6 +640,10 @@ func UpdateApplication(id string, application *Application) (bool, error) {
 		return false, err
 	}
 
+	if application.IsShared == true && application.Organization != "built-in" {
+		return false, fmt.Errorf("only applications belonging to built-in organization can be shared")
+	}
+
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}

object/init.go

@@ -78,6 +78,7 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "WebAuthn credentials", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Managed accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+		{Name: "MFA accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 	}
 }
 
@@ -108,6 +109,8 @@ func initBuiltInOrganization() bool {
 		AccountItems:       getBuiltInAccountItems(),
 		EnableSoftDeletion: false,
 		IsProfilePublic:    false,
+		UseEmailAsUsername: false,
+		EnableTour:         true,
 	}
 	_, err = AddOrganization(organization)
 	if err != nil {

object/organization.go

@@ -72,6 +72,8 @@ type Organization struct {
 	InitScore              int        `json:"initScore"`
 	EnableSoftDeletion     bool       `json:"enableSoftDeletion"`
 	IsProfilePublic        bool       `json:"isProfilePublic"`
+	UseEmailAsUsername     bool       `json:"useEmailAsUsername"`
+	EnableTour             bool       `json:"enableTour"`
 
 	MfaItems     []*MfaItem     `xorm:"varchar(300)" json:"mfaItems"`
 	AccountItems []*AccountItem `xorm:"varchar(5000)" json:"accountItems"`
@@ -317,6 +319,7 @@ func GetDefaultApplication(id string) (*Application, error) {
 		if defaultApplication == nil {
 			return nil, fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
 		} else {
+			defaultApplication.Organization = organization.Name
 			return defaultApplication, nil
 		}
 	}
@@ -354,6 +357,11 @@ func GetDefaultApplication(id string) (*Application, error) {
 		return nil, err
 	}
 
+	err = extendApplicationWithSigninMethods(defaultApplication)
+	if err != nil {
+		return nil, err
+	}
+
 	return defaultApplication, nil
 }
 

object/payment.go

@@ -39,6 +39,8 @@ type Payment struct {
 	Currency           string  `xorm:"varchar(100)" json:"currency"`
 	Price              float64 `json:"price"`
 	ReturnUrl          string  `xorm:"varchar(1000)" json:"returnUrl"`
+	IsRecharge         bool    `xorm:"bool" json:"isRecharge"`
+
 	// Payer Info
 	User         string `xorm:"varchar(100)" json:"user"`
 	PersonName   string `xorm:"varchar(100)" json:"personName"`
@@ -193,11 +195,16 @@ func notifyPayment(body []byte, owner string, paymentName string) (*Payment, *pp
 		return payment, nil, err
 	}
 
-	if notifyResult.Price != product.Price {
+	if notifyResult.Price != product.Price && !product.IsRecharge {
 		err = fmt.Errorf("the payment's price: %f doesn't equal to the expected price: %f", notifyResult.Price, product.Price)
 		return payment, nil, err
 	}
 
+	if payment.IsRecharge {
+		err = UpdateUserBalance(payment.Owner, payment.User, payment.Price)
+		return payment, notifyResult, err
+	}
+
 	return payment, notifyResult, nil
 }
 
@@ -215,6 +222,19 @@ func NotifyPayment(body []byte, owner string, paymentName string) (*Payment, err
 		if err != nil {
 			return nil, err
 		}
+
+		transaction, err := GetTransaction(payment.GetId())
+		if err != nil {
+			return nil, err
+		}
+
+		if transaction != nil {
+			transaction.State = payment.State
+			_, err = UpdateTransaction(transaction.GetId(), transaction)
+			if err != nil {
+				return nil, err
+			}
+		}
 	}
 
 	return payment, nil

object/permission.go

@@ -181,15 +181,15 @@ func UpdatePermission(id string, permission *Permission) (bool, error) {
 			return false, err
 		}
 
-		if oldPermission.Adapter != "" && oldPermission.Adapter != permission.Adapter {
-			isEmpty, _ := ormer.Engine.IsTableEmpty(oldPermission.Adapter)
-			if isEmpty {
-				err = ormer.Engine.DropTables(oldPermission.Adapter)
-				if err != nil {
-					return false, err
-				}
-			}
-		}
+		// if oldPermission.Adapter != "" && oldPermission.Adapter != permission.Adapter {
+		// 	isEmpty, _ := ormer.Engine.IsTableEmpty(oldPermission.Adapter)
+		// 	if isEmpty {
+		// 		err = ormer.Engine.DropTables(oldPermission.Adapter)
+		// 		if err != nil {
+		// 			return false, err
+		// 		}
+		// 	}
+		// }
 
 		err = addGroupingPolicies(permission)
 		if err != nil {
@@ -312,15 +312,15 @@ func DeletePermission(permission *Permission) (bool, error) {
 			return false, err
 		}
 
-		if permission.Adapter != "" && permission.Adapter != "permission_rule" {
-			isEmpty, _ := ormer.Engine.IsTableEmpty(permission.Adapter)
-			if isEmpty {
-				err = ormer.Engine.DropTables(permission.Adapter)
-				if err != nil {
-					return false, err
-				}
-			}
-		}
+		// if permission.Adapter != "" && permission.Adapter != "permission_rule" {
+		// 	isEmpty, _ := ormer.Engine.IsTableEmpty(permission.Adapter)
+		// 	if isEmpty {
+		// 		err = ormer.Engine.DropTables(permission.Adapter)
+		// 		if err != nil {
+		// 			return false, err
+		// 		}
+		// 	}
+		// }
 	}
 
 	return affected, nil

object/product.go

@@ -39,6 +39,7 @@ type Product struct {
 	Price       float64  `json:"price"`
 	Quantity    int      `json:"quantity"`
 	Sold        int      `json:"sold"`
+	IsRecharge  bool     `json:"isRecharge"`
 	Providers   []string `xorm:"varchar(255)" json:"providers"`
 	ReturnUrl   string   `xorm:"varchar(1000)" json:"returnUrl"`
 
@@ -160,7 +161,7 @@ func (product *Product) getProvider(providerName string) (*Provider, error) {
 	return provider, nil
 }
 
-func BuyProduct(id string, user *User, providerName, pricingName, planName, host, paymentEnv string) (payment *Payment, attachInfo map[string]interface{}, err error) {
+func BuyProduct(id string, user *User, providerName, pricingName, planName, host, paymentEnv string, customPrice float64) (payment *Payment, attachInfo map[string]interface{}, err error) {
 	product, err := GetProduct(id)
 	if err != nil {
 		return nil, nil, err
@@ -169,6 +170,14 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 		return nil, nil, fmt.Errorf("the product: %s does not exist", id)
 	}
 
+	if product.IsRecharge {
+		if customPrice <= 0 {
+			return nil, nil, fmt.Errorf("the custom price should bigger than zero")
+		} else {
+			product.Price = customPrice
+		}
+	}
+
 	provider, err := product.getProvider(providerName)
 	if err != nil {
 		return nil, nil, err
@@ -218,13 +227,17 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 		NotifyUrl:          notifyUrl,
 		PaymentEnv:         paymentEnv,
 	}
+
 	// custom process for WeChat & WeChat Pay
 	if provider.Type == "WeChat Pay" {
 		payReq.PayerId, err = getUserExtraProperty(user, "WeChat", idp.BuildWechatOpenIdKey(provider.ClientId2))
 		if err != nil {
 			return nil, nil, err
 		}
+	} else if provider.Type == "Balance" {
+		payReq.PayerId = user.GetId()
 	}
+
 	payResp, err := pProvider.Pay(payReq)
 	if err != nil {
 		return nil, nil, err
@@ -246,6 +259,7 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 		Currency:           product.Currency,
 		Price:              product.Price,
 		ReturnUrl:          product.ReturnUrl,
+		IsRecharge:         product.IsRecharge,
 
 		User:       user.Name,
 		PayUrl:     payResp.PayUrl,
@@ -254,8 +268,46 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 		OutOrderId: payResp.OrderId,
 	}
 
+	transaction := &Transaction{
+		Owner:       payment.Owner,
+		Name:        payment.Name,
+		DisplayName: payment.DisplayName,
+		Provider:    provider.Name,
+		Category:    provider.Category,
+		Type:        provider.Type,
+
+		ProductName:        product.Name,
+		ProductDisplayName: product.DisplayName,
+		Detail:             product.Detail,
+		Tag:                product.Tag,
+		Currency:           product.Currency,
+		Amount:             payment.Price,
+		ReturnUrl:          payment.ReturnUrl,
+
+		User:        payment.User,
+		Application: owner,
+		Payment:     payment.GetId(),
+
+		State: pp.PaymentStateCreated,
+	}
+
 	if provider.Type == "Dummy" {
 		payment.State = pp.PaymentStatePaid
+		err = UpdateUserBalance(user.Owner, user.Name, payment.Price)
+		if err != nil {
+			return nil, nil, err
+		}
+	} else if provider.Type == "Balance" {
+		if product.Price > user.Balance {
+			return nil, nil, fmt.Errorf("insufficient user balance")
+		}
+		transaction.Amount = -transaction.Amount
+		err = UpdateUserBalance(user.Owner, user.Name, -product.Price)
+		if err != nil {
+			return nil, nil, err
+		}
+		payment.State = pp.PaymentStatePaid
+		transaction.State = pp.PaymentStatePaid
 	}
 
 	affected, err := AddPayment(payment)
@@ -266,6 +318,17 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 	if !affected {
 		return nil, nil, fmt.Errorf("failed to add payment: %s", util.StructToJson(payment))
 	}
+
+	if product.IsRecharge || provider.Type == "Balance" {
+		affected, err = AddTransaction(transaction)
+		if err != nil {
+			return nil, nil, err
+		}
+		if !affected {
+			return nil, nil, fmt.Errorf("failed to add transaction: %s", util.StructToJson(payment))
+		}
+	}
+
 	return payment, payResp.AttachInfo, nil
 }
 
@@ -304,8 +367,9 @@ func CreateProductForPlan(plan *Plan) *Product {
 		Price:       plan.Price,
 		Currency:    plan.Currency,
 
