feat: add more crypto algorithm for jwt signing (#3150)

* feat: add more algorithm support for JWT signing

* feat: add i18n support

* feat: add i18n support

* feat: optimize if statement

* fix: remove additional space line

conf/app.conf

@@ -21,6 +21,7 @@ originFrontend =
 staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
+enableErrorMask = false
 enableGzip = true
 ldapServerPort = 389
 radiusServerPort = 1812

controllers/auth.go

@@ -665,6 +665,11 @@ func (c *ApiController) Login() {
 						return
 					}
 
+					if application.IsSignupItemRequired("Invitation code") {
+						c.ResponseError(c.T("check:Invitation code cannot be blank"))
+						return
+					}
+
 					// Handle username conflicts
 					var tmpUser *object.User
 					tmpUser, err = object.GetUser(util.GetId(application.Organization, userInfo.Username))

controllers/link.go

@@ -60,7 +60,6 @@ func (c *ApiController) Unlink() {
 			c.ResponseError(err.Error())
 			return
 		}
-
 		if application == nil {
 			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return

controllers/resource.go

@@ -257,7 +257,7 @@ func (c *ApiController) UploadResource() {
 		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
 	}
 
-	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
+	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 450)
 	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
 		ext := filepath.Ext(filepath.Base(fullFilePath))
 		index := len(fullFilePath) - len(ext)

controllers/user.go

@@ -289,6 +289,16 @@ func (c *ApiController) UpdateUser() {
 		}
 	}
 
+	if user.MfaEmailEnabled && user.Email == "" {
+		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
+		return
+	}
+
+	if user.MfaPhoneEnabled && user.Phone == "" {
+		c.ResponseError(c.T("user:MFA phone is enabled but phone number is empty"))
+		return
+	}
+
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return

controllers/util.go

@@ -45,6 +45,13 @@ func (c *ApiController) ResponseOk(data ...interface{}) {
 
 // ResponseError ...
 func (c *ApiController) ResponseError(error string, data ...interface{}) {
+	enableErrorMask := conf.GetConfigBool("enableErrorMask")
+	if enableErrorMask {
+		if strings.HasPrefix(error, "The user: ") && strings.HasSuffix(error, " doesn't exist") || strings.HasPrefix(error, "用户: ") && strings.HasSuffix(error, "不存在") {
+			error = c.T("check:password or code is incorrect")
+		}
+	}
+
 	resp := &Response{Status: "error", Msg: error}
 	c.ResponseJsonData(resp, data...)
 }

deployment/deploy.go

@@ -27,7 +27,18 @@ import (
 )
 
 func deployStaticFiles(provider *object.Provider) {
-	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
+	certificate := ""
+	if provider.Category == "Storage" && provider.Type == "Casdoor" {
+		cert, err := object.GetCert(util.GetId(provider.Owner, provider.Cert))
+		if err != nil {
+			panic(err)
+		}
+		if cert == nil {
+			panic(err)
+		}
+		certificate = cert.Certificate
+	}
+	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint, certificate, provider.Content)
 	if err != nil {
 		panic(err)
 	}

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/casdoor/go-sms-sender v0.24.0
 	github.com/casdoor/gomail/v2 v2.0.1
 	github.com/casdoor/notify v0.45.0
-	github.com/casdoor/oss v1.6.0
+	github.com/casdoor/oss v1.8.0
 	github.com/casdoor/xorm-adapter/v3 v3.1.0
 	github.com/casvisor/casvisor-go-sdk v1.4.0
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
@@ -30,7 +30,7 @@ require (
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
 	github.com/go-webauthn/webauthn v0.6.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/uuid v1.4.0
+	github.com/google/uuid v1.6.0
 	github.com/json-iterator/go v1.1.12
 	github.com/lestrrat-go/jwx v1.2.29
 	github.com/lib/pq v1.10.9

go.sum

@@ -1083,6 +1083,8 @@ github.com/casbin/casbin/v2 v2.28.3/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRt
 github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg=
 github.com/casbin/casbin/v2 v2.77.2 h1:yQinn/w9x8AswiwqwtrXz93VU48R1aYTXdHEx4RI3jM=
 github.com/casbin/casbin/v2 v2.77.2/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk=
+github.com/casdoor/casdoor-go-sdk v0.50.0 h1:bUYbz/MzJuWfLKJbJM0+U0YpYewAur+THp5TKnufWZM=
+github.com/casdoor/casdoor-go-sdk v0.50.0/go.mod h1:cMnkCQJgMYpgAlgEx8reSt1AVaDIQLcJ1zk5pzBaz+4=
 github.com/casdoor/go-reddit/v2 v2.1.0 h1:kIbfdJ7AA7H0uTQ8s0q4GGZqSS5V9wVE74RrXyD9XPs=
 github.com/casdoor/go-reddit/v2 v2.1.0/go.mod h1:eagkvwlZ4Hcsuc/uQsLHYEulz5jN65SVSwV/AIE7zsc=
 github.com/casdoor/go-sms-sender v0.24.0 h1:LNLsce3EG/87I3JS6UiajF3LlQmdIiCgebEu0IE4wSM=
@@ -1091,8 +1093,8 @@ github.com/casdoor/gomail/v2 v2.0.1 h1:J+FG6x80s9e5lBHUn8Sv0Y56mud34KiWih5YdmudR
 github.com/casdoor/gomail/v2 v2.0.1/go.mod h1:VnGPslEAtpix5FjHisR/WKB1qvZDBaujbikxDe9d+2Q=
 github.com/casdoor/notify v0.45.0 h1:OlaFvcQFjGOgA4mRx07M8AH1gvb5xNo21mcqrVGlLgk=
 github.com/casdoor/notify v0.45.0/go.mod h1:wNHQu0tiDROMBIvz0j3Om3Lhd5yZ+AIfnFb8MYb8OLQ=
-github.com/casdoor/oss v1.6.0 h1:IOWrGLJ+VO82qS796eaRnzFPPA1Sn3cotYTi7O/VIlQ=
+github.com/casdoor/oss v1.8.0 h1:uuyKhDIp7ydOtV4lpqhAY23Ban2Ln8La8+QT36CwylM=
-github.com/casdoor/oss v1.6.0/go.mod h1:rJAWA0hLhtu94t6IRpotLUkXO1NWMASirywQYaGizJE=
+github.com/casdoor/oss v1.8.0/go.mod h1:uaqO7KBI2lnZcnB8rF7O6C2bN7llIbfC5Ql8ex1yR1U=
 github.com/casdoor/xorm-adapter/v3 v3.1.0 h1:NodWayRtSLVSeCvL9H3Hc61k0G17KhV9IymTCNfh3kk=
 github.com/casdoor/xorm-adapter/v3 v3.1.0/go.mod h1:4WTcUw+bTgBylGHeGHzTtBvuTXRS23dtwzFLl9tsgFM=
 github.com/casvisor/casvisor-go-sdk v1.4.0 h1:hbZEGGJ1cwdHFAxeXrMoNw6yha6Oyg2F0qQhBNCN/dg=
@@ -1460,8 +1462,9 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=

i18n/generate_test.go

@@ -45,6 +45,8 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	applyToOtherLanguage("frontend", "uk", data)
 	applyToOtherLanguage("frontend", "kk", data)
 	applyToOtherLanguage("frontend", "fa", data)
+	applyToOtherLanguage("frontend", "cs", data)
+	applyToOtherLanguage("frontend", "sk", data)
 }
 
 func TestGenerateI18nBackend(t *testing.T) {
@@ -73,4 +75,6 @@ func TestGenerateI18nBackend(t *testing.T) {
 	applyToOtherLanguage("backend", "uk", data)
 	applyToOtherLanguage("backend", "kk", data)
 	applyToOtherLanguage("backend", "fa", data)
+	applyToOtherLanguage("backend", "cs", data)
+	applyToOtherLanguage("backend", "sk", data)
 }

