feat: improve UI for "No account?"

* fix(organization): ensure count includes shared organizations

Adjust the `GetOrganizationCount` function to account for shared organizations by adding
an additional parameter and modifying the count query accordingly. This change ensures that
the organization count correctly reflects shared organizations within the system.

* ```fix(organization): optimize GetOrganizationCount query

Refactor the GetOrganizationCount function to use a more efficient search
method by leveraging the 'is_shared' field directly in the query condition.
This change improves the performance for counting organizations by avoiding
unnecessary iteration over potentially large result sets.
```

---------

Co-authored-by: CuiJing <cuijing@tul.com.cn>

README.md

@@ -13,7 +13,7 @@
   <a href="https://github.com/casdoor/casdoor/releases/latest">
     <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
   </a>
-  <a href="https://hub.docker.com/repository/docker/casbin/casdoor">
+  <a href="https://hub.docker.com/r/casbin/casdoor">
     <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
   </a>
 </p>

captcha/provider.go

@@ -26,6 +26,10 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 		return NewDefaultCaptchaProvider()
 	case "reCAPTCHA":
 		return NewReCaptchaProvider()
+	case "reCAPTCHA v2":
+		return NewReCaptchaProvider()
+	case "reCAPTCHA v3":
+		return NewReCaptchaProvider()
 	case "Aliyun Captcha":
 		return NewAliyunCaptchaProvider()
 	case "hCaptcha":

conf/app.conf

@@ -21,6 +21,7 @@ originFrontend =
 staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
+enableErrorMask = false
 enableGzip = true
 ldapServerPort = 389
 radiusServerPort = 1812

controllers/link.go

@@ -60,7 +60,6 @@ func (c *ApiController) Unlink() {
 			c.ResponseError(err.Error())
 			return
 		}
-
 		if application == nil {
 			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return

controllers/organization.go

@@ -65,7 +65,7 @@ func (c *ApiController) GetOrganizations() {
 			c.ResponseOk(organizations)
 		} else {
 			limit := util.ParseInt(limit)
-			count, err := object.GetOrganizationCount(owner, field, value)
+			count, err := object.GetOrganizationCount(owner, organizationName, field, value)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -138,7 +138,7 @@ func (c *ApiController) AddOrganization() {
 		return
 	}
 
-	count, err := object.GetOrganizationCount("", "", "")
+	count, err := object.GetOrganizationCount("", "", "", "")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/resource.go

@@ -257,7 +257,7 @@ func (c *ApiController) UploadResource() {
 		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
 	}
 
-	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
+	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 450)
 	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
 		ext := filepath.Ext(filepath.Base(fullFilePath))
 		index := len(fullFilePath) - len(ext)

controllers/user.go

@@ -289,6 +289,16 @@ func (c *ApiController) UpdateUser() {
 		}
 	}
 
+	if user.MfaEmailEnabled && user.Email == "" {
+		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
+		return
+	}
+
+	if user.MfaPhoneEnabled && user.Phone == "" {
+		c.ResponseError(c.T("user:MFA phone is enabled but phone number is empty"))
+		return
+	}
+
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return

controllers/util.go

@@ -45,6 +45,13 @@ func (c *ApiController) ResponseOk(data ...interface{}) {
 
 // ResponseError ...
 func (c *ApiController) ResponseError(error string, data ...interface{}) {
+	enableErrorMask := conf.GetConfigBool("enableErrorMask")
+	if enableErrorMask {
+		if strings.HasPrefix(error, "The user: ") && strings.HasSuffix(error, " doesn't exist") || strings.HasPrefix(error, "用户: ") && strings.HasSuffix(error, "不存在") {
+			error = c.T("check:password or code is incorrect")
+		}
+	}
+
 	resp := &Response{Status: "error", Msg: error}
 	c.ResponseJsonData(resp, data...)
 }

deployment/deploy.go

@@ -27,7 +27,18 @@ import (
 )
 
 func deployStaticFiles(provider *object.Provider) {
-	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
+	certificate := ""
+	if provider.Category == "Storage" && provider.Type == "Casdoor" {
+		cert, err := object.GetCert(util.GetId(provider.Owner, provider.Cert))
+		if err != nil {
+			panic(err)
+		}
+		if cert == nil {
+			panic(err)
+		}
+		certificate = cert.Certificate
+	}
+	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint, certificate, provider.Content)
 	if err != nil {
 		panic(err)
 	}

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/casdoor/go-sms-sender v0.24.0
 	github.com/casdoor/gomail/v2 v2.0.1
 	github.com/casdoor/notify v0.45.0
-	github.com/casdoor/oss v1.6.0
+	github.com/casdoor/oss v1.8.0
 	github.com/casdoor/xorm-adapter/v3 v3.1.0
 	github.com/casvisor/casvisor-go-sdk v1.4.0
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
@@ -30,7 +30,7 @@ require (
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
 	github.com/go-webauthn/webauthn v0.6.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/uuid v1.4.0
+	github.com/google/uuid v1.6.0
 	github.com/json-iterator/go v1.1.12
 	github.com/lestrrat-go/jwx v1.2.29
 	github.com/lib/pq v1.10.9

go.sum

@@ -1083,6 +1083,8 @@ github.com/casbin/casbin/v2 v2.28.3/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRt
 github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg=
 github.com/casbin/casbin/v2 v2.77.2 h1:yQinn/w9x8AswiwqwtrXz93VU48R1aYTXdHEx4RI3jM=
 github.com/casbin/casbin/v2 v2.77.2/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk=
+github.com/casdoor/casdoor-go-sdk v0.50.0 h1:bUYbz/MzJuWfLKJbJM0+U0YpYewAur+THp5TKnufWZM=
+github.com/casdoor/casdoor-go-sdk v0.50.0/go.mod h1:cMnkCQJgMYpgAlgEx8reSt1AVaDIQLcJ1zk5pzBaz+4=
 github.com/casdoor/go-reddit/v2 v2.1.0 h1:kIbfdJ7AA7H0uTQ8s0q4GGZqSS5V9wVE74RrXyD9XPs=
 github.com/casdoor/go-reddit/v2 v2.1.0/go.mod h1:eagkvwlZ4Hcsuc/uQsLHYEulz5jN65SVSwV/AIE7zsc=
 github.com/casdoor/go-sms-sender v0.24.0 h1:LNLsce3EG/87I3JS6UiajF3LlQmdIiCgebEu0IE4wSM=
@@ -1091,8 +1093,8 @@ github.com/casdoor/gomail/v2 v2.0.1 h1:J+FG6x80s9e5lBHUn8Sv0Y56mud34KiWih5YdmudR
 github.com/casdoor/gomail/v2 v2.0.1/go.mod h1:VnGPslEAtpix5FjHisR/WKB1qvZDBaujbikxDe9d+2Q=
 github.com/casdoor/notify v0.45.0 h1:OlaFvcQFjGOgA4mRx07M8AH1gvb5xNo21mcqrVGlLgk=
 github.com/casdoor/notify v0.45.0/go.mod h1:wNHQu0tiDROMBIvz0j3Om3Lhd5yZ+AIfnFb8MYb8OLQ=
-github.com/casdoor/oss v1.6.0 h1:IOWrGLJ+VO82qS796eaRnzFPPA1Sn3cotYTi7O/VIlQ=
-github.com/casdoor/oss v1.6.0/go.mod h1:rJAWA0hLhtu94t6IRpotLUkXO1NWMASirywQYaGizJE=
+github.com/casdoor/oss v1.8.0 h1:uuyKhDIp7ydOtV4lpqhAY23Ban2Ln8La8+QT36CwylM=
+github.com/casdoor/oss v1.8.0/go.mod h1:uaqO7KBI2lnZcnB8rF7O6C2bN7llIbfC5Ql8ex1yR1U=
 github.com/casdoor/xorm-adapter/v3 v3.1.0 h1:NodWayRtSLVSeCvL9H3Hc61k0G17KhV9IymTCNfh3kk=
 github.com/casdoor/xorm-adapter/v3 v3.1.0/go.mod h1:4WTcUw+bTgBylGHeGHzTtBvuTXRS23dtwzFLl9tsgFM=
 github.com/casvisor/casvisor-go-sdk v1.4.0 h1:hbZEGGJ1cwdHFAxeXrMoNw6yha6Oyg2F0qQhBNCN/dg=
@@ -1460,8 +1462,9 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=

object/application.go

@@ -78,6 +78,7 @@ type Application struct {
 	EnableSamlCompress    bool            `json:"enableSamlCompress"`
 	EnableSamlC14n10      bool            `json:"enableSamlC14n10"`
 	EnableSamlPostBinding bool            `json:"enableSamlPostBinding"`
+	UseEmailAsSamlNameId  bool            `json:"useEmailAsSamlNameId"`
 	EnableWebAuthn        bool            `json:"enableWebAuthn"`
 	EnableLinkWithEmail   bool            `json:"enableLinkWithEmail"`
 	OrgChoiceMode         string          `json:"orgChoiceMode"`
@@ -91,11 +92,13 @@ type Application struct {
 	CertPublicKey         string          `xorm:"-" json:"certPublicKey"`
 	Tags                  []string        `xorm:"mediumtext" json:"tags"`
 	SamlAttributes        []*SamlItem     `xorm:"varchar(1000)" json:"samlAttributes"`
+	IsShared              bool            `json:"isShared"`
 