-		Quantity: 999,
-		Sold:     0,
+		Quantity:   999,
+		Sold:       0,
+		IsRecharge: false,
 
 		Providers: plan.PaymentProviders,
 		State:     "Published",

object/provider.go

@@ -309,6 +309,12 @@ func GetPaymentProvider(p *Provider) (pp.PaymentProvider, error) {
 			return nil, err
 		}
 		return pp, nil
+	} else if typ == "Balance" {
+		pp, err := pp.NewBalancePaymentProvider()
+		if err != nil {
+			return nil, err
+		}
+		return pp, nil
 	} else {
 		return nil, fmt.Errorf("the payment provider type: %s is not supported", p.Type)
 	}

object/token_jwt.go

@@ -139,6 +139,15 @@ type ClaimsShort struct {
 	jwt.RegisteredClaims
 }
 
+type OIDCAddress struct {
+	Formatted     string `json:"formatted"`
+	StreetAddress string `json:"street_address"`
+	Locality      string `json:"locality"`
+	Region        string `json:"region"`
+	PostalCode    string `json:"postal_code"`
+	Country       string `json:"country"`
+}
+
 type ClaimsWithoutThirdIdp struct {
 	*UserWithoutThirdIdp
 	TokenType string `json:"tokenType,omitempty"`
@@ -386,6 +395,13 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		refreshClaims["exp"] = jwt.NewNumericDate(refreshExpireTime)
 		refreshClaims["TokenType"] = "refresh-token"
 		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, refreshClaims)
+	} else if application.TokenFormat == "JWT-Standard" {
+		claimsStandard := getStandardClaims(claims)
+
+		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsStandard)
+		claimsStandard.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		claimsStandard.TokenType = "refresh-token"
+		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsStandard)
 	} else {
 		return "", "", "", fmt.Errorf("unknown application TokenFormat: %s", application.TokenFormat)
 	}

object/token_oauth.go

@@ -309,12 +309,22 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 		}, nil
 	}
 
-	_, err = ParseJwtToken(refreshToken, cert)
-	if err != nil {
-		return &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
-		}, nil
+	if application.TokenFormat == "JWT-Standard" {
+		_, err = ParseStandardJwtToken(refreshToken, cert)
+		if err != nil {
+			return &TokenError{
+				Error:            InvalidGrant,
+				ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
+			}, nil
+		}
+	} else {
+		_, err = ParseJwtToken(refreshToken, cert)
+		if err != nil {
+			return &TokenError{
+				Error:            InvalidGrant,
+				ErrorDescription: fmt.Sprintf("parse refresh token error: %s", err.Error()),
+			}, nil
+		}
 	}
 
 	// generate a new token

object/token_standard_jwt.go

@@ -0,0 +1,106 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/golang-jwt/jwt/v4"
+)
+
+type ClaimsStandard struct {
+	*UserShort
+	Gender    string      `json:"gender,omitempty"`
+	TokenType string      `json:"tokenType,omitempty"`
+	Nonce     string      `json:"nonce,omitempty"`
+	Scope     string      `json:"scope,omitempty"`
+	Address   OIDCAddress `json:"address,omitempty"`
+
+	jwt.RegisteredClaims
+}
+
+func getStreetAddress(user *User) string {
+	var addrs string
+	for _, addr := range user.Address {
+		addrs += addr + "\n"
+	}
+	return addrs
+}
+
+func getStandardClaims(claims Claims) ClaimsStandard {
+	res := ClaimsStandard{
+		UserShort:        getShortUser(claims.User),
+		TokenType:        claims.TokenType,
+		Nonce:            claims.Nonce,
+		Scope:            claims.Scope,
+		RegisteredClaims: claims.RegisteredClaims,
+	}
+
+	var scopes []string
+
+	if strings.Contains(claims.Scope, ",") {
+		scopes = strings.Split(claims.Scope, ",")
+	} else {
+		scopes = strings.Split(claims.Scope, " ")
+	}
+
+	for _, scope := range scopes {
+		if scope == "address" {
+			res.Address = OIDCAddress{StreetAddress: getStreetAddress(claims.User)}
+		} else if scope == "profile" {
+			res.Gender = claims.User.Gender
+		}
+	}
+
+	return res
+}
+
+func ParseStandardJwtToken(token string, cert *Cert) (*ClaimsStandard, error) {
+	t, err := jwt.ParseWithClaims(token, &ClaimsStandard{}, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+
+		if cert.Certificate == "" {
+			return nil, fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
+		}
+
+		// RSA certificate
+		certificate, err := jwt.ParseRSAPublicKeyFromPEM([]byte(cert.Certificate))
+		if err != nil {
+			return nil, err
+		}
+
+		return certificate, nil
+	})
+
+	if t != nil {
+		if claims, ok := t.Claims.(*ClaimsStandard); ok && t.Valid {
+			return claims, nil
+		}
+	}
+
+	return nil, err
+}
+
+func ParseStandardJwtTokenByApplication(token string, application *Application) (*ClaimsStandard, error) {
+	cert, err := getCertByApplication(application)
+	if err != nil {
+		return nil, err
+	}
+
+	return ParseStandardJwtToken(token, cert)
+}

object/transaction.go

@@ -17,6 +17,7 @@ package object
 import (
 	"fmt"
 
+	"github.com/casdoor/casdoor/pp"
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
@@ -43,7 +44,7 @@ type Transaction struct {
 	Application string `xorm:"varchar(100)" json:"application"`
 	Payment     string `xorm:"varchar(100)" json:"payment"`
 
-	State string `xorm:"varchar(100)" json:"state"`
+	State pp.PaymentState `xorm:"varchar(100)" json:"state"`
 }
 
 func GetTransactionCount(owner, field, value string) (int64, error) {

object/user.go

@@ -204,6 +204,7 @@ type User struct {
 	SigninWrongTimes    int    `json:"signinWrongTimes"`
 
 	ManagedAccounts    []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
+	MfaAccounts        []MfaAccount     `xorm:"mfaAccounts blob" json:"mfaAccounts"`
 	NeedUpdatePassword bool             `json:"needUpdatePassword"`
 }
 
@@ -230,6 +231,12 @@ type ManagedAccount struct {
 	SigninUrl   string `xorm:"varchar(200)" json:"signinUrl"`
 }
 
+type MfaAccount struct {
+	AccountName string `xorm:"varchar(100)" json:"accountName"`
+	Issuer      string `xorm:"varchar(100)" json:"issuer"`
+	SecretKey   string `xorm:"varchar(100)" json:"secretKey"`
+}
+
 type FaceId struct {
 	Name       string    `xorm:"varchar(100) notnull pk" json:"name"`
 	FaceIdData []float64 `json:"faceIdData"`
@@ -603,6 +610,12 @@ func GetMaskedUser(user *User, isAdminOrSelf bool, errs ...error) (*User, error)
 		}
 	}
 
+	if user.MfaAccounts != nil {
+		for _, mfaAccount := range user.MfaAccounts {
+			mfaAccount.SecretKey = "***"
+		}
+	}
+
 	if user.TotpSecret != "" {
 		user.TotpSecret = ""
 	}
@@ -675,7 +688,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		columns = []string{
 			"owner", "display_name", "avatar", "first_name", "last_name",
 			"location", "address", "country_code", "region", "language", "affiliation", "title", "id_card_type", "id_card", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
-			"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts", "face_ids",
+			"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts", "face_ids", "mfaAccounts",
 			"signin_wrong_times", "last_signin_wrong_time", "groups", "access_key", "access_secret", "mfa_phone_enabled", "mfa_email_enabled",
 			"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
 			"baidu", "alipay", "casdoor", "infoflow", "apple", "azuread", "azureadb2c", "slack", "steam", "bilibili", "okta", "douyin", "line", "amazon",
@@ -687,7 +700,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		}
 	}
 	if isAdmin {
-		columns = append(columns, "name", "id", "email", "phone", "country_code", "type")
+		columns = append(columns, "name", "id", "email", "phone", "country_code", "type", "balance")
 	}
 
 	columns = append(columns, "updated_time")
@@ -1125,7 +1138,7 @@ func (user *User) IsApplicationAdmin(application *Application) bool {
 		return false
 	}
 
-	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin()
+	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin() || (user.IsAdmin && application.IsShared)
 }
 
 func (user *User) IsGlobalAdmin() bool {
@@ -1157,3 +1170,13 @@ func GenerateIdForNewUser(application *Application) (string, error) {
 	res := strconv.Itoa(lastUserId + 1)
 	return res, nil
 }
+
+func UpdateUserBalance(owner string, name string, balance float64) error {
+	user, err := getUser(owner, name)
+	if err != nil {
+		return err
+	}
+	user.Balance += balance
+	_, err = UpdateUser(user.GetId(), user, []string{"balance"}, true)
+	return err
+}

object/user_util.go

@@ -393,6 +393,20 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		itemsChanged = append(itemsChanged, item)
 	}
 
+	if oldUser.Address == nil {
+		oldUser.Address = []string{}
+	}
+	oldUserAddressJson, _ := json.Marshal(oldUser.Address)
+
+	if newUser.Address == nil {
+		newUser.Address = []string{}
+	}
+	newUserAddressJson, _ := json.Marshal(newUser.Address)
+	if string(oldUserAddressJson) != string(newUserAddressJson) {
+		item := GetAccountItemByName("Address", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
 	if newUser.FaceIds != nil {
 		item := GetAccountItemByName("Face ID", organization)
 		itemsChanged = append(itemsChanged, item)
@@ -416,11 +430,41 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		itemsChanged = append(itemsChanged, item)
 	}
 