i18n/locales/cs/data.json

@@ -0,0 +1,167 @@
+{
+  "account": {
+    "Failed to add user": "Nepodařilo se přidat uživatele",
+    "Get init score failed, error: %w": "Nepodařilo se získat počáteční skóre, chyba: %w",
+    "Please sign out first": "Nejprve se prosím odhlaste",
+    "The application does not allow to sign up new account": "Aplikace neumožňuje registraci nového účtu"
+  },
+  "auth": {
+    "Challenge method should be S256": "Metoda výzvy by měla být S256",
+    "Failed to create user, user information is invalid: %s": "Nepodařilo se vytvořit uživatele, informace o uživateli jsou neplatné: %s",
+    "Failed to login in: %s": "Nepodařilo se přihlásit: %s",
+    "Invalid token": "Neplatný token",
+    "State expected: %s, but got: %s": "Očekávaný stav: %s, ale získán: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) neexistuje a není povoleno se registrovat jako nový účet přes %%s, prosím použijte jiný způsob registrace",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) neexistuje a není povoleno se registrovat jako nový účet, prosím kontaktujte svou IT podporu",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) je již propojen s jiným účtem: %s (%s)",
+    "The application: %s does not exist": "Aplikace: %s neexistuje",
+    "The login method: login with LDAP is not enabled for the application": "Metoda přihlášení: přihlášení pomocí LDAP není pro aplikaci povolena",
+    "The login method: login with SMS is not enabled for the application": "Metoda přihlášení: přihlášení pomocí SMS není pro aplikaci povolena",
+    "The login method: login with email is not enabled for the application": "Metoda přihlášení: přihlášení pomocí emailu není pro aplikaci povolena",
+    "The login method: login with face is not enabled for the application": "Metoda přihlášení: přihlášení pomocí obličeje není pro aplikaci povolena",
+    "The login method: login with password is not enabled for the application": "Metoda přihlášení: přihlášení pomocí hesla není pro aplikaci povolena",
+    "The organization: %s does not exist": "Organizace: %s neexistuje",
+    "The provider: %s is not enabled for the application": "Poskytovatel: %s není pro aplikaci povolen",
+    "Unauthorized operation": "Neoprávněná operace",
+    "Unknown authentication type (not password or provider), form = %s": "Neznámý typ autentizace (není heslo nebo poskytovatel), formulář = %s",
+    "User's tag: %s is not listed in the application's tags": "Štítek uživatele: %s není uveden v štítcích aplikace",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Placený uživatel %s nemá aktivní nebo čekající předplatné a aplikace: %s nemá výchozí ceny"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Služba %s a %s se neshodují"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Příslušnost nemůže být prázdná",
+    "Default code does not match the code's matching rules": "Výchozí kód neodpovídá pravidlům pro shodu kódů",
+    "DisplayName cannot be blank": "Zobrazované jméno nemůže být prázdné",
+    "DisplayName is not valid real name": "Zobrazované jméno není platné skutečné jméno",
+    "Email already exists": "Email již existuje",
+    "Email cannot be empty": "Email nemůže být prázdný",
+    "Email is invalid": "Email je neplatný",
+    "Empty username.": "Prázdné uživatelské jméno.",
+    "Face data does not exist, cannot log in": "Data obličeje neexistují, nelze se přihlásit",
+    "Face data mismatch": "Neshoda dat obličeje",
+    "FirstName cannot be blank": "Křestní jméno nemůže být prázdné",
+    "Invitation code cannot be blank": "Pozvánkový kód nemůže být prázdný",
+    "Invitation code exhausted": "Pozvánkový kód vyčerpán",
+    "Invitation code is invalid": "Pozvánkový kód je neplatný",
+    "Invitation code suspended": "Pozvánkový kód pozastaven",
+    "LDAP user name or password incorrect": "Uživatelské jméno nebo heslo LDAP je nesprávné",
+    "LastName cannot be blank": "Příjmení nemůže být prázdné",
+    "Multiple accounts with same uid, please check your ldap server": "Více účtů se stejným uid, prosím zkontrolujte svůj ldap server",
+    "Organization does not exist": "Organizace neexistuje",
+    "Phone already exists": "Telefon již existuje",
+    "Phone cannot be empty": "Telefon nemůže být prázdný",
+    "Phone number is invalid": "Telefonní číslo je neplatné",
+    "Please register using the email corresponding to the invitation code": "Prosím zaregistrujte se pomocí emailu odpovídajícího pozvánkovému kódu",
+    "Please register using the phone  corresponding to the invitation code": "Prosím zaregistrujte se pomocí telefonu odpovídajícího pozvánkovému kódu",
+    "Please register using the username corresponding to the invitation code": "Prosím zaregistrujte se pomocí uživatelského jména odpovídajícího pozvánkovému kódu",
+    "Session outdated, please login again": "Relace je zastaralá, prosím přihlaste se znovu",
+    "The invitation code has already been used": "Pozvánkový kód již byl použit",
+    "The user is forbidden to sign in, please contact the administrator": "Uživatel má zakázáno se přihlásit, prosím kontaktujte administrátora",
+    "The user: %s doesn't exist in LDAP server": "Uživatel: %s neexistuje na LDAP serveru",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Uživatelské jméno může obsahovat pouze alfanumerické znaky, podtržítka nebo pomlčky, nemůže mít po sobě jdoucí pomlčky nebo podtržítka a nemůže začínat nebo končit pomlčkou nebo podtržítkem.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Hodnota \\\"%s\\\" pro pole účtu \\\"%s\\\" neodpovídá regulárnímu výrazu položky účtu",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Hodnota \\\"%s\\\" pro pole registrace \\\"%s\\\" neodpovídá regulárnímu výrazu položky registrace aplikace \\\"%s\\\"",
+    "Username already exists": "Uživatelské jméno již existuje",
+    "Username cannot be an email address": "Uživatelské jméno nemůže být emailová adresa",
+    "Username cannot contain white spaces": "Uživatelské jméno nemůže obsahovat mezery",
+    "Username cannot start with a digit": "Uživatelské jméno nemůže začínat číslicí",
+    "Username is too long (maximum is 39 characters).": "Uživatelské jméno je příliš dlouhé (maximálně 39 znaků).",
+    "Username must have at least 2 characters": "Uživatelské jméno musí mít alespoň 2 znaky",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali jste špatné heslo nebo kód příliš mnohokrát, prosím počkejte %d minut a zkuste to znovu",
+    "Your region is not allow to signup by phone": "Vaše oblast neumožňuje registraci pomocí telefonu",
+    "password or code is incorrect": "heslo nebo kód je nesprávné",
+    "password or code is incorrect, you have %d remaining chances": "heslo nebo kód je nesprávné, máte %d zbývajících pokusů",
+    "unsupported password type: %s": "nepodporovaný typ hesla: %s"
+  },
+  "general": {
+    "Missing parameter": "Chybějící parametr",
+    "Please login first": "Prosím, přihlaste se nejprve",
+    "The organization: %s should have one application at least": "Organizace: %s by měla mít alespoň jednu aplikaci",
+    "The user: %s doesn't exist": "Uživatel: %s neexistuje",
+    "don't support captchaProvider: ": "nepodporuje captchaProvider: ",
+    "this operation is not allowed in demo mode": "tato operace není povolena v demo režimu",
+    "this operation requires administrator to perform": "tato operace vyžaduje administrátora"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server existuje"
+  },
+  "link": {
+    "Please link first": "Prosím, nejprve propojte",
+    "This application has no providers": "Tato aplikace nemá žádné poskytovatele",
+    "This application has no providers of type": "Tato aplikace nemá žádné poskytovatele typu",
+    "This provider can't be unlinked": "Tento poskytovatel nemůže být odpojen",
+    "You are not the global admin, you can't unlink other users": "Nejste globální administrátor, nemůžete odpojovat jiné uživatele",
+    "You can't unlink yourself, you are not a member of any application": "Nemůžete odpojit sami sebe, nejste členem žádné aplikace"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Pouze administrátor může upravit %s.",
+    "The %s is immutable.": "%s je neměnný.",
+    "Unknown modify rule %s.": "Neznámé pravidlo úpravy %s."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "Oprávnění: \\\"%s\\\" neexistuje"
+  },
+  "provider": {
+    "Invalid application id": "Neplatné ID aplikace",
+    "the provider: %s does not exist": "poskytovatel: %s neexistuje"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "Uživatel je nil pro tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Uživatelské jméno nebo úplná cesta k souboru je prázdná: uživatelské jméno = %s, úplná cesta k souboru = %s"
+  },
+  "saml": {
+    "Application %s not found": "Aplikace %s nebyla nalezena"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "poskytovatel %s není kategorie SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Prázdné parametry pro emailForm: %v",
+    "Invalid Email receivers: %s": "Neplatní příjemci emailu: %s",
+    "Invalid phone receivers: %s": "Neplatní příjemci telefonu: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "objectKey: %s není povolen",
+    "The provider type: %s is not supported": "typ poskytovatele: %s není podporován"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s není v této aplikaci podporován",
+    "Invalid application or wrong clientSecret": "Neplatná aplikace nebo špatný clientSecret",
+    "Invalid client_id": "Neplatné client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Přesměrovací URI: %s neexistuje v seznamu povolených přesměrovacích URI",
+    "Token not found, invalid accessToken": "Token nenalezen, neplatný accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Zobrazované jméno nemůže být prázdné",
+    "New password cannot contain blank space.": "Nové heslo nemůže obsahovat prázdné místo."
+  },
+  "user_upload": {
+    "Failed to import users": "Nepodařilo se importovat uživatele"
+  },
+  "util": {
+    "No application is found for userId: %s": "Pro userId: %s nebyla nalezena žádná aplikace",
+    "No provider for category: %s is found for application: %s": "Pro kategorii: %s nebyl nalezen žádný poskytovatel pro aplikaci: %s",
+    "The provider: %s is not found": "Poskytovatel: %s nebyl nalezen"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Neplatný poskytovatel captcha.",
+    "Phone number is invalid in your region %s": "Telefonní číslo je ve vaší oblasti %s neplatné",
+    "The verification code has not been sent yet!": "Ověřovací kód ještě nebyl odeslán!",
+    "The verification code has not been sent yet, or has already been used!": "Ověřovací kód ještě nebyl odeslán, nebo již byl použit!",
+    "Turing test failed.": "Turingův test selhal.",
+    "Unable to get the email modify rule.": "Nelze získat pravidlo pro úpravu emailu.",
+    "Unable to get the phone modify rule.": "Nelze získat pravidlo pro úpravu telefonu.",
+    "Unknown type": "Neznámý typ",
+    "Wrong verification code!": "Špatný ověřovací kód!",
+    "You should verify your code in %d min!": "Měli byste ověřit svůj kód do %d minut!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "prosím přidejte poskytovatele SMS do seznamu \\\"Providers\\\" pro aplikaci: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "prosím přidejte poskytovatele emailu do seznamu \\\"Providers\\\" pro aplikaci: %s",
+    "the user does not exist, please sign up first": "uživatel neexistuje, prosím nejprve se zaregistrujte"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Nebyly nalezeny žádné přihlašovací údaje pro tohoto uživatele",
+    "Please call WebAuthnSigninBegin first": "Prosím, nejprve zavolejte WebAuthnSigninBegin"
+  }
+}

i18n/locales/sk/data.json

@@ -0,0 +1,167 @@
+{
+  "account": {
+    "Failed to add user": "Nepodarilo sa pridať používateľa",
+    "Get init score failed, error: %w": "Získanie počiatočného skóre zlyhalo, chyba: %w",
+    "Please sign out first": "Najskôr sa prosím odhláste",
+    "The application does not allow to sign up new account": "Aplikácia neumožňuje registráciu nového účtu"
+  },
+  "auth": {
+    "Challenge method should be S256": "Metóda výzvy by mala byť S256",
+    "Failed to create user, user information is invalid: %s": "Nepodarilo sa vytvoriť používateľa, informácie o používateľovi sú neplatné: %s",
+    "Failed to login in: %s": "Prihlásenie zlyhalo: %s",
+    "Invalid token": "Neplatný token",
+    "State expected: %s, but got: %s": "Očakávaný stav: %s, ale dostali sme: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Účet pre poskytovateľa: %s a používateľské meno: %s (%s) neexistuje a nie je povolené zaregistrovať nový účet cez %%s, prosím použite iný spôsob registrácie",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Účet pre poskytovateľa: %s a používateľské meno: %s (%s) neexistuje a nie je povolené zaregistrovať nový účet, prosím kontaktujte vašu IT podporu",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Účet pre poskytovateľa: %s a používateľské meno: %s (%s) je už prepojený s iným účtom: %s (%s)",
+    "The application: %s does not exist": "Aplikácia: %s neexistuje",
+    "The login method: login with LDAP is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou LDAP nie je pre aplikáciu povolená",
+    "The login method: login with SMS is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou SMS nie je pre aplikáciu povolená",
+    "The login method: login with email is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou e-mailu nie je pre aplikáciu povolená",
+    "The login method: login with face is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou tváre nie je pre aplikáciu povolená",
+    "The login method: login with password is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou hesla nie je pre aplikáciu povolená",
+    "The organization: %s does not exist": "Organizácia: %s neexistuje",
+    "The provider: %s is not enabled for the application": "Poskytovateľ: %s nie je pre aplikáciu povolený",
+    "Unauthorized operation": "Neautorizovaná operácia",
+    "Unknown authentication type (not password or provider), form = %s": "Neznámy typ autentifikácie (nie heslo alebo poskytovateľ), forma = %s",
+    "User's tag: %s is not listed in the application's tags": "Štítok používateľa: %s nie je uvedený v štítkoch aplikácie",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "platiaci používateľ %s nemá aktívne alebo čakajúce predplatné a aplikácia: %s nemá predvolenú cenovú politiku"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Služba %s a %s sa nezhodujú"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Príslušnosť nemôže byť prázdna",
+    "Default code does not match the code's matching rules": "Predvolený kód nezodpovedá pravidlám zodpovedania kódu",
+    "DisplayName cannot be blank": "Zobrazované meno nemôže byť prázdne",
+    "DisplayName is not valid real name": "Zobrazované meno nie je platné skutočné meno",
+    "Email already exists": "E-mail už existuje",
+    "Email cannot be empty": "E-mail nemôže byť prázdny",
+    "Email is invalid": "E-mail je neplatný",
+    "Empty username.": "Prázdne používateľské meno.",
+    "Face data does not exist, cannot log in": "Dáta o tvári neexistujú, nemožno sa prihlásiť",
+    "Face data mismatch": "Nesúlad dát o tvári",
+    "FirstName cannot be blank": "Meno nemôže byť prázdne",
+    "Invitation code cannot be blank": "Kód pozvania nemôže byť prázdny",
+    "Invitation code exhausted": "Kód pozvania bol vyčerpaný",
+    "Invitation code is invalid": "Kód pozvania je neplatný",
+    "Invitation code suspended": "Kód pozvania bol pozastavený",
+    "LDAP user name or password incorrect": "LDAP používateľské meno alebo heslo sú nesprávne",
+    "LastName cannot be blank": "Priezvisko nemôže byť prázdne",
+    "Multiple accounts with same uid, please check your ldap server": "Viacero účtov s rovnakým uid, skontrolujte svoj ldap server",
+    "Organization does not exist": "Organizácia neexistuje",
+    "Phone already exists": "Telefón už existuje",
+    "Phone cannot be empty": "Telefón nemôže byť prázdny",
+    "Phone number is invalid": "Telefónne číslo je neplatné",
+    "Please register using the email corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou e-mailu zodpovedajúceho kódu pozvania",
+    "Please register using the phone corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou telefónu zodpovedajúceho kódu pozvania",
+    "Please register using the username corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou používateľského mena zodpovedajúceho kódu pozvania",
+    "Session outdated, please login again": "Relácia je zastaraná, prosím, prihláste sa znova",
+    "The invitation code has already been used": "Kód pozvania už bol použitý",
+    "The user is forbidden to sign in, please contact the administrator": "Používateľovi je zakázané prihlásenie, prosím, kontaktujte administrátora",
+    "The user: %s doesn't exist in LDAP server": "Používateľ: %s neexistuje na LDAP serveri",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Používateľské meno môže obsahovať iba alfanumerické znaky, podtržníky alebo pomlčky, nemôže obsahovať po sebe idúce pomlčky alebo podtržníky a nemôže začínať alebo končiť pomlčkou alebo podtržníkom.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Hodnota \\\"%s\\\" pre pole účtu \\\"%s\\\" nezodpovedá regulárnemu výrazu položky účtu",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Hodnota \\\"%s\\\" pre pole registrácie \\\"%s\\\" nezodpovedá regulárnemu výrazu položky registrácie aplikácie \\\"%s\\\"",
+    "Username already exists": "Používateľské meno už existuje",
+    "Username cannot be an email address": "Používateľské meno nemôže byť e-mailová adresa",
+    "Username cannot contain white spaces": "Používateľské meno nemôže obsahovať medzery",
+    "Username cannot start with a digit": "Používateľské meno nemôže začínať číslicou",
+    "Username is too long (maximum is 39 characters).": "Používateľské meno je príliš dlhé (maximum je 39 znakov).",
+    "Username must have at least 2 characters": "Používateľské meno musí mať aspoň 2 znaky",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali ste nesprávne heslo alebo kód príliš veľa krát, prosím, počkajte %d minút a skúste to znova",
+    "Your region is not allow to signup by phone": "Váš región neumožňuje registráciu cez telefón",
+    "password or code is incorrect": "heslo alebo kód je nesprávne",
+    "password or code is incorrect, you have %d remaining chances": "heslo alebo kód je nesprávne, máte %d zostávajúcich pokusov",
+    "unsupported password type: %s": "nepodporovaný typ hesla: %s"
+  },
+  "general": {
+    "Missing parameter": "Chýbajúci parameter",
+    "Please login first": "Najskôr sa prosím prihláste",
+    "The organization: %s should have one application at least": "Organizácia: %s by mala mať aspoň jednu aplikáciu",
+    "The user: %s doesn't exist": "Používateľ: %s neexistuje",
+    "don't support captchaProvider: ": "nepodporuje captchaProvider: ",
+    "this operation is not allowed in demo mode": "táto operácia nie je povolená v demo režime",
+    "this operation requires administrator to perform": "táto operácia vyžaduje vykonanie administrátorom"
+  },
+  "ldap": {
+    "Ldap server exist": "LDAP server existuje"
+  },
+  "link": {
+    "Please link first": "Najskôr sa prosím prepojte",
+    "This application has no providers": "Táto aplikácia nemá žiadnych poskytovateľov",
+    "This application has no providers of type": "Táto aplikácia nemá poskytovateľov typu",
+    "This provider can't be unlinked": "Tento poskytovateľ nemôže byť odpojený",
+    "You are not the global admin, you can't unlink other users": "Nie ste globálny administrátor, nemôžete odpojiť iných používateľov",
+    "You can't unlink yourself, you are not a member of any application": "Nemôžete sa odpojiť, nie ste členom žiadnej aplikácie"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Len administrátor môže upravovať %s.",
+    "The %s is immutable.": "%s je nemenný.",
+    "Unknown modify rule %s.": "Neznáme pravidlo úprav %s."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "Povolenie: \\\"%s\\\" neexistuje"
+  },
+  "provider": {
+    "Invalid application id": "Neplatné id aplikácie",
+    "the provider: %s does not exist": "poskytovateľ: %s neexistuje"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "Používateľ je nil pre tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Používateľské meno alebo fullFilePath je prázdny: používateľské meno = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Aplikácia %s nebola nájdená"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "kategória poskytovateľa %s nie je SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Prázdne parametre pre emailForm: %v",
+    "Invalid Email receivers: %s": "Neplatní príjemcovia e-mailu: %s",
+    "Invalid phone receivers: %s": "Neplatní príjemcovia telefónu: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "objectKey: %s nie je povolený",
+    "The provider type: %s is not supported": "Typ poskytovateľa: %s nie je podporovaný"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s nie je podporovaný v tejto aplikácii",
+    "Invalid application or wrong clientSecret": "Neplatná aplikácia alebo nesprávny clientSecret",
+    "Invalid client_id": "Neplatný client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s neexistuje v zozname povolených Redirect URI",
+    "Token not found, invalid accessToken": "Token nebol nájdený, neplatný accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Zobrazované meno nemôže byť prázdne",
+    "New password cannot contain blank space.": "Nové heslo nemôže obsahovať medzery."
+  },
+  "user_upload": {
+    "Failed to import users": "Nepodarilo sa importovať používateľov"
+  },
+  "util": {
+    "No application is found for userId: %s": "Nebola nájdená žiadna aplikácia pre userId: %s",
+    "No provider for category: %s is found for application: %s": "Pre aplikáciu: %s nebol nájdený žiadny poskytovateľ pre kategóriu: %s",
+    "The provider: %s is not found": "Poskytovateľ: %s nebol nájdený"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Neplatný captcha poskytovateľ.",
+    "Phone number is invalid in your region %s": "Telefónne číslo je neplatné vo vašom regióne %s",
+    "The verification code has not been sent yet!": "Overovací kód ešte nebol odoslaný!",
+    "The verification code has not been sent yet, or has already been used!": "Overovací kód ešte nebol odoslaný, alebo bol už použitý!",
+    "Turing test failed.": "Test Turinga zlyhal.",
+    "Unable to get the email modify rule.": "Nepodarilo sa získať pravidlo úpravy e-mailu.",
+    "Unable to get the phone modify rule.": "Nepodarilo sa získať pravidlo úpravy telefónu.",
+    "Unknown type": "Neznámy typ",
+    "Wrong verification code!": "Nesprávny overovací kód!",
+    "You should verify your code in %d min!": "Overte svoj kód za %d minút!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "prosím pridajte SMS poskytovateľa do zoznamu \\\"Poskytovatelia\\\" pre aplikáciu: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "prosím pridajte e-mailového poskytovateľa do zoznamu \\\"Poskytovatelia\\\" pre aplikáciu: %s",
+    "the user does not exist, please sign up first": "používateľ neexistuje, prosím, zaregistrujte sa najskôr"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Nenašli sa žiadne prihlasovacie údaje pre tohto používateľa",
+    "Please call WebAuthnSigninBegin first": "Najskôr prosím zavolajte WebAuthnSigninBegin"
+  }
+}