 	ClientId             string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret         string     `xorm:"varchar(100)" json:"clientSecret"`
 	RedirectUris         []string   `xorm:"varchar(1000)" json:"redirectUris"`
 	TokenFormat          string     `xorm:"varchar(100)" json:"tokenFormat"`
+	TokenSigningMethod   string     `xorm:"varchar(100)" json:"tokenSigningMethod"`
 	TokenFields          []string   `xorm:"varchar(1000)" json:"tokenFields"`
 	ExpireInHours        int        `json:"expireInHours"`
 	RefreshExpireInHours int        `json:"refreshExpireInHours"`
@@ -123,9 +126,9 @@ func GetApplicationCount(owner, field, value string) (int64, error) {
 	return session.Count(&Application{})
 }
 
-func GetOrganizationApplicationCount(owner, Organization, field, value string) (int64, error) {
+func GetOrganizationApplicationCount(owner, organization, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Application{Organization: Organization})
+	return session.Where("organization = ? or is_shared = ? ", organization, true).Count(&Application{})
 }
 
 func GetApplications(owner string) ([]*Application, error) {
@@ -140,7 +143,7 @@ func GetApplications(owner string) ([]*Application, error) {
 
 func GetOrganizationApplications(owner string, organization string) ([]*Application, error) {
 	applications := []*Application{}
-	err := ormer.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
+	err := ormer.Engine.Desc("created_time").Where("organization = ? or is_shared = ? ", organization, true).Find(&applications, &Application{})
 	if err != nil {
 		return applications, err
 	}
@@ -162,7 +165,7 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) ([]*Application, error) {
 	applications := []*Application{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&applications, &Application{Organization: organization})
+	err := session.Where("organization = ? or is_shared = ? ", organization, true).Find(&applications, &Application{})
 	if err != nil {
 		return applications, err
 	}
@@ -337,12 +340,18 @@ func getApplication(owner string, name string) (*Application, error) {
 		return nil, nil
 	}
 
-	application := Application{Owner: owner, Name: name}
+	realApplicationName, sharedOrg := util.GetSharedOrgFromApp(name)
+
+	application := Application{Owner: owner, Name: realApplicationName}
 	existed, err := ormer.Engine.Get(&application)
 	if err != nil {
 		return nil, err
 	}
 
+	if application.IsShared && sharedOrg != "" {
+		application.Organization = sharedOrg
+	}
+
 	if existed {
 		err = extendApplicationWithProviders(&application)
 		if err != nil {
@@ -428,11 +437,18 @@ func GetApplicationByUserId(userId string) (application *Application, err error)
 
 func GetApplicationByClientId(clientId string) (*Application, error) {
 	application := Application{}
-	existed, err := ormer.Engine.Where("client_id=?", clientId).Get(&application)
+
+	realClientId, sharedOrg := util.GetSharedOrgFromApp(clientId)
+
+	existed, err := ormer.Engine.Where("client_id=?", realClientId).Get(&application)
 	if err != nil {
 		return nil, err
 	}
 
+	if application.IsShared && sharedOrg != "" {
+		application.Organization = sharedOrg
+	}
+
 	if existed {
 		err = extendApplicationWithProviders(&application)
 		if err != nil {
@@ -516,7 +532,7 @@ func GetMaskedApplication(application *Application, userId string) *Application
 
 	providerItems := []*ProviderItem{}
 	for _, providerItem := range application.Providers {
-		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha") {
+		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha" || providerItem.Provider.Category == "SAML") {
 			providerItems = append(providerItems, providerItem)
 		}
 	}
@@ -626,6 +642,10 @@ func UpdateApplication(id string, application *Application) (bool, error) {
 		return false, err
 	}
 
+	if application.IsShared == true && application.Organization != "built-in" {
+		return false, fmt.Errorf("only applications belonging to built-in organization can be shared")
+	}
+
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}

object/check_util.go

@@ -52,6 +52,9 @@ func GetFailedSigninConfigByUser(user *User) (int, int, error) {
 	if err != nil {
 		return 0, 0, err
 	}
+	if application == nil {
+		return 0, 0, fmt.Errorf("the application for user %s is not found", user.GetId())
+	}
 
 	failedSigninLimit := application.FailedSigninLimit
 	if failedSigninLimit == 0 {

object/ldap.go

@@ -32,6 +32,7 @@ type Ldap struct {
 	BaseDn       string   `xorm:"varchar(100)" json:"baseDn"`
 	Filter       string   `xorm:"varchar(200)" json:"filter"`
 	FilterFields []string `xorm:"varchar(100)" json:"filterFields"`
+	DefaultGroup string   `xorm:"varchar(100)" json:"defaultGroup"`
 
 	AutoSync int    `json:"autoSync"`
 	LastSync string `xorm:"varchar(100)" json:"lastSync"`
@@ -148,7 +149,7 @@ func UpdateLdap(ldap *Ldap) (bool, error) {
 	}
 
 	affected, err := ormer.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync").Update(ldap)
+		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group").Update(ldap)
 	if err != nil {
 		return false, nil
 	}

object/ldap_conn.go

@@ -339,6 +339,10 @@ func SyncLdapUsers(owner string, syncUsers []LdapUser, ldapId string) (existUser
 				Ldap:              syncUser.Uuid,
 			}
 
+			if ldap.DefaultGroup != "" {
+				newUser.Groups = []string{ldap.DefaultGroup}
+			}
+
 			affected, err := AddUser(newUser)
 			if err != nil {
 				return nil, nil, err

object/oidc_discovery.go

@@ -112,7 +112,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		ResponseModesSupported:                 []string{"query", "fragment", "login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
 		SubjectTypesSupported:                  []string{"public"},
-		IdTokenSigningAlgValuesSupported:       []string{"RS256"},
+		IdTokenSigningAlgValuesSupported:       []string{"RS256", "RS512", "ES256", "ES384", "ES512"},
 		ScopesSupported:                        []string{"openid", "email", "profile", "address", "phone", "offline_access"},
 		ClaimsSupported:                        []string{"iss", "ver", "sub", "aud", "iat", "exp", "id", "type", "displayName", "avatar", "permanentAvatar", "email", "phone", "location", "affiliation", "title", "homepage", "bio", "tag", "region", "language", "score", "ranking", "isOnline", "isAdmin", "isForbidden", "signupApplication", "ldap"},
 		RequestParameterSupported:              true,

object/organization.go

@@ -79,9 +79,9 @@ type Organization struct {
 	AccountItems []*AccountItem `xorm:"varchar(5000)" json:"accountItems"`
 }
 
-func GetOrganizationCount(owner, field, value string) (int64, error) {
+func GetOrganizationCount(owner, name, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Organization{})
+	return session.Count(&Organization{Name: name})
 }
 
 func GetOrganizations(owner string, name ...string) ([]*Organization, error) {
@@ -319,6 +319,7 @@ func GetDefaultApplication(id string) (*Application, error) {
 		if defaultApplication == nil {
 			return nil, fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
 		} else {
+			defaultApplication.Organization = organization.Name
 			return defaultApplication, nil
 		}
 	}

object/resource.go

@@ -36,7 +36,7 @@ type Resource struct {
 	FileType    string `xorm:"varchar(100)" json:"fileType"`
 	FileFormat  string `xorm:"varchar(100)" json:"fileFormat"`
 	FileSize    int    `json:"fileSize"`
-	Url         string `xorm:"varchar(255)" json:"url"`
+	Url         string `xorm:"varchar(500)" json:"url"`
 	Description string `xorm:"varchar(255)" json:"description"`
 }
 

object/saml_idp.go

@@ -65,7 +65,11 @@ func NewSamlResponse(application *Application, user *User, host string, certific
 	assertion.CreateAttr("IssueInstant", now)
 	assertion.CreateElement("saml:Issuer").SetText(host)
 	subject := assertion.CreateElement("saml:Subject")
-	subject.CreateElement("saml:NameID").SetText(user.Name)
+	nameIDValue := user.Name
+	if application.UseEmailAsSamlNameId {
+		nameIDValue = user.Email
+	}
+	subject.CreateElement("saml:NameID").SetText(nameIDValue)
 	subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
 	subjectConfirmation.CreateAttr("Method", "urn:oasis:names:tc:SAML:2.0:cm:bearer")
 	subjectConfirmationData := subjectConfirmation.CreateElement("saml:SubjectConfirmationData")
@@ -184,17 +188,17 @@ type NameIDFormat struct {
 }
 
 type SingleSignOnService struct {
-	XMLName  xml.Name
+	// XMLName  xml.Name
 	Binding  string `xml:"Binding,attr"`
 	Location string `xml:"Location,attr"`
 }
 
 type Attribute struct {
 	// XMLName      xml.Name
+	Xmlns        string   `xml:"xmlns,attr"`
 	Name         string   `xml:"Name,attr"`
 	NameFormat   string   `xml:"NameFormat,attr"`
 	FriendlyName string   `xml:"FriendlyName,attr"`
-	Xmlns        string   `xml:"xmlns,attr"`
 	Values       []string `xml:"AttributeValue"`
 }
 
@@ -386,7 +390,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 }
 
 // NewSamlResponse11 return a saml1.1 response(not 2.0)
-func NewSamlResponse11(user *User, requestID string, host string) (*etree.Element, error) {
+func NewSamlResponse11(application *Application, user *User, requestID string, host string) (*etree.Element, error) {
 	samlResponse := &etree.Element{
 		Space: "samlp",
 		Tag:   "Response",
@@ -430,7 +434,11 @@ func NewSamlResponse11(user *User, requestID string, host string) (*etree.Elemen
 	// nameIdentifier inside subject
 	nameIdentifier := subject.CreateElement("saml:NameIdentifier")
 	// nameIdentifier.CreateAttr("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
-	nameIdentifier.SetText(user.Name)
+	if application.UseEmailAsSamlNameId {
+		nameIdentifier.SetText(user.Email)
+	} else {
+		nameIdentifier.SetText(user.Name)
+	}
 