+	if oldUser.Balance != newUser.Balance {
+		item := GetAccountItemByName("Balance", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
 	if oldUser.Score != newUser.Score {
 		item := GetAccountItemByName("Score", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 
+	if oldUser.Karma != newUser.Karma {
+		item := GetAccountItemByName("Karma", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.Language != newUser.Language {
+		item := GetAccountItemByName("Language", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.Ranking != newUser.Ranking {
+		item := GetAccountItemByName("Ranking", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.Currency != newUser.Currency {
+		item := GetAccountItemByName("Currency", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.Hash != newUser.Hash {
+		item := GetAccountItemByName("Hash", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
 	for _, accountItem := range itemsChanged {
 
 		if pass, err := CheckAccountItemModifyRule(accountItem, isAdmin, lang); !pass {

pp/balance.go

@@ -0,0 +1,50 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package pp
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+)
+
+type BalancePaymentProvider struct{}
+
+func NewBalancePaymentProvider() (*BalancePaymentProvider, error) {
+	pp := &BalancePaymentProvider{}
+	return pp, nil
+}
+
+func (pp *BalancePaymentProvider) Pay(r *PayReq) (*PayResp, error) {
+	owner, _ := util.GetOwnerAndNameFromId(r.PayerId)
+	return &PayResp{
+		PayUrl:  r.ReturnUrl,
+		OrderId: fmt.Sprintf("%s/%s", owner, r.PaymentName),
+	}, nil
+}
+
+func (pp *BalancePaymentProvider) Notify(body []byte, orderId string) (*NotifyResult, error) {
+	return &NotifyResult{
+		PaymentStatus: PaymentStatePaid,
+	}, nil
+}
+
+func (pp *BalancePaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {
+	return "", nil
+}
+
+func (pp *BalancePaymentProvider) GetResponseError(err error) string {
+	return ""
+}

radius/server.go

@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"log"
 	"strings"
+	"time"
 
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
@@ -27,6 +28,14 @@ import (
 	"layeh.com/radius/rfc2866"
 )
 
+var StateMap map[string]AccessStateContent
+
+const StateExpiredTime = time.Second * 120
+
+type AccessStateContent struct {
+	ExpiredAt time.Time
+}
+
 func StartRadiusServer() {
 	secret := conf.GetConfigString("radiusSecret")
 	server := radius.PacketServer{
@@ -55,6 +64,7 @@ func handleAccessRequest(w radius.ResponseWriter, r *radius.Request) {
 	username := rfc2865.UserName_GetString(r.Packet)
 	password := rfc2865.UserPassword_GetString(r.Packet)
 	organization := rfc2865.Class_GetString(r.Packet)
+	state := rfc2865.State_GetString(r.Packet)
 	log.Printf("handleAccessRequest() username=%v, org=%v, password=%v", username, organization, password)
 
 	if organization == "" {
@@ -62,12 +72,75 @@ func handleAccessRequest(w radius.ResponseWriter, r *radius.Request) {
 		return
 	}
 
-	_, err := object.CheckUserPassword(organization, username, password, "en")
+	var user *object.User
+	var err error
+
+	if state == "" {
+		user, err = object.CheckUserPassword(organization, username, password, "en")
+	} else {
+		user, err = object.GetUser(fmt.Sprintf("%s/%s", organization, username))
+	}
+
 	if err != nil {
 		w.Write(r.Response(radius.CodeAccessReject))
 		return
 	}
 
+	if user.IsMfaEnabled() {
+		mfaProp := user.GetMfaProps(object.TotpType, false)
+		if mfaProp == nil {
+			w.Write(r.Response(radius.CodeAccessReject))
+			return
+		}
+
+		if StateMap == nil {
+			StateMap = map[string]AccessStateContent{}
+		}
+
+		if state != "" {
+			stateContent, ok := StateMap[state]
+			if !ok {
+				w.Write(r.Response(radius.CodeAccessReject))
+				return
+			}
+
+			delete(StateMap, state)
+			if stateContent.ExpiredAt.Before(time.Now()) {
+				w.Write(r.Response(radius.CodeAccessReject))
+				return
+			}
+
+			mfaUtil := object.GetMfaUtil(mfaProp.MfaType, mfaProp)
+			if mfaUtil.Verify(password) != nil {
+				w.Write(r.Response(radius.CodeAccessReject))
+				return
+			}
+
+			w.Write(r.Response(radius.CodeAccessAccept))
+			return
+		}
+
+		responseState := util.GenerateId()
+		StateMap[responseState] = AccessStateContent{
+			time.Now().Add(StateExpiredTime),
+		}
+
+		err = rfc2865.State_Set(r.Packet, []byte(responseState))
+		if err != nil {
+			w.Write(r.Response(radius.CodeAccessReject))
+			return
+		}
+
+		err = rfc2865.ReplyMessage_Set(r.Packet, []byte("please enter OTP"))
+		if err != nil {
+			w.Write(r.Response(radius.CodeAccessReject))
+			return
+		}
+
+		r.Packet.Code = radius.CodeAccessChallenge
+		w.Write(r.Packet)
+	}
+
 	w.Write(r.Response(radius.CodeAccessAccept))
 }
 

routers/authz_filter.go

@@ -35,20 +35,13 @@ type Object struct {
 }
 
 func getUsername(ctx *context.Context) (username string) {
-	defer func() {
-		if r := recover(); r != nil {
-			username, _ = getUsernameByClientIdSecret(ctx)
-		}
-	}()
-
-	username = ctx.Input.Session("username").(string)
-
-	if username == "" {
+	username, ok := ctx.Input.Session("username").(string)
+	if !ok || username == "" {
 		username, _ = getUsernameByClientIdSecret(ctx)
 	}
 
 	if username == "" {
-		username = getUsernameByKeys(ctx)
+		username, _ = getUsernameByKeys(ctx)
 	}
 	return
 }

routers/base.go

@@ -91,17 +91,22 @@ func getUsernameByClientIdSecret(ctx *context.Context) (string, error) {
 	return fmt.Sprintf("app/%s", application.Name), nil
 }
 
-func getUsernameByKeys(ctx *context.Context) string {
+func getUsernameByKeys(ctx *context.Context) (string, error) {
 	accessKey, accessSecret := getKeys(ctx)
 	user, err := object.GetUserByAccessKey(accessKey)
 	if err != nil {
-		panic(err)
+		return "", err
 	}
 
-	if user != nil && accessSecret == user.AccessSecret {
-		return user.GetId()
+	if user == nil {
+		return "", fmt.Errorf("user not found for access key: %s", accessKey)
 	}
-	return ""
+
+	if accessSecret != user.AccessSecret {
+		return "", fmt.Errorf("incorrect access secret for user: %s", user.Name)
+	}
+
+	return user.GetId(), nil
 }
 
 func getSessionUser(ctx *context.Context) string {

util/string.go

@@ -154,6 +154,16 @@ func GetOwnerAndNameAndOtherFromId(id string) (string, string, string) {
 	return tokens[0], tokens[1], tokens[2]
 }
 
+func GetSharedOrgFromApp(rawName string) (name string, organization string) {
+	name = rawName
+	splitName := strings.Split(rawName, "-org-")
+	if len(splitName) >= 2 {
+		organization = splitName[len(splitName)-1]
+		name = splitName[0]
+	}
+	return name, organization
+}
+
 func GenerateId() string {
 	return uuid.NewString()
 }
@@ -354,9 +364,16 @@ func StringToInterfaceArray(array []string) []interface{} {
 func StringToInterfaceArray2d(arrays [][]string) [][]interface{} {
 	var interfaceArrays [][]interface{}
 	for _, req := range arrays {
-		var interfaceArray []interface{}
-		for _, r := range req {
-			interfaceArray = append(interfaceArray, r)
+		var (
+			interfaceArray []interface{}
+			elem           interface{}
+		)
+		for _, elem = range req {
+			jStruct, err := TryJsonToAnonymousStruct(elem.(string))
+			if err == nil {
+				elem = jStruct
+			}
+			interfaceArray = append(interfaceArray, elem)
 		}
 		interfaceArrays = append(interfaceArrays, interfaceArray)
 	}

web/src/AdapterEditPage.js

@@ -252,8 +252,8 @@ class AdapterEditPage extends React.Component {
             {Setting.getLabel(i18next.t("provider:DB test"), i18next.t("provider:DB test - Tooltip"))} :
           </Col>
           <Col span={2} >
-            <Button type={"primary"} onClick={() => {
-              AdapterBackend.getPolicies("", "", `${this.state.organizationName}/${this.state.adapterName}`)
+            <Button disabled={this.state.organizationName !== this.state.adapter.owner} type={"primary"} onClick={() => {
+              AdapterBackend.getPolicies("", "", `${this.state.adapter.owner}/${this.state.adapter.name}`)
                 .then((res) => {
                   if (res.status === "ok") {
                     Setting.showMessage("success", i18next.t("syncer:Connect successfully"));
@@ -279,13 +279,14 @@ class AdapterEditPage extends React.Component {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully saved"));
           this.setState({
+            organizationName: this.state.adapter.owner,
             adapterName: this.state.adapter.name,
           });
 
           if (exitAfterSave) {
             this.props.history.push("/adapters");
           } else {
-            this.props.history.push(`/adapters/${this.state.organizationName}/${this.state.adapter.name}`);
+            this.props.history.push(`/adapters/${this.state.adapter.owner}/${this.state.adapter.name}`);
           }
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);

web/src/App.js

@@ -16,6 +16,7 @@ import React, {Component, Suspense, lazy} from "react";
 import "./App.less";
 import {Helmet} from "react-helmet";
 import * as Setting from "./Setting";
+import {setOrgIsTourVisible, setTourLogo} from "./TourConfig";
 import {StyleProvider, legacyLogicalPropertiesTransformer} from "@ant-design/cssinjs";
 import {GithubOutlined, InfoCircleFilled, ShareAltOutlined} from "@ant-design/icons";
 import {Alert, Button, ConfigProvider, Drawer, FloatButton, Layout, Result, Tooltip} from "antd";
@@ -247,6 +248,8 @@ class App extends Component {
 
           this.setLanguage(account);
           this.setTheme(Setting.getThemeData(account.organization), Conf.InitThemeAlgorithm);
+          setTourLogo(account.organization.logo);
+          setOrgIsTourVisible(account.organization.enableTour);
         } else {
           if (res.data !== "Please login first") {
             Setting.showMessage("error", `${i18next.t("application:Failed to sign in")}: ${res.msg}`);

web/src/ApplicationEditPage.js

@@ -116,7 +116,6 @@ class ApplicationEditPage extends React.Component {
   UNSAFE_componentWillMount() {
     this.getApplication();
     this.getOrganizations();
-    this.getProviders();
   }
 
   getApplication() {
@@ -145,7 +144,9 @@ class ApplicationEditPage extends React.Component {
           application: application,
         });
 