init_data.json.template

@@ -35,7 +35,9 @@
         "FI",
         "SE",
         "UA",
-        "KZ"
+        "KZ",
+        "CZ",
+        "SK"
       ],
       "defaultAvatar": "",
       "defaultApplication": "",
@@ -62,7 +64,9 @@
         "sv",
         "uk",
         "kk",
-        "fa"
+        "fa",
+        "cs",
+        "sk"
       ],
       "masterPassword": "",
       "defaultPassword": "",

object/application.go

@@ -91,11 +91,13 @@ type Application struct {
 	CertPublicKey         string          `xorm:"-" json:"certPublicKey"`
 	Tags                  []string        `xorm:"mediumtext" json:"tags"`
 	SamlAttributes        []*SamlItem     `xorm:"varchar(1000)" json:"samlAttributes"`
+	IsShared              bool            `json:"isShared"`
 
 	ClientId             string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret         string     `xorm:"varchar(100)" json:"clientSecret"`
 	RedirectUris         []string   `xorm:"varchar(1000)" json:"redirectUris"`
 	TokenFormat          string     `xorm:"varchar(100)" json:"tokenFormat"`
+	TokenSigningMethod   string     `xorm:"varchar(100)" json:"tokenSigningMethod"`
 	TokenFields          []string   `xorm:"varchar(1000)" json:"tokenFields"`
 	ExpireInHours        int        `json:"expireInHours"`
 	RefreshExpireInHours int        `json:"refreshExpireInHours"`
@@ -123,9 +125,9 @@ func GetApplicationCount(owner, field, value string) (int64, error) {
 	return session.Count(&Application{})
 }
 
-func GetOrganizationApplicationCount(owner, Organization, field, value string) (int64, error) {
+func GetOrganizationApplicationCount(owner, organization, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Application{Organization: Organization})
+	return session.Where("organization = ? or is_shared = ? ", organization, true).Count(&Application{})
 }
 
 func GetApplications(owner string) ([]*Application, error) {
@@ -140,7 +142,7 @@ func GetApplications(owner string) ([]*Application, error) {
 
 func GetOrganizationApplications(owner string, organization string) ([]*Application, error) {
 	applications := []*Application{}
-	err := ormer.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
+	err := ormer.Engine.Desc("created_time").Where("organization = ? or is_shared = ? ", organization, true).Find(&applications, &Application{})
 	if err != nil {
 		return applications, err
 	}
@@ -162,7 +164,7 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) ([]*Application, error) {
 	applications := []*Application{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&applications, &Application{Organization: organization})
+	err := session.Where("organization = ? or is_shared = ? ", organization, true).Find(&applications, &Application{})
 	if err != nil {
 		return applications, err
 	}
@@ -337,12 +339,18 @@ func getApplication(owner string, name string) (*Application, error) {
 		return nil, nil
 	}
 
-	application := Application{Owner: owner, Name: name}
+	realApplicationName, sharedOrg := util.GetSharedOrgFromApp(name)
+
+	application := Application{Owner: owner, Name: realApplicationName}
 	existed, err := ormer.Engine.Get(&application)
 	if err != nil {
 		return nil, err
 	}
 
+	if application.IsShared && sharedOrg != "" {
+		application.Organization = sharedOrg
+	}
+
 	if existed {
 		err = extendApplicationWithProviders(&application)
 		if err != nil {
@@ -428,11 +436,18 @@ func GetApplicationByUserId(userId string) (application *Application, err error)
 
 func GetApplicationByClientId(clientId string) (*Application, error) {
 	application := Application{}
-	existed, err := ormer.Engine.Where("client_id=?", clientId).Get(&application)
+
+	realClientId, sharedOrg := util.GetSharedOrgFromApp(clientId)
+
+	existed, err := ormer.Engine.Where("client_id=?", realClientId).Get(&application)
 	if err != nil {
 		return nil, err
 	}
 
+	if application.IsShared && sharedOrg != "" {
+		application.Organization = sharedOrg
+	}
+
 	if existed {
 		err = extendApplicationWithProviders(&application)
 		if err != nil {
@@ -626,6 +641,10 @@ func UpdateApplication(id string, application *Application) (bool, error) {
 		return false, err
 	}
 
+	if application.IsShared == true && application.Organization != "built-in" {
+		return false, fmt.Errorf("only applications belonging to built-in organization can be shared")
+	}
+
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}

object/check_util.go

@@ -52,6 +52,9 @@ func GetFailedSigninConfigByUser(user *User) (int, int, error) {
 	if err != nil {
 		return 0, 0, err
 	}
+	if application == nil {
+		return 0, 0, fmt.Errorf("the application for user %s is not found", user.GetId())
+	}
 
 	failedSigninLimit := application.FailedSigninLimit
 	if failedSigninLimit == 0 {

object/ldap.go

@@ -32,6 +32,7 @@ type Ldap struct {
 	BaseDn       string   `xorm:"varchar(100)" json:"baseDn"`
 	Filter       string   `xorm:"varchar(200)" json:"filter"`
 	FilterFields []string `xorm:"varchar(100)" json:"filterFields"`
+	DefaultGroup string   `xorm:"varchar(100)" json:"defaultGroup"`
 
 	AutoSync int    `json:"autoSync"`
 	LastSync string `xorm:"varchar(100)" json:"lastSync"`
@@ -148,7 +149,7 @@ func UpdateLdap(ldap *Ldap) (bool, error) {
 	}
 
 	affected, err := ormer.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync").Update(ldap)
+		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group").Update(ldap)
 	if err != nil {
 		return false, nil
 	}

object/ldap_conn.go

@@ -339,6 +339,10 @@ func SyncLdapUsers(owner string, syncUsers []LdapUser, ldapId string) (existUser
 				Ldap:              syncUser.Uuid,
 			}
 