 	// subjectConfirmation inside subject
 	subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
@@ -439,7 +447,11 @@ func NewSamlResponse11(user *User, requestID string, host string) (*etree.Elemen
 	attributeStatement := assertion.CreateElement("saml:AttributeStatement")
 	subjectInAttribute := attributeStatement.CreateElement("saml:Subject")
 	nameIdentifierInAttribute := subjectInAttribute.CreateElement("saml:NameIdentifier")
-	nameIdentifierInAttribute.SetText(user.Name)
+	if application.UseEmailAsSamlNameId {
+		nameIdentifierInAttribute.SetText(user.Email)
+	} else {
+		nameIdentifierInAttribute.SetText(user.Name)
+	}
 
 	subjectConfirmationInAttribute := subjectInAttribute.CreateElement("saml:SubjectConfirmation")
 	subjectConfirmationInAttribute.CreateElement("saml:ConfirmationMethod").SetText("urn:oasis:names:tc:SAML:1.0:cm:artifact")

object/storage.go

@@ -30,6 +30,13 @@ import (
 
 var isCloudIntranet bool
 
+const (
+	ProviderTypeGoogleCloudStorage = "Google Cloud Storage"
+	ProviderTypeTencentCloudCOS    = "Tencent Cloud COS"
+	ProviderTypeAzureBlob          = "Azure Blob"
+	ProviderTypeLocalFileSystem    = "Local File System"
+)
+
 func init() {
 	isCloudIntranet = conf.GetConfigBool("isCloudIntranet")
 }
@@ -80,27 +87,28 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 	objectKey := util.UrlJoin(util.GetUrlPath(provider.Domain), escapedPath)
 
 	host := ""
-	if provider.Type != "Local File System" {
+	if provider.Type != ProviderTypeLocalFileSystem {
 		// provider.Domain = "https://cdn.casbin.com/casdoor/"
 		host = util.GetUrlHost(provider.Domain)
 	} else {
 		// provider.Domain = "http://localhost:8000" or "https://door.casdoor.com"
 		host = util.UrlJoin(provider.Domain, "/files")
 	}
-	if provider.Type == "Azure Blob" {
+	if provider.Type == ProviderTypeAzureBlob || provider.Type == ProviderTypeGoogleCloudStorage {
 		host = util.UrlJoin(host, provider.Bucket)
 	}
 
 	fileUrl := ""
 	if host != "" {
-		fileUrl = util.UrlJoin(host, escapePath(objectKey))
+		// fileUrl = util.UrlJoin(host, escapePath(objectKey))
+		fileUrl = util.UrlJoin(host, objectKey)
 	}
 
-	if fileUrl != "" && hasTimestamp {
-		fileUrl = fmt.Sprintf("%s?t=%s", fileUrl, util.GetCurrentUnixTime())
-	}
+	// if fileUrl != "" && hasTimestamp {
+	//	fileUrl = fmt.Sprintf("%s?t=%s", fileUrl, util.GetCurrentUnixTime())
+	// }
 
-	if provider.Type == "Tencent Cloud COS" {
+	if provider.Type == ProviderTypeTencentCloudCOS {
 		objectKey = escapePath(objectKey)
 	}
 
@@ -109,7 +117,18 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 
 func getStorageProvider(provider *Provider, lang string) (oss.StorageInterface, error) {
 	endpoint := getProviderEndpoint(provider)
-	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
+	certificate := ""
+	if provider.Category == "Storage" && provider.Type == "Casdoor" {
+		cert, err := GetCert(util.GetId(provider.Owner, provider.Cert))
+		if err != nil {
+			return nil, err
+		}
+		if cert == nil {
+			return nil, fmt.Errorf("no cert for %s", provider.Cert)
+		}
+		certificate = cert.Certificate
+	}
+	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint, certificate, provider.Content)
 	if err != nil {
 		return nil, err
 	}
@@ -135,17 +154,17 @@ func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffe
 	}
 
 	fileUrl, objectKey := GetUploadFileUrl(provider, fullFilePath, true)
+	objectKeyRefined := refineObjectKey(provider, objectKey)
 
-	objectKeyRefined := objectKey
-	if provider.Type == "Google Cloud Storage" {
-		objectKeyRefined = strings.TrimPrefix(objectKeyRefined, "/")
-	}
-
-	_, err = storageProvider.Put(objectKeyRefined, fileBuffer)
+	object, err := storageProvider.Put(objectKeyRefined, fileBuffer)
 	if err != nil {
 		return "", "", err
 	}
 
+	if provider.Type == "Casdoor" {
+		fileUrl = object.Path
+	}
+
 	return fileUrl, objectKey, nil
 }
 
@@ -184,5 +203,13 @@ func DeleteFile(provider *Provider, objectKey string, lang string) error {
 		return err
 	}
 
-	return storageProvider.Delete(objectKey)
+	objectKeyRefined := refineObjectKey(provider, objectKey)
+	return storageProvider.Delete(objectKeyRefined)
+}
+
+func refineObjectKey(provider *Provider, objectKey string) string {
+	if provider.Type == ProviderTypeGoogleCloudStorage {
+		return strings.TrimPrefix(objectKey, "/")
+	}
+	return objectKey
 }

object/token_cas.go

@@ -277,12 +277,11 @@ func GetValidationBySaml(samlRequest string, host string) (string, string, error
 	if err != nil {
 		return "", "", err
 	}
-
 	if application == nil {
 		return "", "", fmt.Errorf("the application for user %s is not found", userId)
 	}
 
-	samlResponse, err := NewSamlResponse11(user, request.RequestID, host)
+	samlResponse, err := NewSamlResponse11(application, user, request.RequestID, host)
 	if err != nil {
 		return "", "", err
 	}

object/token_jwt.go

@@ -17,6 +17,7 @@ package object
 import (
 	"fmt"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/casdoor/casdoor/util"
@@ -128,7 +129,7 @@ type UserWithoutThirdIdp struct {
 	LastSigninWrongTime string `xorm:"varchar(100)" json:"lastSigninWrongTime"`
 	SigninWrongTimes    int    `json:"signinWrongTimes"`
 
-	// ManagedAccounts []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
+	ManagedAccounts []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
 }
 
 type ClaimsShort struct {
@@ -254,6 +255,8 @@ func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {
 
 		LastSigninWrongTime: user.LastSigninWrongTime,
 		SigninWrongTimes:    user.SigninWrongTimes,
+
+		ManagedAccounts: user.ManagedAccounts,
 	}
 
 	return res
@@ -365,6 +368,10 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		},
 	}
 
+	if application.IsShared {
+		claims.Audience = []string{application.ClientId + "-org-" + user.Owner}
+	}
+
 	var token *jwt.Token
 	var refreshToken *jwt.Token
 
@@ -372,36 +379,52 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		application.TokenFormat = "JWT"
 	}
 
+	var jwtMethod jwt.SigningMethod
+
+	if application.TokenSigningMethod == "RS256" {
+		jwtMethod = jwt.SigningMethodRS256
+	} else if application.TokenSigningMethod == "RS512" {
+		jwtMethod = jwt.SigningMethodRS512
+	} else if application.TokenSigningMethod == "ES256" {
+		jwtMethod = jwt.SigningMethodES256
+	} else if application.TokenSigningMethod == "ES512" {
+		jwtMethod = jwt.SigningMethodES512
+	} else if application.TokenSigningMethod == "ES384" {
+		jwtMethod = jwt.SigningMethodES384
+	} else {
+		jwtMethod = jwt.SigningMethodRS256
+	}
+
 	// the JWT token length in "JWT-Empty" mode will be very short, as User object only has two properties: owner and name
 	if application.TokenFormat == "JWT" {
 		claimsWithoutThirdIdp := getClaimsWithoutThirdIdp(claims)
 
-		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsWithoutThirdIdp)
+		token = jwt.NewWithClaims(jwtMethod, claimsWithoutThirdIdp)
 		claimsWithoutThirdIdp.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsWithoutThirdIdp.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsWithoutThirdIdp)
+		refreshToken = jwt.NewWithClaims(jwtMethod, claimsWithoutThirdIdp)
 	} else if application.TokenFormat == "JWT-Empty" {
 		claimsShort := getShortClaims(claims)
 
-		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
+		token = jwt.NewWithClaims(jwtMethod, claimsShort)
 		claimsShort.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsShort.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
+		refreshToken = jwt.NewWithClaims(jwtMethod, claimsShort)
 	} else if application.TokenFormat == "JWT-Custom" {
 		claimsCustom := getClaimsCustom(claims, application.TokenFields)
 
-		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsCustom)
+		token = jwt.NewWithClaims(jwtMethod, claimsCustom)
 		refreshClaims := getClaimsCustom(claims, application.TokenFields)
 		refreshClaims["exp"] = jwt.NewNumericDate(refreshExpireTime)
 		refreshClaims["TokenType"] = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, refreshClaims)
+		refreshToken = jwt.NewWithClaims(jwtMethod, refreshClaims)
 	} else if application.TokenFormat == "JWT-Standard" {
 		claimsStandard := getStandardClaims(claims)
 
-		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsStandard)
+		token = jwt.NewWithClaims(jwtMethod, claimsStandard)
 		claimsStandard.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsStandard.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsStandard)
+		refreshToken = jwt.NewWithClaims(jwtMethod, claimsStandard)
 	} else {
 		return "", "", "", fmt.Errorf("unknown application TokenFormat: %s", application.TokenFormat)
 	}
@@ -419,34 +442,57 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		}
 	}
 