-        this.getCerts(application.organization);
+        this.getProviders(application);
+
+        this.getCerts(application);
 
         this.getSamlMetadata(application.enableSamlPostBinding);
       });
@@ -166,7 +167,11 @@ class ApplicationEditPage extends React.Component {
       });
   }
 
-  getCerts(owner) {
+  getCerts(application) {
+    let owner = application.organization;
+    if (application.isShared) {
+      owner = this.props.owner;
+    }
     CertBackend.getCerts(owner)
       .then((res) => {
         this.setState({
@@ -175,8 +180,12 @@ class ApplicationEditPage extends React.Component {
       });
   }
 
-  getProviders() {
-    ProviderBackend.getProviders(this.state.owner)
+  getProviders(application) {
+    let owner = application.organization;
+    if (application.isShared) {
+      owner = this.props.account.owner;
+    }
+    ProviderBackend.getProviders(owner)
       .then((res) => {
         if (res.status === "ok") {
           this.setState({
@@ -263,6 +272,16 @@ class ApplicationEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Is shared"), i18next.t("general:Is shared - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Switch disabled={Setting.isAdminUser()} checked={this.state.application.isShared} onChange={checked => {
+              this.updateApplicationField("isShared", checked);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("general:Logo"), i18next.t("general:Logo - Tooltip"))} :
@@ -384,7 +403,7 @@ class ApplicationEditPage extends React.Component {
           </Col>
           <Col span={22} >
             <Select virtual={false} style={{width: "100%"}} value={this.state.application.tokenFormat} onChange={(value => {this.updateApplicationField("tokenFormat", value);})}
-              options={["JWT", "JWT-Empty", "JWT-Custom"].map((item) => Setting.getOption(item, item))}
+              options={["JWT", "JWT-Empty", "JWT-Custom", "JWT-Standard"].map((item) => Setting.getOption(item, item))}
             />
           </Col>
         </Row>
@@ -989,7 +1008,11 @@ class ApplicationEditPage extends React.Component {
       redirectUri = "\"ERROR: You must specify at least one Redirect URL in 'Redirect URLs'\"";
     }
 
-    const signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;
+    let clientId = this.state.application.clientId;
+    if (this.state.application.isShared && this.props.account.owner !== "built-in") {
+      clientId += `-org-${this.props.account.owner}`;
+    }
+    const signInUrl = `/login/oauth/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;
     const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "97%", width: "100%", background: "rgba(0,0,0,0.4)"};
     if (!Setting.isPasswordEnabled(this.state.application)) {
       signUpUrl = signInUrl.replace("/login/oauth/authorize", "/signup/oauth/authorize");

web/src/ApplicationListPage.js

@@ -123,7 +123,7 @@ class ApplicationListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <Link to={`/applications/${record.organization}/${text}`}>
-              {text}
+              {Setting.getApplicationDisplayName(record)}
             </Link>
           );
         },

web/src/InvitationEditPage.js

@@ -199,7 +199,7 @@ class InvitationEditPage extends React.Component {
             <Select virtual={false} style={{width: "100%"}} value={this.state.invitation.application}
               onChange={(value => {this.updateInvitationField("application", value);})}
               options={[
-                {label: "All", value: i18next.t("general:All")},
+                {label: i18next.t("general:All"), value: "All"},
                 ...this.state.applications.map((application) => Setting.getOption(application.name, application.name)),
               ]} />
           </Col>

web/src/ManagementPage.js

@@ -411,7 +411,7 @@ function ManagementPage(props) {
     return Setting.isMobile() || window.location.pathname.startsWith("/trees");
   }
 
-  const menuStyleRight = Setting.isAdminUser(props.account) && !Setting.isMobile() ? "calc(180px + 280px)" : "280px";
+  const menuStyleRight = Setting.isAdminUser(props.account) && !Setting.isMobile() ? "calc(180px + 280px)" : "320px";
 
   const onClose = () => {
     setMenuVisible(false);

web/src/OrganizationEditPage.js

@@ -360,7 +360,7 @@ class OrganizationEditPage extends React.Component {
           </Col>
           <Col span={22} >
             <Select virtual={false} style={{width: "100%"}} value={this.state.organization.defaultApplication} onChange={(value => {this.updateOrganizationField("defaultApplication", value);})}
-              options={this.state.applications?.map((item) => Setting.getOption(item.name, item.name))
+              options={this.state.applications?.map((item) => Setting.getOption(Setting.getApplicationDisplayName(item.name), item.name))
               } />
           </Col>
         </Row>
@@ -436,6 +436,26 @@ class OrganizationEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("organization:Use Email as username"), i18next.t("organization:Use Email as username - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.organization.useEmailAsUsername} onChange={checked => {
+              this.updateOrganizationField("useEmailAsUsername", checked);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("general:Enable tour"), i18next.t("general:Enable tour - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.organization.enableTour} onChange={checked => {
+              this.updateOrganizationField("enableTour", checked);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("organization:Account items"), i18next.t("organization:Account items - Tooltip"))} :

web/src/OrganizationListPage.js

@@ -44,6 +44,7 @@ class OrganizationListPage extends BaseListPage {
       defaultPassword: "",
       enableSoftDeletion: false,
       isProfilePublic: true,
+      enableTour: true,
       accountItems: [
         {name: "Organization", visible: true, viewRule: "Public", modifyRule: "Admin"},
         {name: "ID", visible: true, viewRule: "Public", modifyRule: "Immutable"},
@@ -87,6 +88,7 @@ class OrganizationListPage extends BaseListPage {
         {Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
         {Name: "WebAuthn credentials", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
         {Name: "Managed accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+        {Name: "MFA accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
       ],
     };
   }

web/src/PaymentResultPage.js

@@ -17,6 +17,7 @@ import {Button, Result, Spin} from "antd";
 import * as PaymentBackend from "./backend/PaymentBackend";
 import * as PricingBackend from "./backend/PricingBackend";
 import * as SubscriptionBackend from "./backend/SubscriptionBackend";
+import * as UserBackend from "./backend/UserBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 
@@ -34,6 +35,7 @@ class PaymentResultPage extends React.Component {
       pricing: props.pricing ?? null,
       subscription: props.subscription ?? null,
       timeout: null,
+      user: null,
     };
   }
 
@@ -41,6 +43,25 @@ class PaymentResultPage extends React.Component {
     this.getPayment();
   }
 
+  getUser() {
+    UserBackend.getUser(this.props.account.owner, this.props.account.name)
+      .then((res) => {
+        if (res.data === null) {
+          this.props.history.push("/404");
+          return;
+        }
+
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
+        this.setState({
+          user: res.data,
+        });
+      });
+  }
+
   componentWillUnmount() {
     if (this.state.timeout !== null) {
       clearTimeout(this.state.timeout);
@@ -101,7 +122,7 @@ class PaymentResultPage extends React.Component {
         payment: payment,
       });
       if (payment.state === "Created") {
-        if (["PayPal", "Stripe", "Alipay", "WeChat Pay"].includes(payment.type)) {
+        if (["PayPal", "Stripe", "Alipay", "WeChat Pay", "Balance"].includes(payment.type)) {
           this.setState({
             timeout: setTimeout(async() => {
               await PaymentBackend.notifyPayment(this.state.owner, this.state.paymentName);
@@ -114,6 +135,12 @@ class PaymentResultPage extends React.Component {
           });
         }
       }
+
+      if (payment.state === "Paid") {
+        if (this.props.account) {
+          this.getUser();
+        }
+      }
     } catch (err) {
       Setting.showMessage("error", err.message);
       return;
@@ -136,6 +163,27 @@ class PaymentResultPage extends React.Component {
     }
 
     if (payment.state === "Paid") {
+      if (payment.isRecharge) {
+        return (
+          <div className="login-content">
+            {
+              Setting.renderHelmet(payment)
+            }
+            <Result
+              status="success"
+              title={`${i18next.t("payment:Recharged successfully")}`}
+              subTitle={`${i18next.t("payment:You have successfully recharged")} ${payment.price} ${Setting.getCurrencyText(payment)}, ${i18next.t("payment:Your current balance is")} ${this.state.user?.balance} ${Setting.getCurrencyText(payment)}`}
+              extra={[
+                <Button type="primary" key="returnUrl" onClick={() => {
+                  this.goToPaymentUrl(payment);
+                }}>
+                  {i18next.t("payment:Return to Website")}
+                </Button>,
+              ]}
+            />
+          </div>
+        );
+      }
       return (
         <div className="login-content">
           {

web/src/PermissionEditPage.js

@@ -487,6 +487,7 @@ class PermissionEditPage extends React.Component {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully saved"));
           this.setState({
+            organizationName: this.state.permission.owner,
             permissionName: this.state.permission.name,
           });
 

web/src/ProductBuyPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Descriptions, Spin} from "antd";
+import {Button, Descriptions, InputNumber, Space, Spin} from "antd";
 import i18next from "i18next";
 import * as ProductBackend from "./backend/ProductBackend";
 import * as PlanBackend from "./backend/PlanBackend";
@@ -36,6 +36,7 @@ class ProductBuyPage extends React.Component {
       pricing: props?.pricing ?? null,
       plan: null,
       isPlacingOrder: false,
+      customPrice: 0,
     };
   }
 
@@ -127,18 +128,8 @@ class ProductBuyPage extends React.Component {
     }
   }
 
-  getCurrencyText(product) {
-    if (product?.currency === "USD") {
-      return i18next.t("product:USD");
-    } else if (product?.currency === "CNY") {
-      return i18next.t("product:CNY");
-    } else {
-      return "(Unknown currency)";
-    }
-  }
-
   getPrice(product) {
-    return `${this.getCurrencySymbol(product)}${product?.price} (${this.getCurrencyText(product)})`;
+    return `${this.getCurrencySymbol(product)}${product?.price} (${Setting.getCurrencyText(product)})`;
   }
 