+			if ldap.DefaultGroup != "" {
+				newUser.Groups = []string{ldap.DefaultGroup}
+			}
+
 			affected, err := AddUser(newUser)
 			if err != nil {
 				return nil, nil, err

object/oidc_discovery.go

@@ -112,7 +112,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		ResponseModesSupported:                 []string{"query", "fragment", "login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
 		SubjectTypesSupported:                  []string{"public"},
-		IdTokenSigningAlgValuesSupported:       []string{"RS256"},
+		IdTokenSigningAlgValuesSupported:       []string{"RS256", "RS512", "ES256", "ES384", "ES512"},
 		ScopesSupported:                        []string{"openid", "email", "profile", "address", "phone", "offline_access"},
 		ClaimsSupported:                        []string{"iss", "ver", "sub", "aud", "iat", "exp", "id", "type", "displayName", "avatar", "permanentAvatar", "email", "phone", "location", "affiliation", "title", "homepage", "bio", "tag", "region", "language", "score", "ranking", "isOnline", "isAdmin", "isForbidden", "signupApplication", "ldap"},
 		RequestParameterSupported:              true,

object/organization.go

@@ -319,6 +319,7 @@ func GetDefaultApplication(id string) (*Application, error) {
 		if defaultApplication == nil {
 			return nil, fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
 		} else {
+			defaultApplication.Organization = organization.Name
 			return defaultApplication, nil
 		}
 	}

object/resource.go

@@ -36,7 +36,7 @@ type Resource struct {
 	FileType    string `xorm:"varchar(100)" json:"fileType"`
 	FileFormat  string `xorm:"varchar(100)" json:"fileFormat"`
 	FileSize    int    `json:"fileSize"`
-	Url         string `xorm:"varchar(255)" json:"url"`
+	Url         string `xorm:"varchar(500)" json:"url"`
 	Description string `xorm:"varchar(255)" json:"description"`
 }
 

object/storage.go

@@ -30,6 +30,13 @@ import (
 
 var isCloudIntranet bool
 
+const (
+	ProviderTypeGoogleCloudStorage = "Google Cloud Storage"
+	ProviderTypeTencentCloudCOS    = "Tencent Cloud COS"
+	ProviderTypeAzureBlob          = "Azure Blob"
+	ProviderTypeLocalFileSystem    = "Local File System"
+)
+
 func init() {
 	isCloudIntranet = conf.GetConfigBool("isCloudIntranet")
 }
@@ -80,27 +87,28 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 	objectKey := util.UrlJoin(util.GetUrlPath(provider.Domain), escapedPath)
 
 	host := ""
-	if provider.Type != "Local File System" {
+	if provider.Type != ProviderTypeLocalFileSystem {
 		// provider.Domain = "https://cdn.casbin.com/casdoor/"
 		host = util.GetUrlHost(provider.Domain)
 	} else {
 		// provider.Domain = "http://localhost:8000" or "https://door.casdoor.com"
 		host = util.UrlJoin(provider.Domain, "/files")
 	}
-	if provider.Type == "Azure Blob" {
+	if provider.Type == ProviderTypeAzureBlob || provider.Type == ProviderTypeGoogleCloudStorage {
 		host = util.UrlJoin(host, provider.Bucket)
 	}
 
 	fileUrl := ""
 	if host != "" {
-		fileUrl = util.UrlJoin(host, escapePath(objectKey))
+		// fileUrl = util.UrlJoin(host, escapePath(objectKey))
+		fileUrl = util.UrlJoin(host, objectKey)
 	}
 
-	if fileUrl != "" && hasTimestamp {
+	// if fileUrl != "" && hasTimestamp {
-		fileUrl = fmt.Sprintf("%s?t=%s", fileUrl, util.GetCurrentUnixTime())
+	//	fileUrl = fmt.Sprintf("%s?t=%s", fileUrl, util.GetCurrentUnixTime())
-	}
+	// }
 
-	if provider.Type == "Tencent Cloud COS" {
+	if provider.Type == ProviderTypeTencentCloudCOS {
 		objectKey = escapePath(objectKey)
 	}
 
@@ -109,7 +117,18 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 
 func getStorageProvider(provider *Provider, lang string) (oss.StorageInterface, error) {
 	endpoint := getProviderEndpoint(provider)
-	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
+	certificate := ""
+	if provider.Category == "Storage" && provider.Type == "Casdoor" {
+		cert, err := GetCert(util.GetId(provider.Owner, provider.Cert))
+		if err != nil {
+			return nil, err
+		}
+		if cert == nil {
+			return nil, fmt.Errorf("no cert for %s", provider.Cert)
+		}
+		certificate = cert.Certificate
+	}
+	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint, certificate, provider.Content)
 	if err != nil {
 		return nil, err
 	}
@@ -135,17 +154,17 @@ func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffe
 	}
 
 	fileUrl, objectKey := GetUploadFileUrl(provider, fullFilePath, true)
+	objectKeyRefined := refineObjectKey(provider, objectKey)
 
-	objectKeyRefined := objectKey
+	object, err := storageProvider.Put(objectKeyRefined, fileBuffer)
-	if provider.Type == "Google Cloud Storage" {
-		objectKeyRefined = strings.TrimPrefix(objectKeyRefined, "/")
-	}
-
-	_, err = storageProvider.Put(objectKeyRefined, fileBuffer)
 	if err != nil {
 		return "", "", err
 	}
 
+	if provider.Type == "Casdoor" {
+		fileUrl = object.Path
+	}
+
 	return fileUrl, objectKey, nil
 }
 
@@ -184,5 +203,13 @@ func DeleteFile(provider *Provider, objectKey string, lang string) error {
 		return err
 	}
 
-	return storageProvider.Delete(objectKey)
+	objectKeyRefined := refineObjectKey(provider, objectKey)
+	return storageProvider.Delete(objectKeyRefined)
+}
+
+func refineObjectKey(provider *Provider, objectKey string) string {
+	if provider.Type == ProviderTypeGoogleCloudStorage {
+		return strings.TrimPrefix(objectKey, "/")
+	}
+	return objectKey
 }

object/token_cas.go

@@ -277,7 +277,6 @@ func GetValidationBySaml(samlRequest string, host string) (string, string, error
 	if err != nil {
 		return "", "", err
 	}
-
 	if application == nil {
 		return "", "", fmt.Errorf("the application for user %s is not found", userId)
 	}

object/token_jwt.go

@@ -17,6 +17,7 @@ package object
 import (
 	"fmt"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/casdoor/casdoor/util"
@@ -128,7 +129,7 @@ type UserWithoutThirdIdp struct {
 	LastSigninWrongTime string `xorm:"varchar(100)" json:"lastSigninWrongTime"`
 	SigninWrongTimes    int    `json:"signinWrongTimes"`
 
-	// ManagedAccounts []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
+	ManagedAccounts []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
 }
 
 type ClaimsShort struct {
@@ -254,6 +255,8 @@ func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {
 
 		LastSigninWrongTime: user.LastSigninWrongTime,
 		SigninWrongTimes:    user.SigninWrongTimes,
+
+		ManagedAccounts: user.ManagedAccounts,
 	}
 
 	return res
@@ -365,6 +368,10 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		},
 	}
 
+	if application.IsShared {
+		claims.Audience = []string{application.ClientId + "-org-" + user.Owner}
+	}
+
 	var token *jwt.Token
 	var refreshToken *jwt.Token
 
@@ -372,36 +379,52 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		application.TokenFormat = "JWT"
 	}
 
+	var jwtMethod jwt.SigningMethod
+
+	if application.TokenSigningMethod == "RS256" {
+		jwtMethod = jwt.SigningMethodRS256
+	} else if application.TokenSigningMethod == "RS512" {
+		jwtMethod = jwt.SigningMethodRS512
+	} else if application.TokenSigningMethod == "ES256" {
+		jwtMethod = jwt.SigningMethodES256
+	} else if application.TokenSigningMethod == "ES512" {
+		jwtMethod = jwt.SigningMethodES512
+	} else if application.TokenSigningMethod == "ES384" {
+		jwtMethod = jwt.SigningMethodES384
+	} else {
+		jwtMethod = jwt.SigningMethodRS256
+	}
+
 	// the JWT token length in "JWT-Empty" mode will be very short, as User object only has two properties: owner and name
 	if application.TokenFormat == "JWT" {
 		claimsWithoutThirdIdp := getClaimsWithoutThirdIdp(claims)
 
-		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsWithoutThirdIdp)
+		token = jwt.NewWithClaims(jwtMethod, claimsWithoutThirdIdp)
 		claimsWithoutThirdIdp.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsWithoutThirdIdp.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsWithoutThirdIdp)
+		refreshToken = jwt.NewWithClaims(jwtMethod, claimsWithoutThirdIdp)
 	} else if application.TokenFormat == "JWT-Empty" {
 		claimsShort := getShortClaims(claims)
 
-		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
+		token = jwt.NewWithClaims(jwtMethod, claimsShort)
 		claimsShort.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsShort.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
+		refreshToken = jwt.NewWithClaims(jwtMethod, claimsShort)
 	} else if application.TokenFormat == "JWT-Custom" {
 		claimsCustom := getClaimsCustom(claims, application.TokenFields)
 
-		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsCustom)
+		token = jwt.NewWithClaims(jwtMethod, claimsCustom)
 		refreshClaims := getClaimsCustom(claims, application.TokenFields)
 		refreshClaims["exp"] = jwt.NewNumericDate(refreshExpireTime)
 		refreshClaims["TokenType"] = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, refreshClaims)
+		refreshToken = jwt.NewWithClaims(jwtMethod, refreshClaims)
 	} else if application.TokenFormat == "JWT-Standard" {
 		claimsStandard := getStandardClaims(claims)
 
-		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsStandard)
+		token = jwt.NewWithClaims(jwtMethod, claimsStandard)
 		claimsStandard.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsStandard.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsStandard)
+		refreshToken = jwt.NewWithClaims(jwtMethod, claimsStandard)
 	} else {
 		return "", "", "", fmt.Errorf("unknown application TokenFormat: %s", application.TokenFormat)
 	}
@@ -419,34 +442,57 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		}
 	}
 
+	var (
+		tokenString        string
+		refreshTokenString string
+		key                interface{}
+	)
+
+	if strings.Contains(application.TokenSigningMethod, "RS") || application.TokenSigningMethod == "" {
 		// RSA private key
-	key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
+		key, err = jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
+	} else if strings.Contains(application.TokenSigningMethod, "ES") {
+		// ES private key
+		key, err = jwt.ParseECPrivateKeyFromPEM([]byte(cert.PrivateKey))
+	} else if strings.Contains(application.TokenSigningMethod, "Ed") {
+		// Ed private key
+		key, err = jwt.ParseEdPrivateKeyFromPEM([]byte(cert.PrivateKey))
+	}
 	if err != nil {
 		return "", "", "", err
 	}
 
 	token.Header["kid"] = cert.Name
-	tokenString, err := token.SignedString(key)
+	tokenString, err = token.SignedString(key)
 	if err != nil {
 		return "", "", "", err
 	}
-	refreshTokenString, err := refreshToken.SignedString(key)
+	refreshTokenString, err = refreshToken.SignedString(key)
 
 	return tokenString, refreshTokenString, name, err
 }
 
 func ParseJwtToken(token string, cert *Cert) (*Claims, error) {
 	t, err := jwt.ParseWithClaims(token, &Claims{}, func(token *jwt.Token) (interface{}, error) {
-		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
+		var (
-			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+			certificate interface{}
-		}
+			err         error
+		)
 
 		if cert.Certificate == "" {
 			return nil, fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
 		}
 
+		if _, ok := token.Method.(*jwt.SigningMethodRSA); ok {
 			// RSA certificate
-		certificate, err := jwt.ParseRSAPublicKeyFromPEM([]byte(cert.Certificate))
+			certificate, err = jwt.ParseRSAPublicKeyFromPEM([]byte(cert.Certificate))
+		} else if _, ok := token.Method.(*jwt.SigningMethodECDSA); ok {
+			// ES certificate
+			certificate, err = jwt.ParseECPublicKeyFromPEM([]byte(cert.Certificate))
+		} else {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+
 		if err != nil {
 			return nil, err
 		}

object/token_oauth.go

@@ -428,23 +428,27 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	if token == nil {
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: "authorization code is invalid",
+			ErrorDescription: fmt.Sprintf("authorization code: [%s] is invalid", code),
 		}, nil
 	}
+
 	if token.CodeIsUsed {
 		// anti replay attacks
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: "authorization code has been used",
+			ErrorDescription: fmt.Sprintf("authorization code has been used for token: [%s]", token.GetId()),
 		}, nil
 	}
 
-	if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
+	if token.CodeChallenge != "" {
+		challengeAnswer := pkceChallenge(verifier)
+		if challengeAnswer != token.CodeChallenge {
 			return nil, &TokenError{
 				Error:            InvalidGrant,
-			ErrorDescription: "verifier is invalid",
+				ErrorDescription: fmt.Sprintf("verifier is invalid, challengeAnswer: [%s], token.CodeChallenge: [%s]", challengeAnswer, token.CodeChallenge),
 			}, nil
 		}
+	}
 
 	if application.ClientSecret != clientSecret {
 		// when using PKCE, the Client Secret can be empty,
@@ -452,13 +456,13 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 		if token.CodeChallenge == "" {
 			return nil, &TokenError{
 				Error:            InvalidClient,
-				ErrorDescription: "client_secret is invalid",
+				ErrorDescription: fmt.Sprintf("client_secret is invalid for application: [%s], token.CodeChallenge: empty", application.GetId()),
 			}, nil
 		} else {
 			if clientSecret != "" {
 				return nil, &TokenError{
 					Error:            InvalidClient,
-					ErrorDescription: "client_secret is invalid",
+					ErrorDescription: fmt.Sprintf("client_secret is invalid for application: [%s], token.CodeChallenge: [%s]", application.GetId(), token.CodeChallenge),
 				}, nil
 			}
 		}
@@ -467,15 +471,16 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	if application.Name != token.Application {
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: "the token is for wrong application (client_id)",
+			ErrorDescription: fmt.Sprintf("the token is for wrong application (client_id), application.Name: [%s], token.Application: [%s]", application.Name, token.Application),
 		}, nil
 	}
 