-	// RSA private key
-	key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
+	var (
+		tokenString        string
+		refreshTokenString string
+		key                interface{}
+	)
+
+	if strings.Contains(application.TokenSigningMethod, "RS") || application.TokenSigningMethod == "" {
+		// RSA private key
+		key, err = jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
+	} else if strings.Contains(application.TokenSigningMethod, "ES") {
+		// ES private key
+		key, err = jwt.ParseECPrivateKeyFromPEM([]byte(cert.PrivateKey))
+	} else if strings.Contains(application.TokenSigningMethod, "Ed") {
+		// Ed private key
+		key, err = jwt.ParseEdPrivateKeyFromPEM([]byte(cert.PrivateKey))
+	}
 	if err != nil {
 		return "", "", "", err
 	}
 
 	token.Header["kid"] = cert.Name
-	tokenString, err := token.SignedString(key)
+	tokenString, err = token.SignedString(key)
 	if err != nil {
 		return "", "", "", err
 	}
-	refreshTokenString, err := refreshToken.SignedString(key)
+	refreshTokenString, err = refreshToken.SignedString(key)
 
 	return tokenString, refreshTokenString, name, err
 }
 
 func ParseJwtToken(token string, cert *Cert) (*Claims, error) {
 	t, err := jwt.ParseWithClaims(token, &Claims{}, func(token *jwt.Token) (interface{}, error) {
-		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
-			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
-		}
+		var (
+			certificate interface{}
+			err         error
+		)
 
 		if cert.Certificate == "" {
 			return nil, fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
 		}
 
-		// RSA certificate
-		certificate, err := jwt.ParseRSAPublicKeyFromPEM([]byte(cert.Certificate))
+		if _, ok := token.Method.(*jwt.SigningMethodRSA); ok {
+			// RSA certificate
+			certificate, err = jwt.ParseRSAPublicKeyFromPEM([]byte(cert.Certificate))
+		} else if _, ok := token.Method.(*jwt.SigningMethodECDSA); ok {
+			// ES certificate
+			certificate, err = jwt.ParseECPublicKeyFromPEM([]byte(cert.Certificate))
+		} else {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+
 		if err != nil {
 			return nil, err
 		}

object/token_oauth.go

@@ -428,22 +428,26 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	if token == nil {
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: "authorization code is invalid",
+			ErrorDescription: fmt.Sprintf("authorization code: [%s] is invalid", code),
 		}, nil
 	}
+
 	if token.CodeIsUsed {
 		// anti replay attacks
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: "authorization code has been used",
+			ErrorDescription: fmt.Sprintf("authorization code has been used for token: [%s]", token.GetId()),
 		}, nil
 	}
 
-	if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
-		return nil, &TokenError{
-			Error:            InvalidGrant,
-			ErrorDescription: "verifier is invalid",
-		}, nil
+	if token.CodeChallenge != "" {
+		challengeAnswer := pkceChallenge(verifier)
+		if challengeAnswer != token.CodeChallenge {
+			return nil, &TokenError{
+				Error:            InvalidGrant,
+				ErrorDescription: fmt.Sprintf("verifier is invalid, challengeAnswer: [%s], token.CodeChallenge: [%s]", challengeAnswer, token.CodeChallenge),
+			}, nil
+		}
 	}
 
 	if application.ClientSecret != clientSecret {
@@ -452,13 +456,13 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 		if token.CodeChallenge == "" {
 			return nil, &TokenError{
 				Error:            InvalidClient,
-				ErrorDescription: "client_secret is invalid",
+				ErrorDescription: fmt.Sprintf("client_secret is invalid for application: [%s], token.CodeChallenge: empty", application.GetId()),
 			}, nil
 		} else {
 			if clientSecret != "" {
 				return nil, &TokenError{
 					Error:            InvalidClient,
-					ErrorDescription: "client_secret is invalid",
+					ErrorDescription: fmt.Sprintf("client_secret is invalid for application: [%s], token.CodeChallenge: [%s]", application.GetId(), token.CodeChallenge),
 				}, nil
 			}
 		}
@@ -467,15 +471,16 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	if application.Name != token.Application {
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: "the token is for wrong application (client_id)",
+			ErrorDescription: fmt.Sprintf("the token is for wrong application (client_id), application.Name: [%s], token.Application: [%s]", application.Name, token.Application),
 		}, nil
 	}
 
-	if time.Now().Unix() > token.CodeExpireIn {
+	nowUnix := time.Now().Unix()
+	if nowUnix > token.CodeExpireIn {
 		// code must be used within 5 minutes
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: "authorization code has expired",
+			ErrorDescription: fmt.Sprintf("authorization code has expired, nowUnix: [%s], token.CodeExpireIn: [%s]", time.Unix(nowUnix, 0).Format(time.RFC3339), time.Unix(token.CodeExpireIn, 0).Format(time.RFC3339)),
 		}, nil
 	}
 	return token, nil, nil

object/token_standard_jwt.go

@@ -18,16 +18,20 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/casdoor/casdoor/util"
 	"github.com/golang-jwt/jwt/v4"
 )
 
 type ClaimsStandard struct {
 	*UserShort
-	Gender    string      `json:"gender,omitempty"`
-	TokenType string      `json:"tokenType,omitempty"`
-	Nonce     string      `json:"nonce,omitempty"`
-	Scope     string      `json:"scope,omitempty"`
-	Address   OIDCAddress `json:"address,omitempty"`
+	EmailVerified       bool        `json:"email_verified,omitempty"`
+	PhoneNumber         string      `json:"phone_number,omitempty"`
+	PhoneNumberVerified bool        `json:"phone_number_verified,omitempty"`
+	Gender              string      `json:"gender,omitempty"`
+	TokenType           string      `json:"tokenType,omitempty"`
+	Nonce               string      `json:"nonce,omitempty"`
+	Scope               string      `json:"scope,omitempty"`
+	Address             OIDCAddress `json:"address,omitempty"`
 
 	jwt.RegisteredClaims
 }
@@ -43,12 +47,14 @@ func getStreetAddress(user *User) string {
 func getStandardClaims(claims Claims) ClaimsStandard {
 	res := ClaimsStandard{
 		UserShort:        getShortUser(claims.User),
+		EmailVerified:    claims.User.EmailVerified,
 		TokenType:        claims.TokenType,
 		Nonce:            claims.Nonce,
 		Scope:            claims.Scope,
 		RegisteredClaims: claims.RegisteredClaims,
 	}
 
+	res.Phone = ""
 	var scopes []string
 
 	if strings.Contains(claims.Scope, ",") {
@@ -62,6 +68,15 @@ func getStandardClaims(claims Claims) ClaimsStandard {
 			res.Address = OIDCAddress{StreetAddress: getStreetAddress(claims.User)}
 		} else if scope == "profile" {
 			res.Gender = claims.User.Gender
+		} else if scope == "phone" && claims.User.Phone != "" {
+			res.PhoneNumberVerified = true
+			phoneNumber, ok := util.GetE164Number(claims.User.Phone, claims.User.CountryCode)
+			if !ok {
+				res.PhoneNumberVerified = false
+			} else {
+				res.PhoneNumber = phoneNumber
+			}
+
 		}
 	}
 

object/user.go

@@ -950,7 +950,17 @@ func DeleteUser(user *User) (bool, error) {
 		return false, err
 	}
 
-	return deleteUser(user)
+	organization, err := GetOrganizationByUser(user)
+	if err != nil {
+		return false, err
+	}
+	if organization != nil && organization.EnableSoftDeletion {
+		user.IsDeleted = true
+		user.DeletedTime = util.GetCurrentTime()
+		return UpdateUser(user.GetId(), user, []string{"is_deleted", "deleted_time"}, false)
+	} else {
+		return deleteUser(user)
+	}
 }
 
 func GetUserInfo(user *User, scope string, aud string, host string) (*Userinfo, error) {
@@ -1138,7 +1148,7 @@ func (user *User) IsApplicationAdmin(application *Application) bool {
 		return false
 	}
 
-	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin()
+	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin() || (user.IsAdmin && application.IsShared)
 }
 