   // Call Weechat Pay via jsapi
@@ -192,7 +183,7 @@ class ProductBuyPage extends React.Component {
       isPlacingOrder: true,
     });
 
-    ProductBackend.buyProduct(product.owner, product.name, provider.name, this.state.pricingName ?? "", this.state.planName ?? "", this.state.userName ?? "", this.state.paymentEnv)
+    ProductBackend.buyProduct(product.owner, product.name, provider.name, this.state.pricingName ?? "", this.state.planName ?? "", this.state.userName ?? "", this.state.paymentEnv, this.state.customPrice)
       .then((res) => {
         if (res.status === "ok") {
           const payment = res.data;
@@ -295,15 +286,27 @@ class ProductBuyPage extends React.Component {
             <Descriptions.Item label={i18next.t("product:Image")} span={3}>
               <img src={product?.image} alt={product?.name} height={90} style={{marginBottom: "20px"}} />
             </Descriptions.Item>
-            <Descriptions.Item label={i18next.t("product:Price")}>
-              <span style={{fontSize: 28, color: "red", fontWeight: "bold"}}>
-                {
-                  this.getPrice(product)
-                }
-              </span>
-            </Descriptions.Item>
-            <Descriptions.Item label={i18next.t("product:Quantity")}><span style={{fontSize: 16}}>{product?.quantity}</span></Descriptions.Item>
-            <Descriptions.Item label={i18next.t("product:Sold")}><span style={{fontSize: 16}}>{product?.sold}</span></Descriptions.Item>
+            {
+              product.isRecharge ? (
+                <Descriptions.Item span={3} label={i18next.t("product:Price")}>
+                  <Space>
+                    <InputNumber min={0} value={this.state.customPrice} onChange={(e) => {this.setState({customPrice: e});}} /> {Setting.getCurrencyText(product)}
+                  </Space>
+                </Descriptions.Item>
+              ) : (
+                <React.Fragment>
+                  <Descriptions.Item label={i18next.t("product:Price")}>
+                    <span style={{fontSize: 28, color: "red", fontWeight: "bold"}}>
+                      {
+                        this.getPrice(product)
+                      }
+                    </span>
+                  </Descriptions.Item>
+                  <Descriptions.Item label={i18next.t("product:Quantity")}><span style={{fontSize: 16}}>{product?.quantity}</span></Descriptions.Item>
+                  <Descriptions.Item label={i18next.t("product:Sold")}><span style={{fontSize: 16}}>{product?.sold}</span></Descriptions.Item>
+                </React.Fragment>
+              )
+            }
             <Descriptions.Item label={i18next.t("product:Pay")} span={3}>
               {
                 this.renderPay(product)

web/src/ProductEditPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select} from "antd";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
 import * as ProductBackend from "./backend/ProductBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
@@ -216,14 +216,27 @@ class ProductEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("product:Price"), i18next.t("product:Price - Tooltip"))} :
+            {Setting.getLabel(i18next.t("product:Is recharge"), i18next.t("product:Is recharge - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <InputNumber value={this.state.product.price} disabled={isCreatedByPlan} onChange={value => {
-              this.updateProductField("price", value);
+            <Switch checked={this.state.product.isRecharge} onChange={value => {
+              this.updateProductField("isRecharge", value);
             }} />
           </Col>
         </Row>
+        {
+          this.state.product.isRecharge ? null : (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("product:Price"), i18next.t("product:Price - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <InputNumber value={this.state.product.price} disabled={isCreatedByPlan} onChange={value => {
+                  this.updateProductField("price", value);
+                }} />
+              </Col>
+            </Row>
+          )}
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("product:Quantity"), i18next.t("product:Quantity - Tooltip"))} :

web/src/ProductListPage.js

@@ -38,6 +38,7 @@ class ProductListPage extends BaseListPage {
       price: 300,
       quantity: 99,
       sold: 10,
+      isRecharge: false,
       providers: [],
       state: "Published",
     };

web/src/ProviderEditPage.js

@@ -725,7 +725,7 @@ class ProviderEditPage extends React.Component {
           (this.state.provider.category === "Web3") ||
           (this.state.provider.category === "Storage" && this.state.provider.type === "Local File System") ||
           (this.state.provider.category === "SMS" && this.state.provider.type === "Custom HTTP SMS") ||
-          (this.state.provider.category === "Notification" && (this.state.provider.type === "Google Chat" || this.state.provider.type === "Custom HTTP")) ? null : (
+          (this.state.provider.category === "Notification" && (this.state.provider.type === "Google Chat" || this.state.provider.type === "Custom HTTP") || this.state.provider.type === "Balance") ? null : (
               <React.Fragment>
                 {
                   (this.state.provider.category === "Storage" && this.state.provider.type === "Google Cloud Storage") ||

web/src/Setting.js

@@ -56,6 +56,8 @@ export const Countries = [
   {label: "Українська", key: "uk", country: "UA", alt: "Українська"},
   {label: "Қазақ", key: "kk", country: "KZ", alt: "Қазақ"},
   {label: "فارسی", key: "fa", country: "IR", alt: "فارسی"},
+  {label: "Čeština", key: "cs", country: "CZ", alt: "Čeština"},
+  {label: "Slovenčina", key: "sk", country: "SK", alt: "Slovenčina"},
 ];
 
 export function getThemeData(organization, application) {
@@ -247,6 +249,10 @@ export const OtherProviderInfo = {
       logo: `${StaticBaseUrl}/img/payment_paypal.png`,
       url: "",
     },
+    "Balance": {
+      logo: `${StaticBaseUrl}/img/payment_balance.svg`,
+      url: "",
+    },
     "Alipay": {
       logo: `${StaticBaseUrl}/img/payment_alipay.png`,
       url: "https://www.alipay.com/",
@@ -1067,6 +1073,7 @@ export function getProviderTypeOptions(category) {
   } else if (category === "Payment") {
     return ([
       {id: "Dummy", name: "Dummy"},
+      {id: "Balance", name: "Balance"},
       {id: "Alipay", name: "Alipay"},
       {id: "WeChat Pay", name: "WeChat Pay"},
       {id: "PayPal", name: "PayPal"},
@@ -1364,6 +1371,13 @@ export function getApplicationName(application) {
   return `${application?.owner}/${application?.name}`;
 }
 
+export function getApplicationDisplayName(application) {
+  if (application.isShared) {
+    return `${application.name}(Shared)`;
+  }
+  return application.name;
+}
+
 export function getRandomName() {
   return Math.random().toString(36).slice(-6);
 }
@@ -1516,3 +1530,13 @@ export function getDefaultHtmlEmailContent() {
 </body>
 </html>`;
 }
+
+export function getCurrencyText(product) {
+  if (product?.currency === "USD") {
+    return i18next.t("product:USD");
+  } else if (product?.currency === "CNY") {
+    return i18next.t("product:CNY");
+  } else {
+    return "(Unknown currency)";
+  }
+}

web/src/TourConfig.js

@@ -203,13 +203,24 @@ export function getNextUrl(pathName = window.location.pathname) {
   return TourUrlList[TourUrlList.indexOf(pathName.replace("/", "")) + 1] || "";
 }
 
+let orgIsTourVisible = true;
+
+export function setOrgIsTourVisible(visible) {
+  orgIsTourVisible = visible;
+}
+
 export function setIsTourVisible(visible) {
   localStorage.setItem("isTourVisible", visible);
-  window.dispatchEvent(new Event("storageTourChanged"));
+}
+
+export function setTourLogo(tourLogoSrc) {
+  if (tourLogoSrc !== "") {
+    TourObj["home"][0]["cover"] = (<img alt="casdoor.png" src={tourLogoSrc} />);
+  }
 }
 
 export function getTourVisible() {
-  return localStorage.getItem("isTourVisible") !== "false";
+  return localStorage.getItem("isTourVisible") !== "false" && orgIsTourVisible;
 }
 
 export function getNextButtonChild(nextPathName) {

web/src/TransactionEditPage.js

@@ -125,7 +125,7 @@ class TransactionEditPage extends React.Component {
           application: application,
         });
 
-        this.getCerts(application.organization);
+        this.getCerts(application);
 
         this.getSamlMetadata(application.enableSamlPostBinding);
       });

web/src/UserEditPage.js

@@ -41,6 +41,7 @@ import {CheckCircleOutlined, HolderOutlined, UsergroupAddOutlined} from "@ant-de
 import * as MfaBackend from "./backend/MfaBackend";
 import AccountAvatar from "./account/AccountAvatar";
 import FaceIdTable from "./table/FaceIdTable";
+import MfaAccountTable from "./table/MfaAccountTable";
 
 const {Option} = Select;
 