-	if time.Now().Unix() > token.CodeExpireIn {
+	nowUnix := time.Now().Unix()
+	if nowUnix > token.CodeExpireIn {
 		// code must be used within 5 minutes
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: "authorization code has expired",
+			ErrorDescription: fmt.Sprintf("authorization code has expired, nowUnix: [%s], token.CodeExpireIn: [%s]", time.Unix(nowUnix, 0).Format(time.RFC3339), time.Unix(token.CodeExpireIn, 0).Format(time.RFC3339)),
 		}, nil
 	}
 	return token, nil, nil

object/user.go

@@ -1138,7 +1138,7 @@ func (user *User) IsApplicationAdmin(application *Application) bool {
 		return false
 	}
 
-	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin()
+	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin() || (user.IsAdmin && application.IsShared)
 }
 
 func (user *User) IsGlobalAdmin() bool {

object/user_util.go

@@ -393,6 +393,20 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		itemsChanged = append(itemsChanged, item)
 	}
 
+	if oldUser.Address == nil {
+		oldUser.Address = []string{}
+	}
+	oldUserAddressJson, _ := json.Marshal(oldUser.Address)
+
+	if newUser.Address == nil {
+		newUser.Address = []string{}
+	}
+	newUserAddressJson, _ := json.Marshal(newUser.Address)
+	if string(oldUserAddressJson) != string(newUserAddressJson) {
+		item := GetAccountItemByName("Address", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
 	if newUser.FaceIds != nil {
 		item := GetAccountItemByName("Face ID", organization)
 		itemsChanged = append(itemsChanged, item)
@@ -426,6 +440,31 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		itemsChanged = append(itemsChanged, item)
 	}
 
+	if oldUser.Karma != newUser.Karma {
+		item := GetAccountItemByName("Karma", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.Language != newUser.Language {
+		item := GetAccountItemByName("Language", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.Ranking != newUser.Ranking {
+		item := GetAccountItemByName("Ranking", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.Currency != newUser.Currency {
+		item := GetAccountItemByName("Currency", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.Hash != newUser.Hash {
+		item := GetAccountItemByName("Hash", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
 	for _, accountItem := range itemsChanged {
 
 		if pass, err := CheckAccountItemModifyRule(accountItem, isAdmin, lang); !pass {

radius/server.go

@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"log"
 	"strings"
+	"time"
 
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
@@ -27,6 +28,14 @@ import (
 	"layeh.com/radius/rfc2866"
 )
 
+var StateMap map[string]AccessStateContent
+
+const StateExpiredTime = time.Second * 120
+
+type AccessStateContent struct {
+	ExpiredAt time.Time
+}
+
 func StartRadiusServer() {
 	secret := conf.GetConfigString("radiusSecret")
 	server := radius.PacketServer{
@@ -55,6 +64,7 @@ func handleAccessRequest(w radius.ResponseWriter, r *radius.Request) {
 	username := rfc2865.UserName_GetString(r.Packet)
 	password := rfc2865.UserPassword_GetString(r.Packet)
 	organization := rfc2865.Class_GetString(r.Packet)
+	state := rfc2865.State_GetString(r.Packet)
 	log.Printf("handleAccessRequest() username=%v, org=%v, password=%v", username, organization, password)
 
 	if organization == "" {
@@ -62,12 +72,75 @@ func handleAccessRequest(w radius.ResponseWriter, r *radius.Request) {
 		return
 	}
 
-	_, err := object.CheckUserPassword(organization, username, password, "en")
+	var user *object.User
+	var err error
+
+	if state == "" {
+		user, err = object.CheckUserPassword(organization, username, password, "en")
+	} else {
+		user, err = object.GetUser(fmt.Sprintf("%s/%s", organization, username))
+	}
+
 	if err != nil {
 		w.Write(r.Response(radius.CodeAccessReject))
 		return
 	}
 
+	if user.IsMfaEnabled() {
+		mfaProp := user.GetMfaProps(object.TotpType, false)
+		if mfaProp == nil {
+			w.Write(r.Response(radius.CodeAccessReject))
+			return
+		}
+
+		if StateMap == nil {
+			StateMap = map[string]AccessStateContent{}
+		}
+
+		if state != "" {
+			stateContent, ok := StateMap[state]
+			if !ok {
+				w.Write(r.Response(radius.CodeAccessReject))
+				return
+			}
+
+			delete(StateMap, state)
+			if stateContent.ExpiredAt.Before(time.Now()) {
+				w.Write(r.Response(radius.CodeAccessReject))
+				return
+			}
+
+			mfaUtil := object.GetMfaUtil(mfaProp.MfaType, mfaProp)
+			if mfaUtil.Verify(password) != nil {
+				w.Write(r.Response(radius.CodeAccessReject))
+				return
+			}
+
+			w.Write(r.Response(radius.CodeAccessAccept))
+			return
+		}
+
+		responseState := util.GenerateId()
+		StateMap[responseState] = AccessStateContent{
+			time.Now().Add(StateExpiredTime),
+		}
+
+		err = rfc2865.State_Set(r.Packet, []byte(responseState))
+		if err != nil {
+			w.Write(r.Response(radius.CodeAccessReject))
+			return
+		}
+
+		err = rfc2865.ReplyMessage_Set(r.Packet, []byte("please enter OTP"))
+		if err != nil {
+			w.Write(r.Response(radius.CodeAccessReject))
+			return
+		}
+
+		r.Packet.Code = radius.CodeAccessChallenge
+		w.Write(r.Packet)
+	}
+
 	w.Write(r.Response(radius.CodeAccessAccept))
 }
 

routers/authz_filter.go

@@ -56,7 +56,7 @@ func getSubject(ctx *context.Context) (string, string) {
 	return util.GetOwnerAndNameFromId(username)
 }
 
-func getObject(ctx *context.Context) (string, string) {
+func getObject(ctx *context.Context) (string, string, error) {
 	method := ctx.Request.Method
 	path := ctx.Request.URL.Path
 
@@ -65,13 +65,13 @@ func getObject(ctx *context.Context) (string, string) {
 			if ctx.Input.Query("id") == "/" {
 				adapterId := ctx.Input.Query("adapterId")
 				if adapterId != "" {
-					return util.GetOwnerAndNameFromIdNoCheck(adapterId)
+					return util.GetOwnerAndNameFromIdWithError(adapterId)
 				}
 			} else {
 				// query == "?id=built-in/admin"
 				id := ctx.Input.Query("id")
 				if id != "" {
-					return util.GetOwnerAndNameFromIdNoCheck(id)
+					return util.GetOwnerAndNameFromIdWithError(id)
 				}
 			}
 		}
@@ -80,34 +80,34 @@ func getObject(ctx *context.Context) (string, string) {
 			// query == "?id=built-in/admin"
 			id := ctx.Input.Query("id")
 			if id != "" {
-				return util.GetOwnerAndNameFromIdNoCheck(id)
+				return util.GetOwnerAndNameFromIdWithError(id)
 			}
 		}
 
 		owner := ctx.Input.Query("owner")
 		if owner != "" {
-			return owner, ""
+			return owner, "", nil
 		}
 
-		return "", ""
+		return "", "", nil
 	} else {
 		if path == "/api/add-policy" || path == "/api/remove-policy" || path == "/api/update-policy" {
 			id := ctx.Input.Query("id")
 			if id != "" {
-				return util.GetOwnerAndNameFromIdNoCheck(id)
+				return util.GetOwnerAndNameFromIdWithError(id)
 			}
 		}
 
 		body := ctx.Input.RequestBody
 		if len(body) == 0 {
-			return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name")
+			return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name"), nil
 		}
 
 		var obj Object
 		err := json.Unmarshal(body, &obj)
 		if err != nil {
-			// panic(err)
+			// this is not error
-			return "", ""
+			return "", "", nil
 		}
 
 		if path == "/api/delete-resource" {
@@ -117,7 +117,7 @@ func getObject(ctx *context.Context) (string, string) {
 			}
 		}
 
-		return obj.Owner, obj.Name
+		return obj.Owner, obj.Name, nil
 	}
 }
 
@@ -183,7 +183,12 @@ func ApiFilter(ctx *context.Context) {
 
 	objOwner, objName := "", ""
 	if urlPath != "/api/get-app-login" && urlPath != "/api/get-resource" {
-		objOwner, objName = getObject(ctx)
+		var err error
+		objOwner, objName, err = getObject(ctx)
+		if err != nil {
+			responseError(ctx, err.Error())
+			return
+		}
 	}
 
 	if strings.HasPrefix(urlPath, "/api/notify-payment") {

routers/auto_signin_filter.go

@@ -67,6 +67,17 @@ func AutoSigninFilter(ctx *context.Context) {
 		return
 	}
 
+	accessKey := ctx.Input.Query("accessKey")
+	accessSecret := ctx.Input.Query("accessSecret")
+	if accessKey != "" && accessSecret != "" {
+		userId, err := getUsernameByKeys(ctx)
+		if err != nil {
+			responseError(ctx, err.Error())
+		}
+
+		setSessionUser(ctx, userId)
+	}
+
 	// "/page?clientId=123&clientSecret=456"
 	userId, err := getUsernameByClientIdSecret(ctx)
 	if err != nil {

storage/casdoor.go

@@ -0,0 +1,19 @@
+package storage
+
+import (
+	"github.com/casdoor/oss"
+	"github.com/casdoor/oss/casdoor"
+)
+
+func NewCasdoorStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string, cert string, content string) oss.StorageInterface {
+	sp := casdoor.New(&casdoor.Config{
+		clientId,
+		clientSecret,
+		endpoint,
+		cert,
+		region,
+		content,
+		bucket,
+	})
+	return sp
+}

storage/storage.go

@@ -16,7 +16,7 @@ package storage
 
 import "github.com/casdoor/oss"
 
-func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string) (oss.StorageInterface, error) {
+func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string, cert string, content string) (oss.StorageInterface, error) {
 	switch providerType {
 	case "Local File System":
 		return NewLocalFileSystemStorageProvider(), nil
@@ -36,6 +36,8 @@ func GetStorageProvider(providerType string, clientId string, clientSecret strin
 		return NewGoogleCloudStorageProvider(clientSecret, bucket, endpoint), nil
 	case "Synology":
 		return NewSynologyNasStorageProvider(clientId, clientSecret, endpoint), nil
+	case "Casdoor":
+		return NewCasdoorStorageProvider(providerType, clientId, clientSecret, region, bucket, endpoint, cert, content), nil
 	}
 
 	return nil, nil

util/string.go

@@ -131,6 +131,15 @@ func GetOwnerAndNameFromId(id string) (string, string) {
 	return tokens[0], tokens[1]
 }
 
+func GetOwnerAndNameFromIdWithError(id string) (string, string, error) {
+	tokens := strings.Split(id, "/")
+	if len(tokens) != 2 {
+		return "", "", errors.New("GetOwnerAndNameFromId() error, wrong token count for ID: " + id)
+	}
+
+	return tokens[0], tokens[1], nil
+}
+
 func GetOwnerFromId(id string) string {
 	tokens := strings.Split(id, "/")
 	if len(tokens) != 2 {
@@ -154,6 +163,16 @@ func GetOwnerAndNameAndOtherFromId(id string) (string, string, string) {
 	return tokens[0], tokens[1], tokens[2]
 }
 