 func (user *User) IsGlobalAdmin() bool {

object/user_util.go

@@ -271,113 +271,213 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 
 	if oldUser.Owner != newUser.Owner {
 		item := GetAccountItemByName("Organization", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Owner = oldUser.Owner
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Name != newUser.Name {
 		item := GetAccountItemByName("Name", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Name = oldUser.Name
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Id != newUser.Id {
 		item := GetAccountItemByName("ID", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Id = oldUser.Id
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.DisplayName != newUser.DisplayName {
 		item := GetAccountItemByName("Display name", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.DisplayName = oldUser.DisplayName
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Avatar != newUser.Avatar {
 		item := GetAccountItemByName("Avatar", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Avatar = oldUser.Avatar
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Type != newUser.Type {
 		item := GetAccountItemByName("User type", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Type = oldUser.Type
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	// The password is *** when not modified
 	if oldUser.Password != newUser.Password && newUser.Password != "***" {
 		item := GetAccountItemByName("Password", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Password = oldUser.Password
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Email != newUser.Email {
 		item := GetAccountItemByName("Email", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Email = oldUser.Email
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Phone != newUser.Phone {
 		item := GetAccountItemByName("Phone", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Phone = oldUser.Phone
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.CountryCode != newUser.CountryCode {
 		item := GetAccountItemByName("Country code", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.CountryCode = oldUser.CountryCode
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Region != newUser.Region {
 		item := GetAccountItemByName("Country/Region", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Region = oldUser.Region
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Location != newUser.Location {
 		item := GetAccountItemByName("Location", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Location = oldUser.Location
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Affiliation != newUser.Affiliation {
 		item := GetAccountItemByName("Affiliation", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Affiliation = oldUser.Affiliation
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Title != newUser.Title {
 		item := GetAccountItemByName("Title", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Title = oldUser.Title
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Homepage != newUser.Homepage {
 		item := GetAccountItemByName("Homepage", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Homepage = oldUser.Homepage
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Bio != newUser.Bio {
 		item := GetAccountItemByName("Bio", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Bio = oldUser.Bio
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.Tag != newUser.Tag {
 		item := GetAccountItemByName("Tag", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Tag = oldUser.Tag
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.SignupApplication != newUser.SignupApplication {
 		item := GetAccountItemByName("Signup application", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.SignupApplication = oldUser.SignupApplication
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Gender != newUser.Gender {
 		item := GetAccountItemByName("Gender", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Gender = oldUser.Gender
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Birthday != newUser.Birthday {
 		item := GetAccountItemByName("Birthday", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Birthday = oldUser.Birthday
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Education != newUser.Education {
 		item := GetAccountItemByName("Education", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Education = oldUser.Education
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.IdCard != newUser.IdCard {
 		item := GetAccountItemByName("ID card", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.IdCard = oldUser.IdCard
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.IdCardType != newUser.IdCardType {
 		item := GetAccountItemByName("ID card type", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.IdCardType = oldUser.IdCardType
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
 	newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
 	if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
 		item := GetAccountItemByName("Properties", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Properties = oldUser.Properties
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.PreferredMfaType != newUser.PreferredMfaType {
 		item := GetAccountItemByName("Multi-factor authentication", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.PreferredMfaType = oldUser.PreferredMfaType
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Groups == nil {
@@ -390,7 +490,11 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	newUserGroupsJson, _ := json.Marshal(newUser.Groups)
 	if string(oldUserGroupsJson) != string(newUserGroupsJson) {
 		item := GetAccountItemByName("Groups", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Groups = oldUser.Groups
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Address == nil {
@@ -404,65 +508,117 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	newUserAddressJson, _ := json.Marshal(newUser.Address)
 	if string(oldUserAddressJson) != string(newUserAddressJson) {
 		item := GetAccountItemByName("Address", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Address = oldUser.Address
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if newUser.FaceIds != nil {
 		item := GetAccountItemByName("Face ID", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.FaceIds = oldUser.FaceIds
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.IsAdmin != newUser.IsAdmin {
 		item := GetAccountItemByName("Is admin", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.IsAdmin = oldUser.IsAdmin
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.IsForbidden != newUser.IsForbidden {
 		item := GetAccountItemByName("Is forbidden", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.IsForbidden = oldUser.IsForbidden
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.IsDeleted != newUser.IsDeleted {
 		item := GetAccountItemByName("Is deleted", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.IsDeleted = oldUser.IsDeleted
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 	if oldUser.NeedUpdatePassword != newUser.NeedUpdatePassword {
 		item := GetAccountItemByName("Need update password", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.NeedUpdatePassword = oldUser.NeedUpdatePassword
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Balance != newUser.Balance {
 		item := GetAccountItemByName("Balance", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Balance = oldUser.Balance
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Score != newUser.Score {
 		item := GetAccountItemByName("Score", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Score = oldUser.Score
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Karma != newUser.Karma {
 		item := GetAccountItemByName("Karma", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Karma = oldUser.Karma
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Language != newUser.Language {
 		item := GetAccountItemByName("Language", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Language = oldUser.Language
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Ranking != newUser.Ranking {
 		item := GetAccountItemByName("Ranking", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Ranking = oldUser.Ranking
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Currency != newUser.Currency {
 		item := GetAccountItemByName("Currency", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Currency = oldUser.Currency
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	if oldUser.Hash != newUser.Hash {
 		item := GetAccountItemByName("Hash", organization)
-		itemsChanged = append(itemsChanged, item)
+		if item == nil {
+			newUser.Hash = oldUser.Hash
+		} else {
+			itemsChanged = append(itemsChanged, item)
+		}
 	}
 
 	for _, accountItem := range itemsChanged {

routers/authz_filter.go

@@ -56,7 +56,7 @@ func getSubject(ctx *context.Context) (string, string) {
 	return util.GetOwnerAndNameFromId(username)
 }
 
-func getObject(ctx *context.Context) (string, string) {
+func getObject(ctx *context.Context) (string, string, error) {
 	method := ctx.Request.Method
 	path := ctx.Request.URL.Path
 
@@ -65,13 +65,13 @@ func getObject(ctx *context.Context) (string, string) {
 			if ctx.Input.Query("id") == "/" {
 				adapterId := ctx.Input.Query("adapterId")
 				if adapterId != "" {
-					return util.GetOwnerAndNameFromIdNoCheck(adapterId)
+					return util.GetOwnerAndNameFromIdWithError(adapterId)
 				}
 			} else {
 				// query == "?id=built-in/admin"
 				id := ctx.Input.Query("id")
 				if id != "" {
-					return util.GetOwnerAndNameFromIdNoCheck(id)
+					return util.GetOwnerAndNameFromIdWithError(id)
 				}
 			}
 		}
@@ -80,34 +80,34 @@ func getObject(ctx *context.Context) (string, string) {
 			// query == "?id=built-in/admin"
 			id := ctx.Input.Query("id")
 			if id != "" {
-				return util.GetOwnerAndNameFromIdNoCheck(id)
+				return util.GetOwnerAndNameFromIdWithError(id)
 			}
 		}
 
 		owner := ctx.Input.Query("owner")
 		if owner != "" {
-			return owner, ""
+			return owner, "", nil
 		}
 
-		return "", ""
+		return "", "", nil
 	} else {
 		if path == "/api/add-policy" || path == "/api/remove-policy" || path == "/api/update-policy" {
 			id := ctx.Input.Query("id")
 			if id != "" {
-				return util.GetOwnerAndNameFromIdNoCheck(id)
+				return util.GetOwnerAndNameFromIdWithError(id)
 			}
 		}
 
 		body := ctx.Input.RequestBody
 		if len(body) == 0 {
-			return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name")
+			return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name"), nil
 		}
 
 		var obj Object
 		err := json.Unmarshal(body, &obj)
 		if err != nil {
-			// panic(err)
-			return "", ""
+			// this is not error
+			return "", "", nil
 		}
 
 		if path == "/api/delete-resource" {
@@ -117,7 +117,7 @@ func getObject(ctx *context.Context) (string, string) {
 			}
 		}
 
-		return obj.Owner, obj.Name
+		return obj.Owner, obj.Name, nil
 	}
 }
 
@@ -183,7 +183,12 @@ func ApiFilter(ctx *context.Context) {
 
 	objOwner, objName := "", ""
 	if urlPath != "/api/get-app-login" && urlPath != "/api/get-resource" {
-		objOwner, objName = getObject(ctx)
+		var err error
+		objOwner, objName, err = getObject(ctx)
+		if err != nil {
+			responseError(ctx, err.Error())
+			return
+		}
 	}
 
 	if strings.HasPrefix(urlPath, "/api/notify-payment") {

routers/auto_signin_filter.go

@@ -16,6 +16,7 @@ package routers
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/beego/beego/context"
 	"github.com/casdoor/casdoor/object"
@@ -23,6 +24,10 @@ import (
 )
 
 func AutoSigninFilter(ctx *context.Context) {
+	urlPath := ctx.Request.URL.Path
+	if strings.HasPrefix(urlPath, "/api/login/oauth/access_token") {
+		return
+	}
 	//if getSessionUser(ctx) != "" {
 	//	return
 	//}
@@ -67,6 +72,17 @@ func AutoSigninFilter(ctx *context.Context) {
 		return
 	}
 
+	accessKey := ctx.Input.Query("accessKey")
+	accessSecret := ctx.Input.Query("accessSecret")
+	if accessKey != "" && accessSecret != "" {
+		userId, err := getUsernameByKeys(ctx)
+		if err != nil {
+			responseError(ctx, err.Error())
+		}
+
+		setSessionUser(ctx, userId)
+	}
+
 	// "/page?clientId=123&clientSecret=456"
 	userId, err := getUsernameByClientIdSecret(ctx)
 	if err != nil {

routers/cors_filter.go

@@ -48,6 +48,10 @@ func CorsFilter(ctx *context.Context) {
 	originHostname := getHostname(origin)
 	host := removePort(ctx.Request.Host)
 
+	if origin == "null" {
+		origin = ""
+	}
+
 	if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "https://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") || strings.HasPrefix(origin, "http://casdoor-app") || strings.Contains(origin, ".chromiumapp.org") {
 		setCorsHeaders(ctx, origin)
 		return

routers/static_filter.go

@@ -43,6 +43,10 @@ func getWebBuildFolder() string {
 		return path
 	}
 
+	if util.FileExist(filepath.Join(frontendBaseDir, "index.html")) {
+		return frontendBaseDir
+	}
+
 	path = filepath.Join(frontendBaseDir, "web/build")
 	return path
 }
@@ -58,7 +62,7 @@ func fastAutoSignin(ctx *context.Context) (string, error) {
 	redirectUri := ctx.Input.Query("redirect_uri")
 	scope := ctx.Input.Query("scope")
 	state := ctx.Input.Query("state")
-	nonce := ""
+	nonce := ctx.Input.Query("nonce")
 	codeChallenge := ctx.Input.Query("code_challenge")
 	if clientId == "" || responseType != "code" || redirectUri == "" {
 		return "", nil

storage/casdoor.go

@@ -0,0 +1,19 @@
+package storage
+
+import (
+	"github.com/casdoor/oss"
+	"github.com/casdoor/oss/casdoor"
+)
+
+func NewCasdoorStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string, cert string, content string) oss.StorageInterface {
+	sp := casdoor.New(&casdoor.Config{
+		clientId,
+		clientSecret,
+		endpoint,
+		cert,
+		region,
+		content,
+		bucket,
+	})
+	return sp
+}

storage/storage.go

@@ -16,7 +16,7 @@ package storage
 
 import "github.com/casdoor/oss"
 