@@ -707,6 +708,19 @@ class UserEditPage extends React.Component {
           </Col>
         </Row>
       );
+    } else if (accountItem.name === "Balance") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Balance"), i18next.t("user:Balance - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber value={this.state.user.balance} onChange={value => {
+              this.updateUserField("balance", value);
+            }} />
+          </Col>
+        </Row>
+      );
     } else if (accountItem.name === "Score") {
       return (
         <Row style={{marginTop: "20px"}} >
@@ -1026,6 +1040,21 @@ class UserEditPage extends React.Component {
           </Col>
         </Row>
       );
+    } else if (accountItem.name === "MFA accounts") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:MFA accounts"), i18next.t("user:MFA accounts"))} :
+          </Col>
+          <Col span={22} >
+            <MfaAccountTable
+              title={i18next.t("user:MFA accounts")}
+              table={this.state.user.mfaAccounts}
+              onUpdateTable={(table) => {this.updateUserField("mfaAccounts", table);}}
+            />
+          </Col>
+        </Row>
+      );
     } else if (accountItem.name === "Need update password") {
       return (
         <Row style={{marginTop: "20px"}} >

web/src/WebhookEditPage.js

@@ -167,6 +167,9 @@ class WebhookEditPage extends React.Component {
       ["add", "update", "delete"].forEach(action => {
         res.push(`${action}-${obj}`);
       });
+      if (obj === "payment") {
+        res.push("invoice-payment", "notify-payment");
+      }
     });
     return res;
   }

web/src/auth/LoginPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React, {Suspense, lazy} from "react";
-import {Button, Checkbox, Col, Form, Input, Result, Spin, Tabs} from "antd";
+import {Button, Checkbox, Col, Form, Input, Result, Spin, Tabs, message} from "antd";
 import {ArrowLeftOutlined, LockOutlined, UserOutlined} from "@ant-design/icons";
 import {withRouter} from "react-router-dom";
 import * as UserWebauthnBackend from "../backend/UserWebauthnBackend";
@@ -23,7 +23,6 @@ import * as AuthBackend from "./AuthBackend";
 import * as OrganizationBackend from "../backend/OrganizationBackend";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as Provider from "./Provider";
-import * as ProviderButton from "./ProviderButton";
 import * as Util from "./Util";
 import * as Setting from "../Setting";
 import * as AgreementModal from "../common/modal/AgreementModal";
@@ -36,6 +35,7 @@ import {CaptchaModal, CaptchaRule} from "../common/modal/CaptchaModal";
 import RedirectForm from "../common/RedirectForm";
 import {MfaAuthVerifyForm, NextMfa, RequiredMfa} from "./mfa/MfaAuthVerifyForm";
 import {GoogleOneTapLoginVirtualButton} from "./GoogleLoginButton";
+import * as ProviderButton from "./ProviderButton";
 const FaceRecognitionModal = lazy(() => import("../common/modal/FaceRecognitionModal"));
 
 class LoginPage extends React.Component {
@@ -746,8 +746,21 @@ class LoginPage extends React.Component {
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           <Form.Item>
             {
-              application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map(providerItem => {
-                return ProviderButton.renderProviderLogo(providerItem.provider, application, null, null, signinItem.rule, this.props.location);
+              application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map((providerItem, id) => {
+                return (
+                  <span key ={id} onClick={(e) => {
+                    const agreementChecked = this.form.current.getFieldValue("agreement");
+
+                    if (agreementChecked !== undefined && typeof agreementChecked === "boolean" && !agreementChecked) {
+                      e.preventDefault();
+                      message.error(i18next.t("signup:Please accept the agreement!"));
+                    }
+                  }}>
+                    {
+                      ProviderButton.renderProviderLogo(providerItem.provider, application, null, null, signinItem.rule, this.props.location)
+                    }
+                  </span>
+                );
               })
             }
             {

web/src/auth/Provider.js

@@ -61,9 +61,9 @@ const authInfo = {
   },
   WeCom: {
     scope: "snsapi_userinfo",
-    endpoint: "https://open.work.weixin.qq.com/wwopen/sso/3rd_qrConnect",
+    endpoint: "https://login.work.weixin.qq.com/wwlogin/sso/login",
     silentEndpoint: "https://open.weixin.qq.com/connect/oauth2/authorize",
-    internalEndpoint: "https://open.work.weixin.qq.com/wwopen/sso/qrConnect",
+    internalEndpoint: "https://login.work.weixin.qq.com/wwlogin/sso/login",
   },
   Lark: {
     // scope: "email",
@@ -433,7 +433,7 @@ export function getAuthUrl(application, provider, method, code) {
         return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&scope=${scope}&response_type=code#wechat_redirect`;
       } else if (provider.method === "Normal") {
         endpoint = authInfo[provider.type].internalEndpoint;
-        return `${endpoint}?appid=${provider.clientId}&agentid=${provider.appId}&redirect_uri=${redirectUri}&state=${state}&usertype=member`;
+        return `${endpoint}?login_type=CorpApp&appid=${provider.clientId}&agentid=${provider.appId}&redirect_uri=${redirectUri}&state=${state}`;
       } else {
         return `https://error:not-supported-provider-method:${provider.method}`;
       }
@@ -442,7 +442,8 @@ export function getAuthUrl(application, provider, method, code) {
         endpoint = authInfo[provider.type].silentEndpoint;
         return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&scope=${scope}&response_type=code#wechat_redirect`;
       } else if (provider.method === "Normal") {
-        return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&usertype=member`;
+        endpoint = authInfo[provider.type].endpoint;
+        return `${endpoint}?login_type=ServiceApp&appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}`;
       } else {
         return `https://error:not-supported-provider-method:${provider.method}`;
       }

web/src/auth/SignupPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Form, Input, Radio, Result, Row} from "antd";
+import {Button, Form, Input, Radio, Result, Row, message} from "antd";
 import * as Setting from "../Setting";
 import * as AuthBackend from "./AuthBackend";
 import * as ProviderButton from "./ProviderButton";
@@ -653,8 +653,21 @@ class SignupPage extends React.Component {
       }
       return (
 
-        application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map(providerItem => {
-          return ProviderButton.renderProviderLogo(providerItem.provider, application, null, null, signupItem.rule, this.props.location);
+        application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map((providerItem, id) => {
+          return (
+            <span key={id} onClick={(e) => {
+              const agreementChecked = this.form.current.getFieldValue("agreement");
+
+              if (agreementChecked !== undefined && typeof agreementChecked === "boolean" && !agreementChecked) {
+                e.preventDefault();
+                message.error(i18next.t("signup:Please accept the agreement!"));
+              }
+            }}>
+              {
+                ProviderButton.renderProviderLogo(providerItem.provider, application, null, null, signupItem.rule, this.props.location)
+              }
+            </span>
+          );
         })
 
       );

web/src/backend/ProductBackend.js

@@ -70,8 +70,8 @@ export function deleteProduct(product) {
   }).then(res => res.json());
 }
 
-export function buyProduct(owner, name, providerName, pricingName = "", planName = "", userName = "", paymentEnv = "") {
-  return fetch(`${Setting.ServerUrl}/api/buy-product?id=${owner}/${encodeURIComponent(name)}&providerName=${providerName}&pricingName=${pricingName}&planName=${planName}&userName=${userName}&paymentEnv=${paymentEnv}`, {
+export function buyProduct(owner, name, providerName, pricingName = "", planName = "", userName = "", paymentEnv = "", customPrice = 0) {
+  return fetch(`${Setting.ServerUrl}/api/buy-product?id=${owner}/${encodeURIComponent(name)}&providerName=${providerName}&pricingName=${pricingName}&planName=${planName}&userName=${userName}&paymentEnv=${paymentEnv}&customPrice=${customPrice}`, {
     method: "POST",
     credentials: "include",
     headers: {

web/src/i18n.js

@@ -125,6 +125,14 @@ function initLanguage() {
       case "fa":
         language = "fa";
         break;
+      case "cs":
+      case "cs-CZ":
+        language = "cs";
+        break;
+      case "sk":
+      case "sk-SK":
+        language = "sk";
+        break;
       default:
         language = Conf.DefaultLanguage;
       }

web/src/locales/ar/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/de/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "Wenn aktiviert, werden gelöschte Benutzer nicht vollständig aus der Datenbank entfernt. Stattdessen werden sie als gelöscht markiert",
     "Tags": "Tags",
     "Tags - Tooltip": "Sammlung von Tags, die für Benutzer zur Auswahl zur Verfügung stehen",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "Ansichtsregel",
     "Visible": "Sichtbar",
     "Website URL": "Website-URL",
@@ -619,6 +621,7 @@
     "Processing...": "In Bearbeitung...",
     "Product": "Produkt",
     "Product - Tooltip": "Produktname",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Ergebnis",
     "Return to Website": "Zurück zur Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "Die Zahlung wird immer noch bearbeitet",
     "Type - Tooltip": "Zahlungsmethode, die beim Kauf des Produkts verwendet wurde",
     "You have successfully completed the payment": "Sie haben die Zahlung erfolgreich abgeschlossen",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "Bitte warten Sie ein paar Sekunden...",
     "the current state is": "der aktuelle Zustand ist"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Produkt bearbeiten",
     "Image": "Bild",
     "Image - Tooltip": "Bild des Produkts",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "Neues Produkt",
     "Pay": "Zahlen",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Zugehörigkeit",
     "Affiliation - Tooltip": "Arbeitgeber, wie Firmenname oder Organisationsname",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Selbstvorstellung des Nutzers",
     "Birthday": "Birthday",

web/src/locales/en/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/es/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "Cuando se habilita, la eliminación de usuarios no los eliminará por completo de la base de datos. En su lugar, se marcarán como eliminados",
     "Tags": "Etiquetas",
     "Tags - Tooltip": "Colección de etiquetas disponibles para que los usuarios elijan",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "Regla de visualización",
     "Visible": "Visible  - Visible",
     "Website URL": "URL del sitio web",
@@ -619,6 +621,7 @@
     "Processing...": "Procesando...",
     "Product": "Producto",
     "Product - Tooltip": "Nombre del producto",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Resultado",
     "Return to Website": "Regresar al sitio web",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "El pago aún está en proceso",
     "Type - Tooltip": "Método de pago utilizado al comprar el producto",
     "You have successfully completed the payment": "Has completado el pago exitosamente",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "Por favor espera unos segundos...",
     "the current state is": "el estado actual es"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Editar Producto",
     "Image": "Imagen",
     "Image - Tooltip": "Imagen del producto",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "Nuevo producto",
     "Pay": "Pagar",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Afiliación",
     "Affiliation - Tooltip": "Empleador, como el nombre de una empresa u organización",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio - Biografía",
     "Bio - Tooltip": "Introducción personal del usuario",
     "Birthday": "Birthday",