+func GetSharedOrgFromApp(rawName string) (name string, organization string) {
+	name = rawName
+	splitName := strings.Split(rawName, "-org-")
+	if len(splitName) >= 2 {
+		organization = splitName[len(splitName)-1]
+		name = splitName[0]
+	}
+	return name, organization
+}
+
 func GenerateId() string {
 	return uuid.NewString()
 }
@@ -354,9 +373,16 @@ func StringToInterfaceArray(array []string) []interface{} {
 func StringToInterfaceArray2d(arrays [][]string) [][]interface{} {
 	var interfaceArrays [][]interface{}
 	for _, req := range arrays {
-		var interfaceArray []interface{}
+		var (
-		for _, r := range req {
+			interfaceArray []interface{}
-			interfaceArray = append(interfaceArray, r)
+			elem           interface{}
+		)
+		for _, elem = range req {
+			jStruct, err := TryJsonToAnonymousStruct(elem.(string))
+			if err == nil {
+				elem = jStruct
+			}
+			interfaceArray = append(interfaceArray, elem)
 		}
 		interfaceArrays = append(interfaceArrays, interfaceArray)
 	}

web/src/AdapterListPage.js

@@ -56,9 +56,11 @@ class AdapterListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/App.js

@@ -344,7 +344,8 @@ class App extends Component {
         window.location.pathname.startsWith("/cas") ||
         window.location.pathname.startsWith("/select-plan") ||
         window.location.pathname.startsWith("/buy-plan") ||
-        window.location.pathname.startsWith("/qrcode") ;
+        window.location.pathname.startsWith("/qrcode") ||
+        window.location.pathname.startsWith("/captcha");
   }
 
   onClick = ({key}) => {

web/src/ApplicationEditPage.js

@@ -116,7 +116,6 @@ class ApplicationEditPage extends React.Component {
   UNSAFE_componentWillMount() {
     this.getApplication();
     this.getOrganizations();
-    this.getProviders();
   }
 
   getApplication() {
@@ -145,7 +144,9 @@ class ApplicationEditPage extends React.Component {
           application: application,
         });
 
-        this.getCerts(application.organization);
+        this.getProviders(application);
+
+        this.getCerts(application);
 
         this.getSamlMetadata(application.enableSamlPostBinding);
       });
@@ -166,7 +167,11 @@ class ApplicationEditPage extends React.Component {
       });
   }
 
-  getCerts(owner) {
+  getCerts(application) {
+    let owner = application.organization;
+    if (application.isShared) {
+      owner = this.props.owner;
+    }
     CertBackend.getCerts(owner)
       .then((res) => {
         this.setState({
@@ -175,8 +180,12 @@ class ApplicationEditPage extends React.Component {
       });
   }
 
-  getProviders() {
+  getProviders(application) {
-    ProviderBackend.getProviders(this.state.owner)
+    let owner = application.organization;
+    if (application.isShared) {
+      owner = this.props.account.owner;
+    }
+    ProviderBackend.getProviders(owner)
       .then((res) => {
         if (res.status === "ok") {
           this.setState({
@@ -263,6 +272,16 @@ class ApplicationEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Is shared"), i18next.t("general:Is shared - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Switch disabled={Setting.isAdminUser()} checked={this.state.application.isShared} onChange={checked => {
+              this.updateApplicationField("isShared", checked);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("general:Logo"), i18next.t("general:Logo - Tooltip"))} :
@@ -388,6 +407,16 @@ class ApplicationEditPage extends React.Component {
             />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Token signing method"), i18next.t("application:Token signing method - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.application.tokenSigningMethod === "" ? "RS256" : this.state.application.tokenSigningMethod} onChange={(value => {this.updateApplicationField("tokenSigningMethod", value);})}
+              options={["RS256", "RS512", "ES256", "ES512", "ES384"].map((item) => Setting.getOption(item, item))}
+            />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("application:Token fields"), i18next.t("application:Token fields - Tooltip"))} :
@@ -989,7 +1018,11 @@ class ApplicationEditPage extends React.Component {
       redirectUri = "\"ERROR: You must specify at least one Redirect URL in 'Redirect URLs'\"";
     }
 
-    const signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;
+    let clientId = this.state.application.clientId;
+    if (this.state.application.isShared) {
+      clientId += `-org-${this.props.account.owner}`;
+    }
+    const signInUrl = `/login/oauth/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;
     const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "97%", width: "100%", background: "rgba(0,0,0,0.4)"};
     if (!Setting.isPasswordEnabled(this.state.application)) {
       signUpUrl = signInUrl.replace("/login/oauth/authorize", "/signup/oauth/authorize");

web/src/ApplicationListPage.js

@@ -97,9 +97,11 @@ class ApplicationListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
@@ -123,7 +125,7 @@ class ApplicationListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <Link to={`/applications/${record.organization}/${text}`}>
-              {text}
+              {Setting.getApplicationDisplayName(record)}
             </Link>
           );
         },

web/src/CaptchaPage.js

@@ -0,0 +1,116 @@
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {CaptchaModal} from "./common/modal/CaptchaModal";
+import * as ApplicationBackend from "./backend/ApplicationBackend";
+import * as Setting from "./Setting";
+
+class CaptchaPage extends React.Component {
+  constructor(props) {
+    super(props);
+    const params = new URLSearchParams(this.props.location.search);
+    this.state = {
+      owner: "admin",
+      application: null,
+      clientId: params.get("client_id"),
+      applicationName: params.get("state"),
+      redirectUri: params.get("redirect_uri"),
+    };
+  }
+
+  componentDidMount() {
+    this.getApplication();
+  }
+
+  onUpdateApplication(application) {
+    this.setState({
+      application: application,
+    });
+  }
+
+  getApplication() {
+    if (this.state.applicationName === null) {
+      return null;
+    }
+
+    ApplicationBackend.getApplication(this.state.owner, this.state.applicationName)
+      .then((res) => {
+        if (res.status === "error") {
+          this.onUpdateApplication(null);
+          this.setState({
+            msg: res.msg,
+          });
+          return ;
+        }
+        this.onUpdateApplication(res.data);
+      });
+  }
+
+  getCaptchaProviderItems(application) {
+    const providers = application?.providers;
+
+    if (providers === undefined || providers === null) {
+      return null;
+    }
+
+    return providers.filter(providerItem => {
+      if (providerItem.provider === undefined || providerItem.provider === null) {
+        return false;
+      }
+
+      return providerItem.provider.category === "Captcha";
+    });
+  }
+
+  callback(values) {
+    Setting.goToLink(`${this.state.redirectUri}?code=${values.captchaToken}&type=${values.captchaType}&secret=${values.clientSecret}&applicationId=${values.applicationId}`);
+  }
+
+  renderCaptchaModal(application) {
+    const captchaProviderItems = this.getCaptchaProviderItems(application);
+    if (captchaProviderItems === null) {
+      return null;
+    }
+    const alwaysProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Always");
+    const dynamicProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Dynamic");
+    const provider = alwaysProviderItems.length > 0
+      ? alwaysProviderItems[0].provider
+      : dynamicProviderItems[0].provider;
+
+    return <CaptchaModal
+      owner={provider.owner}
+      name={provider.name}
+      visible={true}
+      onOk={(captchaType, captchaToken, clientSecret) => {
+        const values = {
+          captchaType: captchaType,
+          captchaToken: captchaToken,
+          clientSecret: clientSecret,
+          applicationId: `${provider.owner}/${provider.name}`,
+        };
+        this.callback(values);
+      }}
+      onCancel={() => this.callback({captchaType: "none", captchaToken: "", clientSecret: ""})}
+      isCurrentProvider={true}
+    />;
+  }
+  render() {
+    return (
+      this.renderCaptchaModal(this.state.application)
+    );
+  }
+}
+
+export default CaptchaPage;

web/src/CertListPage.js

@@ -73,9 +73,11 @@ class CertListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/EnforcerListPage.js

@@ -55,9 +55,11 @@ class EnforcerListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/EntryPage.js

@@ -32,6 +32,7 @@ import {authConfig} from "./auth/Auth";
 import ProductBuyPage from "./ProductBuyPage";
 import PaymentResultPage from "./PaymentResultPage";
 import QrCodePage from "./QrCodePage";
+import CaptchaPage from "./CaptchaPage";
 import CustomHead from "./basic/CustomHead";
 
 class EntryPage extends React.Component {
@@ -120,6 +121,7 @@ class EntryPage extends React.Component {
             <Route exact path="/buy-plan/:owner/:pricingName" render={(props) => <ProductBuyPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
             <Route exact path="/buy-plan/:owner/:pricingName/result" render={(props) => <PaymentResultPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
             <Route exact path="/qrcode/:owner/:paymentName" render={(props) => <QrCodePage {...this.props} onUpdateApplication={onUpdateApplication} {...props} />} />
+            <Route exact path="/captcha" render={(props) => <CaptchaPage {...props} />} />
           </Switch>
         </div>
       </React.Fragment>

web/src/GroupListPage.js

@@ -84,9 +84,11 @@ class GroupListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/InvitationEditPage.js

@@ -199,7 +199,7 @@ class InvitationEditPage extends React.Component {
             <Select virtual={false} style={{width: "100%"}} value={this.state.invitation.application}
               onChange={(value => {this.updateInvitationField("application", value);})}
               options={[
-                {label: "All", value: i18next.t("general:All")},
+                {label: i18next.t("general:All"), value: "All"},
                 ...this.state.applications.map((application) => Setting.getOption(application.name, application.name)),
               ]} />
           </Col>

web/src/InvitationListPage.js

@@ -68,9 +68,11 @@ class InvitationListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/LdapEditPage.js

@@ -13,12 +13,13 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Space, Switch} from "antd";
-import {EyeInvisibleOutlined, EyeTwoTone} from "@ant-design/icons";
+import {EyeInvisibleOutlined, EyeTwoTone, HolderOutlined, UsergroupAddOutlined} from "@ant-design/icons";
 import * as LddpBackend from "./backend/LdapBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
+import * as GroupBackend from "./backend/GroupBackend";
 
 const {Option} = Select;
 
@@ -30,12 +31,14 @@ class LdapEditPage extends React.Component {
       organizationName: props.match.params.organizationName,
       ldap: null,
       organizations: [],
+      groups: null,
     };
   }
 
   UNSAFE_componentWillMount() {
     this.getLdap();
     this.getOrganizations();
+    this.getGroups();
   }
 
   getLdap() {
@@ -60,6 +63,17 @@ class LdapEditPage extends React.Component {
       });
   }
 
+  getGroups() {
+    GroupBackend.getGroups(this.state.organizationName)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            groups: res.data,
+          });
+        }
+      });
+  }
+
   updateLdapField(key, value) {
     this.setState((prevState) => {
       prevState.ldap[key] = value;
@@ -214,6 +228,31 @@ class LdapEditPage extends React.Component {
             />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Default group"), i18next.t("ldap:Default group - Tooltip"))} :
+          </Col>
+          <Col span={21}>
+            <Select virtual={false} style={{width: "100%"}} value={this.state.ldap.defaultGroup ?? []} onChange={(value => {
+              this.updateLdapField("defaultGroup", value);
+            })}
+            >
+              <Option key={""} value={""}>
+                <Space>
+                  {i18next.t("general:Default")}
+                </Space>
+              </Option>
+              {
+                this.state.groups?.map((group) => <Option key={group.name} value={`${group.owner}/${group.name}`}>
+                  <Space>
+                    {group.type === "Physical" ? <UsergroupAddOutlined /> : <HolderOutlined />}
+                    {group.displayName}
+                  </Space>
+                </Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}}>
           <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
             {Setting.getLabel(i18next.t("ldap:Auto Sync"), i18next.t("ldap:Auto Sync - Tooltip"))} :

web/src/ModelListPage.js

@@ -72,9 +72,11 @@ class ModelListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/OrganizationEditPage.js

@@ -360,7 +360,7 @@ class OrganizationEditPage extends React.Component {
           </Col>
           <Col span={22} >
             <Select virtual={false} style={{width: "100%"}} value={this.state.organization.defaultApplication} onChange={(value => {this.updateOrganizationField("defaultApplication", value);})}
-              options={this.state.applications?.map((item) => Setting.getOption(item.name, item.name))
+              options={this.state.applications?.map((item) => Setting.getOption(Setting.getApplicationDisplayName(item.name), item.name))
               } />
           </Col>
         </Row>

web/src/OrganizationListPage.js

@@ -115,11 +115,11 @@ class OrganizationListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
             pagination: {
               ...this.state.pagination,
-              total: this.state.pagination.total - 1},
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
           window.dispatchEvent(new Event("storageOrganizationsChanged"));
         } else {

web/src/PaymentListPage.js

@@ -70,9 +70,11 @@ class PaymentListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/PermissionListPage.js