-func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string) (oss.StorageInterface, error) {
+func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string, cert string, content string) (oss.StorageInterface, error) {
 	switch providerType {
 	case "Local File System":
 		return NewLocalFileSystemStorageProvider(), nil
@@ -36,6 +36,8 @@ func GetStorageProvider(providerType string, clientId string, clientSecret strin
 		return NewGoogleCloudStorageProvider(clientSecret, bucket, endpoint), nil
 	case "Synology":
 		return NewSynologyNasStorageProvider(clientId, clientSecret, endpoint), nil
+	case "Casdoor":
+		return NewCasdoorStorageProvider(providerType, clientId, clientSecret, region, bucket, endpoint, cert, content), nil
 	}
 
 	return nil, nil

util/string.go

@@ -131,6 +131,15 @@ func GetOwnerAndNameFromId(id string) (string, string) {
 	return tokens[0], tokens[1]
 }
 
+func GetOwnerAndNameFromIdWithError(id string) (string, string, error) {
+	tokens := strings.Split(id, "/")
+	if len(tokens) != 2 {
+		return "", "", errors.New("GetOwnerAndNameFromId() error, wrong token count for ID: " + id)
+	}
+
+	return tokens[0], tokens[1], nil
+}
+
 func GetOwnerFromId(id string) string {
 	tokens := strings.Split(id, "/")
 	if len(tokens) != 2 {
@@ -154,6 +163,16 @@ func GetOwnerAndNameAndOtherFromId(id string) (string, string, string) {
 	return tokens[0], tokens[1], tokens[2]
 }
 
+func GetSharedOrgFromApp(rawName string) (name string, organization string) {
+	name = rawName
+	splitName := strings.Split(rawName, "-org-")
+	if len(splitName) >= 2 {
+		organization = splitName[len(splitName)-1]
+		name = splitName[0]
+	}
+	return name, organization
+}
+
 func GenerateId() string {
 	return uuid.NewString()
 }

web/src/AdapterListPage.js

@@ -56,9 +56,11 @@ class AdapterListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/App.js

@@ -344,7 +344,8 @@ class App extends Component {
         window.location.pathname.startsWith("/cas") ||
         window.location.pathname.startsWith("/select-plan") ||
         window.location.pathname.startsWith("/buy-plan") ||
-        window.location.pathname.startsWith("/qrcode") ;
+        window.location.pathname.startsWith("/qrcode") ||
+        window.location.pathname.startsWith("/captcha");
   }
 
   onClick = ({key}) => {

web/src/ApplicationEditPage.js

@@ -116,7 +116,6 @@ class ApplicationEditPage extends React.Component {
   UNSAFE_componentWillMount() {
     this.getApplication();
     this.getOrganizations();
-    this.getProviders();
   }
 
   getApplication() {
@@ -145,7 +144,9 @@ class ApplicationEditPage extends React.Component {
           application: application,
         });
 
-        this.getCerts(application.organization);
+        this.getProviders(application);
+
+        this.getCerts(application);
 
         this.getSamlMetadata(application.enableSamlPostBinding);
       });
@@ -166,7 +167,11 @@ class ApplicationEditPage extends React.Component {
       });
   }
 
-  getCerts(owner) {
+  getCerts(application) {
+    let owner = application.organization;
+    if (application.isShared) {
+      owner = this.props.owner;
+    }
     CertBackend.getCerts(owner)
       .then((res) => {
         this.setState({
@@ -175,8 +180,12 @@ class ApplicationEditPage extends React.Component {
       });
   }
 
-  getProviders() {
-    ProviderBackend.getProviders(this.state.owner)
+  getProviders(application) {
+    let owner = application.organization;
+    if (application.isShared) {
+      owner = this.props.account.owner;
+    }
+    ProviderBackend.getProviders(owner)
       .then((res) => {
         if (res.status === "ok") {
           this.setState({
@@ -263,6 +272,16 @@ class ApplicationEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Is shared"), i18next.t("general:Is shared - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Switch disabled={Setting.isAdminUser()} checked={this.state.application.isShared} onChange={checked => {
+              this.updateApplicationField("isShared", checked);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("general:Logo"), i18next.t("general:Logo - Tooltip"))} :
@@ -388,6 +407,16 @@ class ApplicationEditPage extends React.Component {
             />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Token signing method"), i18next.t("application:Token signing method - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.application.tokenSigningMethod === "" ? "RS256" : this.state.application.tokenSigningMethod} onChange={(value => {this.updateApplicationField("tokenSigningMethod", value);})}
+              options={["RS256", "RS512", "ES256", "ES512", "ES384"].map((item) => Setting.getOption(item, item))}
+            />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("application:Token fields"), i18next.t("application:Token fields - Tooltip"))} :
@@ -674,6 +703,16 @@ class ApplicationEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}}>
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("application:Use Email as NameID"), i18next.t("application:Use Email as NameID - Tooltip"))} :
+          </Col>
+          <Col span={1}>
+            <Switch checked={this.state.application.useEmailAsSamlNameId} onChange={checked => {
+              this.updateApplicationField("useEmailAsSamlNameId", checked);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
             {Setting.getLabel(i18next.t("application:Enable SAML POST binding"), i18next.t("application:Enable SAML POST binding - Tooltip"))} :
@@ -989,7 +1028,11 @@ class ApplicationEditPage extends React.Component {
       redirectUri = "\"ERROR: You must specify at least one Redirect URL in 'Redirect URLs'\"";
     }
 
-    const signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;
+    let clientId = this.state.application.clientId;
+    if (this.state.application.isShared) {
+      clientId += `-org-${this.props.account.owner}`;
+    }
+    const signInUrl = `/login/oauth/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;
     const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "97%", width: "100%", background: "rgba(0,0,0,0.4)"};
     if (!Setting.isPasswordEnabled(this.state.application)) {
       signUpUrl = signInUrl.replace("/login/oauth/authorize", "/signup/oauth/authorize");

web/src/ApplicationListPage.js

@@ -97,9 +97,11 @@ class ApplicationListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
@@ -123,7 +125,7 @@ class ApplicationListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <Link to={`/applications/${record.organization}/${text}`}>
-              {text}
+              {Setting.getApplicationDisplayName(record)}
             </Link>
           );
         },

web/src/CaptchaPage.js

@@ -0,0 +1,116 @@
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {CaptchaModal} from "./common/modal/CaptchaModal";
+import * as ApplicationBackend from "./backend/ApplicationBackend";
+import * as Setting from "./Setting";
+
+class CaptchaPage extends React.Component {
+  constructor(props) {
+    super(props);
+    const params = new URLSearchParams(this.props.location.search);
+    this.state = {
+      owner: "admin",
+      application: null,
+      clientId: params.get("client_id"),
+      applicationName: params.get("state"),
+      redirectUri: params.get("redirect_uri"),
+    };
+  }
+
+  componentDidMount() {
+    this.getApplication();
+  }
+
+  onUpdateApplication(application) {
+    this.setState({
+      application: application,
+    });
+  }
+
+  getApplication() {
+    if (this.state.applicationName === null) {
+      return null;
+    }
+
+    ApplicationBackend.getApplication(this.state.owner, this.state.applicationName)
+      .then((res) => {
+        if (res.status === "error") {
+          this.onUpdateApplication(null);
+          this.setState({
+            msg: res.msg,
+          });
+          return ;
+        }
+        this.onUpdateApplication(res.data);
+      });
+  }
+
+  getCaptchaProviderItems(application) {
+    const providers = application?.providers;
+
+    if (providers === undefined || providers === null) {
+      return null;
+    }
+
+    return providers.filter(providerItem => {
+      if (providerItem.provider === undefined || providerItem.provider === null) {
+        return false;
+      }
+
+      return providerItem.provider.category === "Captcha";
+    });
+  }
+
+  callback(values) {
+    Setting.goToLink(`${this.state.redirectUri}?code=${values.captchaToken}&type=${values.captchaType}&secret=${values.clientSecret}&applicationId=${values.applicationId}`);
+  }
+
+  renderCaptchaModal(application) {
+    const captchaProviderItems = this.getCaptchaProviderItems(application);
+    if (captchaProviderItems === null) {
+      return null;
+    }
+    const alwaysProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Always");
+    const dynamicProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Dynamic");
+    const provider = alwaysProviderItems.length > 0
+      ? alwaysProviderItems[0].provider
+      : dynamicProviderItems[0].provider;
+
+    return <CaptchaModal
+      owner={provider.owner}
+      name={provider.name}
+      visible={true}
+      onOk={(captchaType, captchaToken, clientSecret) => {
+        const values = {
+          captchaType: captchaType,
+          captchaToken: captchaToken,
+          clientSecret: clientSecret,
+          applicationId: `${provider.owner}/${provider.name}`,
+        };
+        this.callback(values);
+      }}
+      onCancel={() => this.callback({captchaType: "none", captchaToken: "", clientSecret: ""})}
+      isCurrentProvider={true}
+    />;
+  }
+  render() {
+    return (
+      this.renderCaptchaModal(this.state.application)
+    );
+  }
+}
+
+export default CaptchaPage;