web/src/locales/fa/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/fi/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/fr/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "Lorsque c'est activée, la suppression de compte ne les retirera pas complètement de la base de données. Au lieu de cela, ils seront marqués comme supprimés",
     "Tags": "Étiquettes",
     "Tags - Tooltip": "Collection d'étiquettes disponibles pour les comptes",
+    "Use Email as username": "Utiliser l'e-mail comme identifiant",
+    "Use Email as username - Tooltip": "Utiliser l'adresse e-mail comme identifiant pour les comptes lorsque l'identifiant ne fait pas partie des champs d'inscription",
     "View rule": "Règle de visibilité",
     "Visible": "Visible",
     "Website URL": "URL du site web",
@@ -619,6 +621,7 @@
     "Processing...": "Traitement...",
     "Product": "Produit",
     "Product - Tooltip": "Nom du produit",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Résultat",
     "Return to Website": "Retourner sur le site web",
     "The payment has been canceled": "Le paiement a été annulé",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "Le paiement est encore en cours de traitement",
     "Type - Tooltip": "Méthode de paiement utilisée lors de l'achat du produit",
     "You have successfully completed the payment": "Vous avez effectué le paiement avec succès",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "Veuillez patienter quelques secondes...",
     "the current state is": "l'état actuel est"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Modifier le produit",
     "Image": "Image",
     "Image - Tooltip": "Image du produit",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "Nouveau produit",
     "Pay": "Payer",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employeur, tel que le nom de l'entreprise ou de l'organisation",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Biographie du compte",
     "Birthday": "Date de naissance",

web/src/locales/he/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/id/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "Ketika diaktifkan, menghapus pengguna tidak akan sepenuhnya menghapus mereka dari database. Sebaliknya, mereka akan ditandai sebagai dihapus",
     "Tags": "Tag-tag",
     "Tags - Tooltip": "Kumpulan tag yang tersedia bagi pengguna untuk dipilih",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "Aturan tampilan",
     "Visible": "Terlihat",
     "Website URL": "URL situs web",
@@ -619,6 +621,7 @@
     "Processing...": "Pemrosesan...",
     "Product": "Produk",
     "Product - Tooltip": "Nama Produk",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Hasil",
     "Return to Website": "Kembali ke Situs Web",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "Pembayaran masih dalam proses",
     "Type - Tooltip": "Metode pembayaran yang digunakan saat membeli produk",
     "You have successfully completed the payment": "Anda telah berhasil menyelesaikan pembayaran",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "Mohon tunggu beberapa detik...",
     "the current state is": "keadaan saat ini adalah"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Produk",
     "Image": "Gambar",
     "Image - Tooltip": "Gambar produk",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "Produk Baru",
     "Pay": "Bayar",
     "PayPal": "Paypal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Afiliasi",
     "Affiliation - Tooltip": "Pemberi Kerja, seperti nama perusahaan atau nama organisasi",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio: Biografi",
     "Bio - Tooltip": "Pengenalan diri dari pengguna",
     "Birthday": "Birthday",

web/src/locales/it/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/ja/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "有効になっている場合、ユーザーを削除しても完全にデータベースから削除されません。代わりに、削除されたとマークされます",
     "Tags": "タグ",
     "Tags - Tooltip": "ユーザーが選択できるタグのコレクション",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "ビュールール",
     "Visible": "見える",
     "Website URL": "ウェブサイトのURL",
@@ -619,6 +621,7 @@
     "Processing...": "処理中... ",
     "Product": "製品",
     "Product - Tooltip": "製品名",
+    "Recharged successfully": "Recharged successfully",
     "Result": "結果",
     "Return to Website": "ウェブサイトに戻る",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "支払いはまだ処理中です",
     "Type - Tooltip": "製品を購入する際に使用される支払方法",
     "You have successfully completed the payment": "あなたは支払いを正常に完了しました",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "数秒お待ちください...",
     "the current state is": "現在の状態は"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "製品を編集",
     "Image": "画像",
     "Image - Tooltip": "製品のイメージ",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "新製品",
     "Pay": "支払う",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "所属",
     "Affiliation - Tooltip": "企業名や団体名などの雇用主",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "バイオ技術",
     "Bio - Tooltip": "ユーザーの自己紹介\n\n私は○○です。私は○○（国、都市、職業など）出身で、現在は○○（国、都市、職業など）に住んでいます。私は○○（趣味、特技、興味など）が好きで、空き時間にはよくそれをしています。よろしくお願いします",
     "Birthday": "Birthday",

web/src/locales/kk/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/ko/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "사용 가능한 경우, 사용자 삭제 시 데이터베이스에서 완전히 삭제되지 않습니다. 대신 삭제됨으로 표시됩니다",
     "Tags": "태그",
     "Tags - Tooltip": "사용자가 선택할 수 있는 태그 컬렉션",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "보기 규칙",
     "Visible": "보이는",
     "Website URL": "웹사이트 URL",
@@ -619,6 +621,7 @@
     "Processing...": "처리 중...",
     "Product": "제품",
     "Product - Tooltip": "제품 이름",
+    "Recharged successfully": "Recharged successfully",
     "Result": "결과",
     "Return to Website": "웹 사이트로 돌아가기",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "지불은 아직 처리 중입니다",
     "Type - Tooltip": "제품을 구매할 때 사용되는 결제 방법",
     "You have successfully completed the payment": "당신은 결제를 성공적으로 완료하셨습니다",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "잠시만 기다려주세요...",
     "the current state is": "현재 상태입니다"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "제품 편집",
     "Image": "이미지",
     "Image - Tooltip": "제품 이미지",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "새로운 제품",
     "Pay": "결제하다",
     "PayPal": "페이팔",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "소속",
     "Affiliation - Tooltip": "고용주, 회사명 또는 조직명",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "바이오",
     "Bio - Tooltip": "사용자의 자기소개\n\n안녕하세요, 저는 [이름]입니다. 한국을 포함한 여러 나라에서 살아본 적이 있습니다. 저는 [직업/전공]을 공부하고 있으며 [취미/관심사]에 대해 깊게 알고 있습니다. 이 채팅 서비스를 사용하여 새로운 사람들과 함께 대화를 나누기를 원합니다. 감사합니다",
     "Birthday": "Birthday",

web/src/locales/ms/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/nl/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/pl/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/pt/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "Quando ativada, a exclusão de usuários não os removerá completamente do banco de dados. Em vez disso, eles serão marcados como excluídos",
     "Tags": "Tags",
     "Tags - Tooltip": "Coleção de tags disponíveis para os usuários escolherem",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "Ver regra",
     "Visible": "Visível",
     "Website URL": "URL do website",
@@ -619,6 +621,7 @@
     "Processing...": "Processando...",
     "Product": "Produto",
     "Product - Tooltip": "Nome do Produto",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Resultado",
     "Return to Website": "Retornar ao Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "O pagamento ainda está sendo processado",
     "Type - Tooltip": "Método de pagamento utilizado ao comprar o produto",
     "You have successfully completed the payment": "Você concluiu o pagamento com sucesso",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "por favor, aguarde alguns segundos...",
     "the current state is": "o estado atual é"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Editar Produto",
     "Image": "Imagem",
     "Image - Tooltip": "Imagem do produto",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "Novo Produto",
     "Pay": "Pagar",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Afiliação",
     "Affiliation - Tooltip": "Empregador, como nome da empresa ou organização",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Biografia",
     "Bio - Tooltip": "Autoapresentação do usuário",
     "Birthday": "Aniversário",

web/src/locales/ru/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "Когда включено, удаление пользователей не полностью удаляет их из базы данных. Вместо этого они будут помечены как удаленные",
     "Tags": "Теги",
     "Tags - Tooltip": "Коллекция тегов, доступных для выбора пользователями",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "Правило просмотра",
     "Visible": "Видимый",
     "Website URL": "Веб-адрес сайта",
@@ -619,6 +621,7 @@
     "Processing...": "Обработка...",
     "Product": "Продукт",
     "Product - Tooltip": "Название продукта",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Результат",
     "Return to Website": "Вернуться на веб-сайт",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "Оплата все еще обрабатывается",
     "Type - Tooltip": "Способ оплаты, используемый при покупке товара",
     "You have successfully completed the payment": "Вы успешно произвели платеж",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "Пожалуйста, подождите несколько секунд...",
     "the current state is": "текущее состояние"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Редактировать продукт",
     "Image": "Изображение",
     "Image - Tooltip": "Изображение продукта",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "Новый продукт",
     "Pay": "Заплатить",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Принадлежность",
     "Affiliation - Tooltip": "Работодатель, такой как название компании или организации",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Био",
     "Bio - Tooltip": "Само представление пользователя",
     "Birthday": "Birthday",

web/src/locales/sv/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/tr/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "When enabled, deleting users will not completely remove them from the database. Instead, they will be marked as deleted",
     "Tags": "Tags",
     "Tags - Tooltip": "Collection of tags available for users to choose from",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "View rule",
     "Visible": "Görünür",
     "Website URL": "Web Sitesi URL'si",
@@ -619,6 +621,7 @@
     "Processing...": "Processing...",
     "Product": "Product",
     "Product - Tooltip": "Product Name",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Result",
     "Return to Website": "Return to Website",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "The payment is still under processing",
     "Type - Tooltip": "Payment method used when purchasing the product",
     "You have successfully completed the payment": "You have successfully completed the payment",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "please wait for a few seconds...",
     "the current state is": "the current state is"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Edit Product",
     "Image": "Image",
     "Image - Tooltip": "Image of product",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
     "Pay": "Pay",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Affiliation",
     "Affiliation - Tooltip": "Employer, such as company name or organization name",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "Bio",
     "Bio - Tooltip": "Self introduction of the user",
     "Birthday": "Birthday",

web/src/locales/uk/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "Якщо ввімкнено, видалення користувачів не призведе до їх повного видалення з бази даних. ",
     "Tags": "Теги",
     "Tags - Tooltip": "Колекція тегів, доступна для вибору користувачами",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "Переглянути правило",
     "Visible": "Видно",
     "Website URL": "адреса вебсайту",
@@ -619,6 +621,7 @@
     "Processing...": "Обробка...",
     "Product": "Продукт",
     "Product - Tooltip": "Назва продукту",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Результат",
     "Return to Website": "Повернутися на сайт",
     "The payment has been canceled": "Платіж скасовано",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "Платіж ще обробляється",
     "Type - Tooltip": "Спосіб оплати, який використовується при покупці товару",
     "You have successfully completed the payment": "Ви успішно завершили оплату",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "зачекайте кілька секунд...",
     "the current state is": "поточний стан є"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Редагувати товар",
     "Image": "Зображення",
     "Image - Tooltip": "Зображення товару",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "Новий продукт",
     "Pay": "платити",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Приналежність",
     "Affiliation - Tooltip": "Роботодавець, наприклад назва компанії чи організації",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "біографія",
     "Bio - Tooltip": "Самостійне представлення користувача",
     "Birthday": "день народження",