@@ -69,9 +69,11 @@ class PermissionListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/PlanListPage.js

@@ -63,9 +63,11 @@ class PlanListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/PricingListPage.js

@@ -59,9 +59,11 @@ class PricingListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/ProductListPage.js

@@ -65,9 +65,11 @@ class ProductListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/ProviderEditPage.js

@@ -843,7 +843,7 @@ class ProviderEditPage extends React.Component {
           )
         }
         {
-          this.state.provider.type !== "ADFS" && this.state.provider.type !== "AzureAD" && this.state.provider.type !== "AzureADB2C" && this.state.provider.type !== "Casdoor" && this.state.provider.type !== "Okta" ? null : (
+          this.state.provider.type !== "ADFS" && this.state.provider.type !== "AzureAD" && this.state.provider.type !== "AzureADB2C" && (this.state.provider.type !== "Casdoor" && this.state.category !== "Storage") && this.state.provider.type !== "Okta" ? null : (
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={2}>
                 {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@@ -870,7 +870,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology", "Casdoor"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
@@ -885,7 +885,9 @@ class ProviderEditPage extends React.Component {
             {["Custom HTTP SMS", "Local File System"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
-                  {Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
+                  {["Casdoor"].includes(this.state.provider.type) ?
+                    Setting.getLabel(i18next.t("general:Provider"), i18next.t("provider:Provider - Tooltip"))
+                    : Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
                 </Col>
                 <Col span={22} >
                   <Input value={this.state.provider.bucket} onChange={e => {
@@ -906,7 +908,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Qiniu Cloud Kodo", "Synology", "Casdoor"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@@ -918,10 +920,24 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["AWS S3", "Tencent Cloud COS", "Qiniu Cloud Kodo"].includes(this.state.provider.type) ? (
+            {["Casdoor"].includes(this.state.provider.type) ? (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
-                  {Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
+                  {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.content} onChange={e => {
+                    this.updateProviderField("content", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            ) : null}
+            {["AWS S3", "Tencent Cloud COS", "Qiniu Cloud Kodo", "Casdoor"].includes(this.state.provider.type) ? (
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {["Casdoor"].includes(this.state.provider.type) ?
+                    Setting.getLabel(i18next.t("general:Application"), i18next.t("general:Application - Tooltip")) :
+                    Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
                 </Col>
                 <Col span={22} >
                   <Input value={this.state.provider.regionId} onChange={e => {
@@ -1298,7 +1314,7 @@ class ProviderEditPage extends React.Component {
           ) : null
         }
         {
-          (this.state.provider.type === "Alipay" || this.state.provider.type === "WeChat Pay") ? (
+          (this.state.provider.type === "Alipay" || this.state.provider.type === "WeChat Pay" || this.state.provider.type === "Casdoor") ? (
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                 {Setting.getLabel(i18next.t("general:Cert"), i18next.t("general:Cert - Tooltip"))} :

web/src/ProviderListPage.js

@@ -76,9 +76,11 @@ class ProviderListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/ResourceListPage.js

@@ -40,9 +40,11 @@ class ResourceListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/RoleListPage.js

@@ -61,9 +61,11 @@ class RoleListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/SessionListPage.js

@@ -27,9 +27,11 @@ class SessionListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/Setting.js

@@ -56,6 +56,8 @@ export const Countries = [
   {label: "Українська", key: "uk", country: "UA", alt: "Українська"},
   {label: "Қазақ", key: "kk", country: "KZ", alt: "Қазақ"},
   {label: "فارسی", key: "fa", country: "IR", alt: "فارسی"},
+  {label: "Čeština", key: "cs", country: "CZ", alt: "Čeština"},
+  {label: "Slovenčina", key: "sk", country: "SK", alt: "Slovenčina"},
 ];
 
 export function getThemeData(organization, application) {
@@ -227,6 +229,10 @@ export const OtherProviderInfo = {
       logo: `${StaticBaseUrl}/img/social_synology.png`,
       url: "https://www.synology.com/en-global/dsm/feature/file_sharing",
     },
+    "Casdoor": {
+      logo: `${StaticBaseUrl}/img/casdoor.png`,
+      url: "https://casdoor.org/docs/provider/storage/overview",
+    },
   },
   SAML: {
     "Aliyun IDaaS": {
@@ -1060,6 +1066,7 @@ export function getProviderTypeOptions(category) {
         {id: "Qiniu Cloud Kodo", name: "Qiniu Cloud Kodo"},
         {id: "Google Cloud Storage", name: "Google Cloud Storage"},
         {id: "Synology", name: "Synology"},
+        {id: "Casdoor", name: "Casdoor"},
       ]
     );
   } else if (category === "SAML") {
@@ -1369,6 +1376,13 @@ export function getApplicationName(application) {
   return `${application?.owner}/${application?.name}`;
 }
 
+export function getApplicationDisplayName(application) {
+  if (application.isShared) {
+    return `${application.name}(Shared)`;
+  }
+  return application.name;
+}
+
 export function getRandomName() {
   return Math.random().toString(36).slice(-6);
 }

web/src/SubscriptionListPage.js

@@ -64,9 +64,11 @@ class SubscriptionListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/SyncerListPage.js

@@ -69,9 +69,11 @@ class SyncerListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/TokenListPage.js

@@ -61,9 +61,11 @@ class TokenListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/TransactionEditPage.js

@@ -125,7 +125,7 @@ class TransactionEditPage extends React.Component {
           application: application,
         });
 
-        this.getCerts(application.organization);
+        this.getCerts(application);
 
         this.getSamlMetadata(application.enableSamlPostBinding);
       });

web/src/TransactionListPage.js

@@ -54,9 +54,11 @@ class TransactionListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/UserListPage.js

@@ -110,9 +110,11 @@ class UserListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/WebhookListPage.js

@@ -61,9 +61,11 @@ class WebhookListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
+          this.fetch({
-            data: Setting.deleteRow(this.state.data, i),
+            pagination: {
-            pagination: {total: this.state.pagination.total - 1},
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/auth/LoginPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React, {Suspense, lazy} from "react";
-import {Button, Checkbox, Col, Form, Input, Result, Spin, Tabs} from "antd";
+import {Button, Checkbox, Col, Form, Input, Result, Spin, Tabs, message} from "antd";
 import {ArrowLeftOutlined, LockOutlined, UserOutlined} from "@ant-design/icons";
 import {withRouter} from "react-router-dom";
 import * as UserWebauthnBackend from "../backend/UserWebauthnBackend";
@@ -23,7 +23,6 @@ import * as AuthBackend from "./AuthBackend";
 import * as OrganizationBackend from "../backend/OrganizationBackend";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as Provider from "./Provider";
-import * as ProviderButton from "./ProviderButton";
 import * as Util from "./Util";
 import * as Setting from "../Setting";
 import * as AgreementModal from "../common/modal/AgreementModal";
@@ -36,6 +35,7 @@ import {CaptchaModal, CaptchaRule} from "../common/modal/CaptchaModal";
 import RedirectForm from "../common/RedirectForm";
 import {MfaAuthVerifyForm, NextMfa, RequiredMfa} from "./mfa/MfaAuthVerifyForm";
 import {GoogleOneTapLoginVirtualButton} from "./GoogleLoginButton";
+import * as ProviderButton from "./ProviderButton";
 const FaceRecognitionModal = lazy(() => import("../common/modal/FaceRecognitionModal"));
 
 class LoginPage extends React.Component {
@@ -746,8 +746,21 @@ class LoginPage extends React.Component {
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           <Form.Item>
             {
-              application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map(providerItem => {
+              application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map((providerItem, id) => {
-                return ProviderButton.renderProviderLogo(providerItem.provider, application, null, null, signinItem.rule, this.props.location);
+                return (
+                  <span key ={id} onClick={(e) => {
+                    const agreementChecked = this.form.current.getFieldValue("agreement");
+
+                    if (agreementChecked !== undefined && typeof agreementChecked === "boolean" && !agreementChecked) {
+                      e.preventDefault();
+                      message.error(i18next.t("signup:Please accept the agreement!"));
+                    }
+                  }}>
+                    {
+                      ProviderButton.renderProviderLogo(providerItem.provider, application, null, null, signinItem.rule, this.props.location)
+                    }
+                  </span>
+                );
               })
             }
             {

web/src/auth/Provider.js

@@ -61,9 +61,9 @@ const authInfo = {
   },
   WeCom: {
     scope: "snsapi_userinfo",
-    endpoint: "https://open.work.weixin.qq.com/wwopen/sso/3rd_qrConnect",
+    endpoint: "https://login.work.weixin.qq.com/wwlogin/sso/login",
     silentEndpoint: "https://open.weixin.qq.com/connect/oauth2/authorize",
-    internalEndpoint: "https://open.work.weixin.qq.com/wwopen/sso/qrConnect",
+    internalEndpoint: "https://login.work.weixin.qq.com/wwlogin/sso/login",
   },
   Lark: {
     // scope: "email",
@@ -433,7 +433,7 @@ export function getAuthUrl(application, provider, method, code) {
         return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&scope=${scope}&response_type=code#wechat_redirect`;
       } else if (provider.method === "Normal") {
         endpoint = authInfo[provider.type].internalEndpoint;
-        return `${endpoint}?appid=${provider.clientId}&agentid=${provider.appId}&redirect_uri=${redirectUri}&state=${state}&usertype=member`;
+        return `${endpoint}?login_type=CorpApp&appid=${provider.clientId}&agentid=${provider.appId}&redirect_uri=${redirectUri}&state=${state}`;
       } else {
         return `https://error:not-supported-provider-method:${provider.method}`;
       }
@@ -442,7 +442,8 @@ export function getAuthUrl(application, provider, method, code) {
         endpoint = authInfo[provider.type].silentEndpoint;
         return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&scope=${scope}&response_type=code#wechat_redirect`;
       } else if (provider.method === "Normal") {
-        return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&usertype=member`;
+        endpoint = authInfo[provider.type].endpoint;
+        return `${endpoint}?login_type=ServiceApp&appid=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}`;
       } else {
         return `https://error:not-supported-provider-method:${provider.method}`;
       }

web/src/auth/SignupPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Form, Input, Radio, Result, Row} from "antd";
+import {Button, Form, Input, Radio, Result, Row, message} from "antd";
 import * as Setting from "../Setting";
 import * as AuthBackend from "./AuthBackend";
 import * as ProviderButton from "./ProviderButton";
@@ -653,8 +653,21 @@ class SignupPage extends React.Component {
       }
       return (
 
-        application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map(providerItem => {
+        application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map((providerItem, id) => {
-          return ProviderButton.renderProviderLogo(providerItem.provider, application, null, null, signupItem.rule, this.props.location);
+          return (
+            <span key={id} onClick={(e) => {
+              const agreementChecked = this.form.current.getFieldValue("agreement");
+
+              if (agreementChecked !== undefined && typeof agreementChecked === "boolean" && !agreementChecked) {
+                e.preventDefault();
+                message.error(i18next.t("signup:Please accept the agreement!"));
+              }
+            }}>
+              {
+                ProviderButton.renderProviderLogo(providerItem.provider, application, null, null, signupItem.rule, this.props.location)
+              }
+            </span>
+          );
         })
 
       );

web/src/i18n.js

@@ -125,6 +125,14 @@ function initLanguage() {
       case "fa":
         language = "fa";
         break;
+      case "cs":
+      case "cs-CZ":
+        language = "cs";
+        break;
+      case "sk":
+      case "sk-SK":
+        language = "sk";
+        break;
       default:
         language = Conf.DefaultLanguage;
       }

web/src/index.js

@@ -24,6 +24,12 @@ import * as serviceWorker from "./serviceWorker";
 import {BrowserRouter} from "react-router-dom";
 import "./backend/FetchFilter";
 