web/src/CasbinEditor.js

@@ -0,0 +1,97 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React, {useCallback, useEffect, useRef, useState} from "react";
+import {Controlled as CodeMirror} from "react-codemirror2";
+import "codemirror/lib/codemirror.css";
+import "codemirror/mode/properties/properties";
+import * as Setting from "./Setting";
+import IframeEditor from "./IframeEditor";
+import {Tabs} from "antd";
+
+const {TabPane} = Tabs;
+
+const CasbinEditor = ({model, onModelTextChange}) => {
+  const [activeKey, setActiveKey] = useState("advanced");
+  const iframeRef = useRef(null);
+  const [localModelText, setLocalModelText] = useState(model.modelText);
+
+  const handleModelTextChange = useCallback((newModelText) => {
+    if (!Setting.builtInObject(model)) {
+      setLocalModelText(newModelText);
+      onModelTextChange(newModelText);
+    }
+  }, [model, onModelTextChange]);
+
+  const syncModelText = useCallback(() => {
+    return new Promise((resolve) => {
+      if (activeKey === "advanced" && iframeRef.current) {
+        const handleSyncMessage = (event) => {
+          if (event.data.type === "modelUpdate") {
+            window.removeEventListener("message", handleSyncMessage);
+            handleModelTextChange(event.data.modelText);
+            resolve();
+          }
+        };
+        window.addEventListener("message", handleSyncMessage);
+        iframeRef.current.getModelText();
+      } else {
+        resolve();
+      }
+    });
+  }, [activeKey, handleModelTextChange]);
+
+  const handleTabChange = (key) => {
+    syncModelText().then(() => {
+      setActiveKey(key);
+      if (key === "advanced" && iframeRef.current) {
+        iframeRef.current.updateModelText(localModelText);
+      }
+    });
+  };
+
+  useEffect(() => {
+    setLocalModelText(model.modelText);
+  }, [model.modelText]);
+
+  return (
+    <div style={{height: "100%", width: "100%", display: "flex", flexDirection: "column"}}>
+      <Tabs activeKey={activeKey} onChange={handleTabChange} style={{flex: "0 0 auto", marginTop: "-10px"}}>
+        <TabPane tab="Basic Editor" key="basic" />
+        <TabPane tab="Advanced Editor" key="advanced" />
+      </Tabs>
+      <div style={{flex: "1 1 auto", overflow: "hidden"}}>
+        {activeKey === "advanced" ? (
+          <IframeEditor
+            ref={iframeRef}
+            initialModelText={localModelText}
+            onModelTextChange={handleModelTextChange}
+            style={{width: "100%", height: "100%"}}
+          />
+        ) : (
+          <CodeMirror
+            value={localModelText}
+            className="full-height-editor no-horizontal-scroll-editor"
+            options={{mode: "properties", theme: "default"}}
+            onBeforeChange={(editor, data, value) => {
+              handleModelTextChange(value);
+            }}
+          />
+        )}
+      </div>
+    </div>
+  );
+};
+
+export default CasbinEditor;

web/src/CertEditPage.js

@@ -288,14 +288,14 @@ class CertEditPage extends React.Component {
           Setting.showMessage("success", i18next.t("general:Successfully saved"));
           this.setState({
             certName: this.state.cert.name,
+          }, () => {
+            if (exitAfterSave) {
+              this.props.history.push("/certs");
+            } else {
+              this.props.history.push(`/certs/${this.state.cert.owner}/${this.state.cert.name}`);
+              this.getCert();
+            }
           });
-
-          if (exitAfterSave) {
-            this.props.history.push("/certs");
-          } else {
-            this.props.history.push(`/certs/${this.state.cert.owner}/${this.state.cert.name}`);
-            this.getCert();
-          }
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
           this.updateCertField("name", this.state.certName);

web/src/CertListPage.js

@@ -73,9 +73,11 @@ class CertListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/EnforcerListPage.js

@@ -55,9 +55,11 @@ class EnforcerListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/EntryPage.js

@@ -32,6 +32,7 @@ import {authConfig} from "./auth/Auth";
 import ProductBuyPage from "./ProductBuyPage";
 import PaymentResultPage from "./PaymentResultPage";
 import QrCodePage from "./QrCodePage";
+import CaptchaPage from "./CaptchaPage";
 import CustomHead from "./basic/CustomHead";
 
 class EntryPage extends React.Component {
@@ -120,6 +121,7 @@ class EntryPage extends React.Component {
             <Route exact path="/buy-plan/:owner/:pricingName" render={(props) => <ProductBuyPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
             <Route exact path="/buy-plan/:owner/:pricingName/result" render={(props) => <PaymentResultPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
             <Route exact path="/qrcode/:owner/:paymentName" render={(props) => <QrCodePage {...this.props} onUpdateApplication={onUpdateApplication} {...props} />} />
+            <Route exact path="/captcha" render={(props) => <CaptchaPage {...props} />} />
           </Switch>
         </div>
       </React.Fragment>

web/src/GroupListPage.js

@@ -84,9 +84,11 @@ class GroupListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/IframeEditor.js

@@ -0,0 +1,66 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React, {forwardRef, useEffect, useImperativeHandle, useRef, useState} from "react";
+
+const IframeEditor = forwardRef(({initialModelText, onModelTextChange}, ref) => {
+  const iframeRef = useRef(null);
+  const [iframeReady, setIframeReady] = useState(false);
+
+  useEffect(() => {
+    const handleMessage = (event) => {
+      if (event.origin !== "https://editor.casbin.org") {return;}
+
+      if (event.data.type === "modelUpdate") {
+        onModelTextChange(event.data.modelText);
+      } else if (event.data.type === "iframeReady") {
+        setIframeReady(true);
+        iframeRef.current?.contentWindow.postMessage({
+          type: "initializeModel",
+          modelText: initialModelText,
+        }, "*");
+      }
+    };
+
+    window.addEventListener("message", handleMessage);
+    return () => window.removeEventListener("message", handleMessage);
+  }, [onModelTextChange, initialModelText]);
+
+  useImperativeHandle(ref, () => ({
+    getModelText: () => {
+      iframeRef.current?.contentWindow.postMessage({type: "getModelText"}, "*");
+    },
+    updateModelText: (newModelText) => {
+      if (iframeReady) {
+        iframeRef.current?.contentWindow.postMessage({
+          type: "updateModelText",
+          modelText: newModelText,
+        }, "*");
+      }
+    },
+  }));
+
+  return (
+    <iframe
+      ref={iframeRef}
+      src="https://editor.casbin.org/model-editor"
+      frameBorder="0"
+      width="100%"
+      height="500px"
+      title="Casbin Model Editor"
+    />
+  );
+});
+
+export default IframeEditor;

web/src/InvitationListPage.js

@@ -68,9 +68,11 @@ class InvitationListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/LdapEditPage.js

@@ -13,12 +13,13 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
-import {EyeInvisibleOutlined, EyeTwoTone} from "@ant-design/icons";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Space, Switch} from "antd";
+import {EyeInvisibleOutlined, EyeTwoTone, HolderOutlined, UsergroupAddOutlined} from "@ant-design/icons";
 import * as LddpBackend from "./backend/LdapBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
+import * as GroupBackend from "./backend/GroupBackend";
 
 const {Option} = Select;
 
@@ -30,12 +31,14 @@ class LdapEditPage extends React.Component {
       organizationName: props.match.params.organizationName,
       ldap: null,
       organizations: [],
+      groups: null,
     };
   }
 
   UNSAFE_componentWillMount() {
     this.getLdap();
     this.getOrganizations();
+    this.getGroups();
   }
 
   getLdap() {
@@ -60,6 +63,17 @@ class LdapEditPage extends React.Component {
       });
   }
 
+  getGroups() {
+    GroupBackend.getGroups(this.state.organizationName)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            groups: res.data,
+          });
+        }
+      });
+  }
+
   updateLdapField(key, value) {
     this.setState((prevState) => {
       prevState.ldap[key] = value;
@@ -214,6 +228,31 @@ class LdapEditPage extends React.Component {
             />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Default group"), i18next.t("ldap:Default group - Tooltip"))} :
+          </Col>
+          <Col span={21}>
+            <Select virtual={false} style={{width: "100%"}} value={this.state.ldap.defaultGroup ?? []} onChange={(value => {
+              this.updateLdapField("defaultGroup", value);
+            })}
+            >
+              <Option key={""} value={""}>
+                <Space>
+                  {i18next.t("general:Default")}
+                </Space>
+              </Option>
+              {
+                this.state.groups?.map((group) => <Option key={group.name} value={`${group.owner}/${group.name}`}>
+                  <Space>
+                    {group.type === "Physical" ? <UsergroupAddOutlined /> : <HolderOutlined />}
+                    {group.displayName}
+                  </Space>
+                </Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}}>
           <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
             {Setting.getLabel(i18next.t("ldap:Auto Sync"), i18next.t("ldap:Auto Sync - Tooltip"))} :

web/src/ModelEditPage.js

@@ -18,11 +18,7 @@ import * as ModelBackend from "./backend/ModelBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
-
-import {Controlled as CodeMirror} from "react-codemirror2";
-import "codemirror/lib/codemirror.css";
-
-require("codemirror/mode/properties/properties");
+import ModelEditor from "./CasbinEditor";
 
 const {Option} = Select;
 
@@ -147,16 +143,10 @@ class ModelEditPage extends React.Component {
             {Setting.getLabel(i18next.t("model:Model text"), i18next.t("model:Model text - Tooltip"))} :
           </Col>
           <Col span={22}>
-            <div style={{width: "100%"}} >
-              <CodeMirror
-                value={this.state.model.modelText}
-                options={{mode: "properties", theme: "default"}}
-                onBeforeChange={(editor, data, value) => {
-                  if (Setting.builtInObject(this.state.model)) {
-                    return;
-                  }
-                  this.updateModelField("modelText", value);
-                }}
+            <div style={{position: "relative", height: "500px"}} >
+              <ModelEditor
+                model={this.state.model}
+                onModelTextChange={(value) => this.updateModelField("modelText", value)}
               />
             </div>
           </Col>

web/src/ModelListPage.js

@@ -72,9 +72,11 @@ class ModelListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/OrganizationEditPage.js