web/src/locales/vi/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "Khi được bật, việc xóa người dùng sẽ không hoàn toàn loại bỏ họ khỏi cơ sở dữ liệu. Thay vào đó, họ sẽ được đánh dấu là đã bị xóa",
     "Tags": "Thẻ",
     "Tags - Tooltip": "Bộ sưu tập các thẻ có sẵn cho người dùng lựa chọn",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "Xem quy tắc",
     "Visible": "Rõ ràng",
     "Website URL": "Địa chỉ trang web",
@@ -619,6 +621,7 @@
     "Processing...": "Đang xử lý...",
     "Product": "Sản phẩm",
     "Product - Tooltip": "Tên sản phẩm",
+    "Recharged successfully": "Recharged successfully",
     "Result": "Kết quả",
     "Return to Website": "Trở lại trang web",
     "The payment has been canceled": "The payment has been canceled",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "Thanh toán vẫn đang được xử lý",
     "Type - Tooltip": "Phương thức thanh toán được sử dụng khi mua sản phẩm",
     "You have successfully completed the payment": "Bạn đã hoàn thành thanh toán thành công",
+    "You have successfully recharged": "You have successfully recharged",
+    "Your current balance is": "Your current balance is",
     "please wait for a few seconds...": "Vui lòng đợi trong vài giây...",
     "the current state is": "tình trạng hiện tại là"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "Sửa sản phẩm",
     "Image": "Ảnh",
     "Image - Tooltip": "Hình ảnh sản phẩm",
+    "Is recharge": "Is recharge",
+    "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "Sản phẩm mới",
     "Pay": "Trả tiền",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "Address line",
     "Affiliation": "Liên kết",
     "Affiliation - Tooltip": "Nhà tuyển dụng, chẳng hạn như tên công ty hoặc tổ chức",
+    "Balance": "Balance",
+    "Balance - Tooltip": "User's balance",
     "Bio": "bản vẻ đời sống",
     "Bio - Tooltip": "Tự giới thiệu của người dùng",
     "Birthday": "Birthday",

web/src/locales/zh/data.json

@@ -576,6 +576,8 @@
     "Soft deletion - Tooltip": "启用后，删除一个用户时不会在数据库彻底清除，只会标记为已删除状态",
     "Tags": "标签集合",
     "Tags - Tooltip": "可供用户选择的标签集合",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
     "View rule": "查看规则",
     "Visible": "是否可见",
     "Website URL": "主页地址",
@@ -619,6 +621,7 @@
     "Processing...": "正在处理...",
     "Product": "商品",
     "Product - Tooltip": "商品名称",
+    "Recharged successfully": "充值成功",
     "Result": "结果",
     "Return to Website": "返回原网站",
     "The payment has been canceled": "付款已取消",
@@ -627,6 +630,8 @@
     "The payment is still under processing": "支付正在处理",
     "Type - Tooltip": "商品购买时的支付方式",
     "You have successfully completed the payment": "支付成功",
+    "You have successfully recharged": "您已成功充值",
+    "Your current balance is": "您现在的余额为",
     "please wait for a few seconds...": "请稍后...",
     "the current state is": "当前状态为"
   },
@@ -689,6 +694,8 @@
     "Edit Product": "编辑商品",
     "Image": "图片",
     "Image - Tooltip": "商品图片",
+    "Is recharge": "充值",
+    "Is recharge - Tooltip": "当前商品是否为充值商品",
     "New Product": "添加商品",
     "Pay": "支付方式",
     "PayPal": "PayPal",
@@ -1080,6 +1087,8 @@
     "Address line": "地址",
     "Affiliation": "工作单位",
     "Affiliation - Tooltip": "工作单位，如公司、组织名称",
+    "Balance": "余额",
+    "Balance - Tooltip": "用户的余额",
     "Bio": "自我介绍",
     "Bio - Tooltip": "用户的自我介绍",
     "Birthday": "生日",

web/src/table/AccountTable.js

@@ -88,6 +88,7 @@ class AccountTable extends React.Component {
       {name: "Gender", label: i18next.t("user:Gender")},
       {name: "Birthday", label: i18next.t("user:Birthday")},
       {name: "Education", label: i18next.t("user:Education")},
+      {name: "Balance", label: i18next.t("user:Balance")},
       {name: "Score", label: i18next.t("user:Score")},
       {name: "Karma", label: i18next.t("user:Karma")},
       {name: "Ranking", label: i18next.t("user:Ranking")},
@@ -107,6 +108,7 @@ class AccountTable extends React.Component {
       {name: "WebAuthn credentials", label: i18next.t("user:WebAuthn credentials")},
       {name: "Managed accounts", label: i18next.t("user:Managed accounts")},
       {name: "Face ID", label: i18next.t("user:Face ID")},
+      {name: "MFA accounts", label: i18next.t("user:MFA accounts")},
     ];
   };
 

web/src/table/MfaAccountTable.js

@@ -0,0 +1,182 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {DeleteOutlined, DownOutlined, UpOutlined} from "@ant-design/icons";
+import {Button, Col, Image, Input, Row, Table, Tooltip} from "antd";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+
+class MfaAccountTable extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      mfaAccounts: this.props.table !== null ? this.props.table.map((item, index) => {
+        item.key = index;
+        return item;
+      }) : [],
+    };
+  }
+
+  count = this.props.table?.length ?? 0;
+
+  updateTable(table) {
+    this.setState({
+      mfaAccounts: table,
+    });
+
+    this.props.onUpdateTable([...table].map((item) => {
+      const newItem = Setting.deepCopy(item);
+      delete newItem.key;
+      return newItem;
+    }));
+  }
+
+  updateField(table, index, key, value) {
+    table[index][key] = value;
+    this.updateTable(table);
+  }
+
+  addRow(table) {
+    const row = {key: this.count, accountName: "", issuer: "", secretKey: ""};
+    if (table === undefined || table === null) {
+      table = [];
+    }
+
+    this.count += 1;
+    table = Setting.addRow(table, row);
+    this.updateTable(table);
+  }
+
+  deleteRow(table, i) {
+    table = Setting.deleteRow(table, i);
+    this.updateTable(table);
+  }
+
+  upRow(table, i) {
+    table = Setting.swapRow(table, i - 1, i);
+    this.updateTable(table);
+  }
+
+  downRow(table, i) {
+    table = Setting.swapRow(table, i, i + 1);
+    this.updateTable(table);
+  }
+
+  renderTable(table) {
+    const columns = [
+      {
+        title: i18next.t("mfaAccount:Account Name"),
+        dataIndex: "accountName",
+        key: "accountName",
+        width: "400px",
+        render: (text, record, index) => {
+          return (
+            <Input value={text} onChange={e => {
+              this.updateField(table, index, "accountName", e.target.value);
+            }} />
+          );
+        },
+      },
+      {
+        title: i18next.t("mfaAccount:Issuer"),
+        dataIndex: "issuer",
+        key: "issuer",
+        width: "300px",
+        render: (text, record, index) => {
+          return (
+            <Input value={text} onChange={e => {
+              this.updateField(table, index, "issuer", e.target.value);
+            }} />
+          );
+        },
+      },
+      {
+        title: i18next.t("mfaAccount:Secret Key"),
+        dataIndex: "secretKey",
+        key: "secretKey",
+        render: (text, record, index) => {
+          return (
+            <Input.Password value={text} onChange={e => {
+              this.updateField(table, index, "secretKey", e.target.value);
+            }} />
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Logo"),
+        dataIndex: "issuer",
+        key: "logo",
+        width: "60px",
+        render: (text, record, index) => (
+          <Tooltip>
+            {text ? (
+              <Image width={36} height={36} preview={false} src={`https://cdn.casbin.org/img/social_${text.toLowerCase()}.png`}
+                fallback="https://cdn.casbin.org/img/social_default.png" alt={text} />
+            ) : (
+              <Image width={36} height={36} preview={false} src={"https://cdn.casbin.org/img/social_default.png"} alt="default" />
+            )}
+          </Tooltip>
+        ),
+      },
+      {
+        title: i18next.t("general:Action"),
+        key: "action",
+        width: "100px",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Tooltip placement="bottomLeft" title={i18next.t("general:Up")}>
+                <Button style={{marginRight: "5px"}} disabled={index === 0} icon={<UpOutlined />} size="small" onClick={() => this.upRow(table, index)} />
+              </Tooltip>
+              <Tooltip placement="topLeft" title={i18next.t("general:Down")}>
+                <Button style={{marginRight: "5px"}} disabled={index === table.length - 1} icon={<DownOutlined />} size="small" onClick={() => this.downRow(table, index)} />
+              </Tooltip>
+              <Tooltip placement="topLeft" title={i18next.t("general:Delete")}>
+                <Button icon={<DeleteOutlined />} size="small" onClick={() => this.deleteRow(table, index)} />
+              </Tooltip>
+            </div>
+          );
+        },
+      },
+    ];
+    return (
+      <Table scroll={{x: "max-content"}} rowKey="key" columns={columns} dataSource={table} size="middle" bordered pagination={false}
+        title={() => (
+          <div>
+            {this.props.title}&nbsp;&nbsp;&nbsp;&nbsp;
+            <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={() => this.addRow(table)}>{i18next.t("general:Add")}</Button>
+          </div>
+        )}
+      />
+    );
+  }
+
+  render() {
+    return (
+      <div>
+        <Row style={{marginTop: "20px"}} >
+          <Col span={24}>
+            {
+              this.renderTable(this.state.mfaAccounts)
+            }
+          </Col>
+        </Row>
+      </div>
+    );
+  }
+}
+
+export default MfaAccountTable;