+if (!String.prototype.replaceAll) {
+  String.prototype.replaceAll = function(search, replace) {
+    return this.split(search).join(replace);
+  };
+}
+
 const container = document.getElementById("root");
 
 const app = createRoot(container);

web/src/locales/ar/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/de/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token-Format",
     "Token format - Tooltip": "Das Format des Access-Tokens",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Sie sind unerwartet auf diese Aufforderungsseite gelangt"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Ist aktiviert",
     "Is enabled - Tooltip": "Festlegen, ob es verwendet werden kann",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP-Server",
     "Languages": "Sprachen",
@@ -441,6 +447,8 @@
     "Base DN": "Basis-DN",
     "Base DN - Tooltip": "Basis-DN während der LDAP-Suche",
     "CN": "KN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "LDAP bearbeiten",
     "Enable SSL": "Aktivieren Sie SSL",
     "Enable SSL - Tooltip": "Ob SSL aktiviert werden soll",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Modell bearbeiten",
     "Model text": "Modelltext",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Ort",
     "Location - Tooltip": "Stadt des Wohnsitzes",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Verwaltete Konten",
     "Modify password...": "Passwort ändern...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/en/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "The user fields included in the token",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/es/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Formato del token",
     "Token format - Tooltip": "El formato del token de acceso",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Es inesperado ver esta página de inicio"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Está habilitado",
     "Is enabled - Tooltip": "Establecer si se puede usar",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs (Secure LDAP)",
     "LDAPs - Tooltip": "Servidores LDAP",
     "Languages": "Idiomas",
@@ -441,6 +447,8 @@
     "Base DN": "DN base",
     "Base DN - Tooltip": "Base DN durante la búsqueda LDAP",
     "CN": "CN (siglas en inglés) podría traducirse como \"Red de Comunicaciones\". Sin embargo, sin más contexto, no es posible saber cuál es el significado exacto de estas siglas",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Editar LDAP",
     "Enable SSL": "Habilitar SSL",
     "Enable SSL - Tooltip": "Si se habilita SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Editar modelo",
     "Model text": "Texto modelo",
@@ -1136,6 +1149,7 @@
     "Link": "Enlace",
     "Location": "Ubicación",
     "Location - Tooltip": "Ciudad de residencia",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Cuentas gestionadas",
     "Modify password...": "Modificar contraseña...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/fa/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/fi/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/fr/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Format de jeton",
     "Token format - Tooltip": "Le format du jeton d'accès",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Il n'était pas prévu que vous voyez cette page de saisie"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Activer",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Activé",
     "Enabled successfully": "Activé avec succès",
     "Enforcers": "Exécuteurs",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Est activé",
     "Is enabled - Tooltip": "Définir s'il peut être utilisé",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "Serveurs LDAP",
     "Languages": "Langues",
@@ -441,6 +447,8 @@
     "Base DN": "DN racine",
     "Base DN - Tooltip": "Le DN racine (base DN) lors de la recherche LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Modifier le LDAP",
     "Enable SSL": "Activer SSL",
     "Enable SSL - Tooltip": "Activer SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Votre téléphone est",
     "preferred": "préféré"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Modifier le modèle",
     "Model text": "Définition du modèle",
@@ -1136,6 +1149,7 @@
     "Link": "Lier",
     "Location": "Localisation",
     "Location - Tooltip": "Ville de résidence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Comptes gérés",
     "Modify password...": "Modifier le mot de passe...",
     "Multi-factor authentication": "Authentification multifacteur",

web/src/locales/he/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/id/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Format token",
     "Token format - Tooltip": "Format dari token akses",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Anda tidak mengharapkan untuk melihat halaman prompt ini"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Diaktifkan",
     "Is enabled - Tooltip": "Atur apakah itu dapat digunakan",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "Server LDAP",
     "Languages": "Bahasa-bahasa",
@@ -441,6 +447,8 @@
     "Base DN": "DN dasar",
     "Base DN - Tooltip": "Base DN selama pencarian LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Mengedit LDAP",
     "Enable SSL": "Aktifkan SSL",
     "Enable SSL - Tooltip": "Apakah untuk mengaktifkan SSL?",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Mengedit Model",
     "Model text": "Teks Model",
@@ -1136,6 +1149,7 @@
     "Link": "Tautan",
     "Location": "Lokasi",
     "Location - Tooltip": "Kota tempat tinggal",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Akun yang dikelola",
     "Modify password...": "Mengubah kata sandi...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/it/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/ja/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "トークン形式",
     "Token format - Tooltip": "アクセストークンのフォーマット",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "このプロンプトページを見ることは予期せぬことである"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "可能になっています",
     "Is enabled - Tooltip": "使用可能かどうかを設定してください",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAP",
     "LDAPs - Tooltip": "LDAPサーバー",
     "Languages": "言語",
@@ -441,6 +447,8 @@
     "Base DN": "ベース DN",
     "Base DN - Tooltip": "LDAP検索中のBase DN",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "LDAPを編集",
     "Enable SSL": "SSL を有効にする",
     "Enable SSL - Tooltip": "SSLを有効にするかどうか",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "編集モデル",
     "Model text": "モデルテキスト",
@@ -1136,6 +1149,7 @@
     "Link": "リンク",
     "Location": "場所",
     "Location - Tooltip": "居住都市",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "管理アカウント",
     "Modify password...": "パスワードを変更する...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/kk/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/ko/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "토큰 형식",
     "Token format - Tooltip": "접근 토큰의 형식",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "당신은 이 프롬프트 페이지를 볼 것을 예상하지 못했습니다"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "활성화됩니다",
     "Is enabled - Tooltip": "사용 가능한 지 여부를 설정하세요",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP 서버",
     "Languages": "언어",
@@ -441,6 +447,8 @@
     "Base DN": "기본 DN",
     "Base DN - Tooltip": "LDAP 검색 중 기본 DN",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "LDAP 수정",
     "Enable SSL": "SSL 활성화",
     "Enable SSL - Tooltip": "SSL을 활성화할지 여부를 결정하십시오",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "편집 형태 모델",
     "Model text": "모델 텍스트",
@@ -1136,6 +1149,7 @@
     "Link": "링크",
     "Location": "장소",
     "Location - Tooltip": "거주 도시",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "관리 계정",
     "Modify password...": "비밀번호 수정하기...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/ms/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/nl/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/pl/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/pt/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Formato do token",
     "Token format - Tooltip": "O formato do token de acesso",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Você não deveria ver esta página de prompt"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Habilitar",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Habilitado",
     "Enabled successfully": "Habilitado com sucesso",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Está habilitado",
     "Is enabled - Tooltip": "Define se está habilitado",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "Servidores LDAP",
     "Languages": "Idiomas",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN durante a busca LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Editar LDAP",
     "Enable SSL": "Habilitar SSL",
     "Enable SSL - Tooltip": "Se habilitar o SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Editar Modelo",
     "Model text": "Texto do Modelo",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Localização",
     "Location - Tooltip": "Cidade de residência",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Contas gerenciadas",
     "Modify password...": "Modificar senha...",
     "Multi-factor authentication": "Autenticação de vários fatores",

web/src/locales/ru/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Формат жетона",
     "Token format - Tooltip": "Формат токена доступа",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Вы не ожидали увидеть эту страницу-подсказку"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Включить",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Включено",
     "Enabled successfully": "Успешно включено",
     "Enforcers": "Контролёры доступа",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Включен",
     "Is enabled - Tooltip": "Установить, может ли использоваться",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPы",
     "LDAPs - Tooltip": "LDAP серверы",
     "Languages": "Языки",
@@ -441,6 +447,8 @@
     "Base DN": "Базовый DN",
     "Base DN - Tooltip": "Базовый DN во время поиска LDAP",
     "CN": "КНР",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Изменить LDAP",
     "Enable SSL": "Включить SSL",
     "Enable SSL - Tooltip": "Перевод: Следует ли включать SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Ваш телефон",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Редактировать модель",
     "Model text": "Модельный текст",
@@ -1136,6 +1149,7 @@
     "Link": "Ссылка",
     "Location": "Местоположение",
     "Location - Tooltip": "Город проживания",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Управляемые аккаунты",
     "Modify password...": "Изменить пароль...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/sv/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/tr/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Etkinleştir",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Etkin",
     "Enabled successfully": "Başarıyla etkinleştirildi",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Davetler",
     "Is enabled": "Aktif Mi?",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Diller",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Telefon numaranız",
     "preferred": "tercih edilen"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Modeli Düzenle",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/uk/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Поля маркерів – підказка",
     "Token format": "Формат маркера",
     "Token format - Tooltip": "Формат маркера доступу",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Ви неочікувано побачите цю сторінку запиту"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Увімкнути",
     "Enable dark logo": "Увімкнути темний логотип",
     "Enable dark logo - Tooltip": "Увімкнути темний логотип",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Увімкнено",
     "Enabled successfully": "Успішно ввімкнено",
     "Enforcers": "Силовики",
@@ -265,6 +269,8 @@
     "Invitations": "Запрошення",
     "Is enabled": "Увімкнено",
     "Is enabled - Tooltip": "Встановіть, чи можна використовувати",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAP",
     "LDAPs - Tooltip": "Сервери LDAP",
     "Languages": "Мови",
@@ -441,6 +447,8 @@
     "Base DN": "Базовий DN",
     "Base DN - Tooltip": "Базовий DN під час пошуку LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Редагувати LDAP",
     "Enable SSL": "Увімкніть SSL",
     "Enable SSL - Tooltip": "Чи вмикати SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Ваш телефон",
     "preferred": "бажаний"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Редагувати модель",
     "Model text": "Текст моделі",
@@ -1136,6 +1149,7 @@
     "Link": "Посилання",
     "Location": "Місцезнаходження",
     "Location - Tooltip": "Місто проживання",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Керовані облікові записи",
     "Modify password...": "Змінити пароль...",
     "Multi-factor authentication": "Багатофакторна аутентифікація",

web/src/locales/vi/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Định dạng mã thông báo",
     "Token format - Tooltip": "Định dạng của mã thông báo truy cập",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Bạn không mong đợi thấy trang này hiện lên"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Đã được kích hoạt",
     "Is enabled - Tooltip": "Đặt liệu nó có thể sử dụng hay không",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "Máy chủ LDAP",
     "Languages": "Ngôn ngữ",
@@ -441,6 +447,8 @@
     "Base DN": "DN cơ sở",
     "Base DN - Tooltip": "Đơn vị căn bản (Base DN) trong quá trình tìm kiếm LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Sửa LDAP",
     "Enable SSL": "Kích hoạt SSL",
     "Enable SSL - Tooltip": "Có nên kích hoạt SSL hay không?",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Sửa mô hình",
     "Model text": "Văn bản mẫu",
@@ -1136,6 +1149,7 @@
     "Link": "Liên kết",
     "Location": "Vị trí",
     "Location - Tooltip": "Thành phố cư trú",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Quản lý tài khoản",
     "Modify password...": "Sửa đổi mật khẩu...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/zh/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token中所包含的用户字段",
     "Token format": "Access Token格式",
     "Token format - Tooltip": "Access Token格式",
+    "Token signing method": "Token签名算法",
+    "Token signing method - Tooltip": "JWT token的签名算法，需要与证书算法相匹配",
     "You are unexpected to see this prompt page": "错误：该提醒页面不应出现"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "启用",
     "Enable dark logo": "开启暗黑Logo",
     "Enable dark logo - Tooltip": "开启暗黑Logo",
+    "Enable tour": "启用导引",
+    "Enable tour - Tooltip": "为用户显示导引",
     "Enabled": "已开启",
     "Enabled successfully": "启用成功",
     "Enforcers": "Casbin执行器",
@@ -265,6 +269,8 @@
     "Invitations": "邀请码",
     "Is enabled": "已启用",
     "Is enabled - Tooltip": "是否启用",
+    "Is shared": "是否共享",
+    "Is shared - Tooltip": "与其他组织共享此应用",
     "LDAPs": "LDAP",
     "LDAPs - Tooltip": "LDAPs",
     "Languages": "语言",
@@ -441,6 +447,8 @@
     "Base DN": "基本DN",
     "Base DN - Tooltip": "LDAP搜索时的基DN",
     "CN": "CN",
+    "Default group": "默认群组",
+    "Default group - Tooltip": "同步用户后用户所在的群组",
     "Edit LDAP": "编辑LDAP",
     "Enable SSL": "启用SSL",
     "Enable SSL - Tooltip": "是否启用SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "你的手机号",
     "preferred": "首选"
   },
+  "mfaAccount": {
+    "Account Name": "账号名",
+    "Issuer": "Issuer",
+    "Secret Key": "密钥"
+  },
   "model": {
     "Edit Model": "编辑模型",
     "Model text": "模型文本",
@@ -1136,6 +1149,7 @@
     "Link": "绑定",
     "Location": "城市",
     "Location - Tooltip": "居住地址所在的城市",
+    "MFA accounts": "MFA账户",
     "Managed accounts": "托管账户",
     "Modify password...": "编辑密码...",
     "Multi-factor authentication": "多因素认证",