@@ -360,7 +360,7 @@ class OrganizationEditPage extends React.Component {
           </Col>
           <Col span={22} >
             <Select virtual={false} style={{width: "100%"}} value={this.state.organization.defaultApplication} onChange={(value => {this.updateOrganizationField("defaultApplication", value);})}
-              options={this.state.applications?.map((item) => Setting.getOption(item.name, item.name))
+              options={this.state.applications?.map((item) => Setting.getOption(Setting.getApplicationDisplayName(item.name), item.name))
               } />
           </Col>
         </Row>

web/src/OrganizationListPage.js

@@ -115,11 +115,11 @@ class OrganizationListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
+          this.fetch({
             pagination: {
               ...this.state.pagination,
-              total: this.state.pagination.total - 1},
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
           window.dispatchEvent(new Event("storageOrganizationsChanged"));
         } else {

web/src/PaymentListPage.js

@@ -70,9 +70,11 @@ class PaymentListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/PermissionListPage.js

@@ -69,9 +69,11 @@ class PermissionListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/PlanListPage.js

@@ -63,9 +63,11 @@ class PlanListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/PricingListPage.js

@@ -59,9 +59,11 @@ class PricingListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/ProductListPage.js

@@ -65,9 +65,11 @@ class ProductListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/ProviderEditPage.js

@@ -843,7 +843,7 @@ class ProviderEditPage extends React.Component {
           )
         }
         {
-          this.state.provider.type !== "ADFS" && this.state.provider.type !== "AzureAD" && this.state.provider.type !== "AzureADB2C" && this.state.provider.type !== "Casdoor" && this.state.provider.type !== "Okta" ? null : (
+          this.state.provider.type !== "ADFS" && this.state.provider.type !== "AzureAD" && this.state.provider.type !== "AzureADB2C" && (this.state.provider.type !== "Casdoor" && this.state.category !== "Storage") && this.state.provider.type !== "Okta" ? null : (
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={2}>
                 {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@@ -870,7 +870,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology", "Casdoor"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
@@ -885,7 +885,9 @@ class ProviderEditPage extends React.Component {
             {["Custom HTTP SMS", "Local File System"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
-                  {Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
+                  {["Casdoor"].includes(this.state.provider.type) ?
+                    Setting.getLabel(i18next.t("general:Provider"), i18next.t("provider:Provider - Tooltip"))
+                    : Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
                 </Col>
                 <Col span={22} >
                   <Input value={this.state.provider.bucket} onChange={e => {
@@ -906,7 +908,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Qiniu Cloud Kodo", "Synology", "Casdoor"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@@ -918,10 +920,24 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["AWS S3", "Tencent Cloud COS", "Qiniu Cloud Kodo"].includes(this.state.provider.type) ? (
+            {["Casdoor"].includes(this.state.provider.type) ? (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
-                  {Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
+                  {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.content} onChange={e => {
+                    this.updateProviderField("content", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            ) : null}
+            {["AWS S3", "Tencent Cloud COS", "Qiniu Cloud Kodo", "Casdoor"].includes(this.state.provider.type) ? (
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {["Casdoor"].includes(this.state.provider.type) ?
+                    Setting.getLabel(i18next.t("general:Application"), i18next.t("general:Application - Tooltip")) :
+                    Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
                 </Col>
                 <Col span={22} >
                   <Input value={this.state.provider.regionId} onChange={e => {
@@ -1298,7 +1314,7 @@ class ProviderEditPage extends React.Component {
           ) : null
         }
         {
-          (this.state.provider.type === "Alipay" || this.state.provider.type === "WeChat Pay") ? (
+          (this.state.provider.type === "Alipay" || this.state.provider.type === "WeChat Pay" || this.state.provider.type === "Casdoor") ? (
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                 {Setting.getLabel(i18next.t("general:Cert"), i18next.t("general:Cert - Tooltip"))} :

web/src/ProviderListPage.js

@@ -76,9 +76,11 @@ class ProviderListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/ResourceListPage.js

@@ -40,9 +40,11 @@ class ResourceListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/RoleListPage.js

@@ -61,9 +61,11 @@ class RoleListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/SessionListPage.js

@@ -27,9 +27,11 @@ class SessionListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/Setting.js

@@ -229,6 +229,10 @@ export const OtherProviderInfo = {
       logo: `${StaticBaseUrl}/img/social_synology.png`,
       url: "https://www.synology.com/en-global/dsm/feature/file_sharing",
     },
+    "Casdoor": {
+      logo: `${StaticBaseUrl}/img/casdoor.png`,
+      url: "https://casdoor.org/docs/provider/storage/overview",
+    },
   },
   SAML: {
     "Aliyun IDaaS": {
@@ -283,6 +287,14 @@ export const OtherProviderInfo = {
       logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
       url: "https://www.google.com/recaptcha",
     },
+    "reCAPTCHA v2": {
+      logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
+      url: "https://www.google.com/recaptcha",
+    },
+    "reCAPTCHA v3": {
+      logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
+      url: "https://www.google.com/recaptcha",
+    },
     "hCaptcha": {
       logo: `${StaticBaseUrl}/img/social_hcaptcha.png`,
       url: "https://www.hcaptcha.com",
@@ -1062,6 +1074,7 @@ export function getProviderTypeOptions(category) {
         {id: "Qiniu Cloud Kodo", name: "Qiniu Cloud Kodo"},
         {id: "Google Cloud Storage", name: "Google Cloud Storage"},
         {id: "Synology", name: "Synology"},
+        {id: "Casdoor", name: "Casdoor"},
       ]
     );
   } else if (category === "SAML") {
@@ -1083,7 +1096,8 @@ export function getProviderTypeOptions(category) {
   } else if (category === "Captcha") {
     return ([
       {id: "Default", name: "Default"},
-      {id: "reCAPTCHA", name: "reCAPTCHA"},
+      {id: "reCAPTCHA v2", name: "reCAPTCHA v2"},
+      {id: "reCAPTCHA v3", name: "reCAPTCHA v3"},
       {id: "hCaptcha", name: "hCaptcha"},
       {id: "Aliyun Captcha", name: "Aliyun Captcha"},
       {id: "GEETEST", name: "GEETEST"},
@@ -1371,6 +1385,13 @@ export function getApplicationName(application) {
   return `${application?.owner}/${application?.name}`;
 }
 
+export function getApplicationDisplayName(application) {
+  if (application.isShared) {
+    return `${application.name}(Shared)`;
+  }
+  return application.name;
+}
+
 export function getRandomName() {
   return Math.random().toString(36).slice(-6);
 }

web/src/SubscriptionListPage.js

@@ -64,9 +64,11 @@ class SubscriptionListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/SyncerEditPage.js

@@ -434,10 +434,9 @@ class SyncerEditPage extends React.Component {
             {Setting.getLabel(i18next.t("syncer:Table"), i18next.t("syncer:Table - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.syncer.table}
-              disabled={this.state.syncer.type === "Keycloak"} onChange={e => {
-                this.updateSyncerField("table", e.target.value);
-              }} />
+            <Input value={this.state.syncer.table} onChange={e => {
+              this.updateSyncerField("table", e.target.value);
+            }} />
           </Col>
         </Row>
         <Row style={{marginTop: "20px"}} >

web/src/SyncerListPage.js

@@ -69,9 +69,11 @@ class SyncerListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/TokenListPage.js

@@ -61,9 +61,11 @@ class TokenListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/TransactionEditPage.js

@@ -125,7 +125,7 @@ class TransactionEditPage extends React.Component {
           application: application,
         });
 
-        this.getCerts(application.organization);
+        this.getCerts(application);
 
         this.getSamlMetadata(application.enableSamlPostBinding);
       });

web/src/TransactionListPage.js

@@ -54,9 +54,11 @@ class TransactionListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/UserEditPage.js

@@ -1050,6 +1050,13 @@ class UserEditPage extends React.Component {
             <MfaAccountTable
               title={i18next.t("user:MFA accounts")}
               table={this.state.user.mfaAccounts}
+              qrUrl={
+                "casdoor-app://login/into?serverUrl=" + window.location.origin +
+                "&clientId=" + this.state.application.clientId +
+                "&organizationName=" + this.state.organizationName +
+                "&appName=" + this.state.user.signupApplication
+              }
+              icon={this.state.user.avatar}
               onUpdateTable={(table) => {this.updateUserField("mfaAccounts", table);}}
             />
           </Col>

web/src/UserListPage.js

@@ -110,9 +110,11 @@ class UserListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/WebhookListPage.js

@@ -61,9 +61,11 @@ class WebhookListPage extends BaseListPage {
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
           });
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);

web/src/auth/CasLogout.js

@@ -34,25 +34,42 @@ class CasLogout extends React.Component {
 
   UNSAFE_componentWillMount() {
     const params = new URLSearchParams(this.props.location.search);
+    const logoutInterval = 100;
+
+    const logoutTimeOut = (redirectUri) => {
+      setTimeout(() => {
+        AuthBackend.getAccount().then((accountRes) => {
+          if (accountRes.status === "ok") {
+            AuthBackend.logout().then((logoutRes) => {
+              if (logoutRes.status === "ok") {
+                logoutTimeOut(logoutRes.data2);
+              } else {
+                Setting.showMessage("error", `${i18next.t("login:Failed to log out")}: ${logoutRes.msg}`);
+              }
+            });
+          } else {
+            Setting.showMessage("success", i18next.t("application:Logged out successfully"));
+            this.props.onUpdateAccount(null);
+            if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
+              Setting.goToLink(redirectUri);
+            } else if (params.has("service")) {
+              Setting.goToLink(params.get("service"));
+            } else {
+              Setting.goToLinkSoft(this, `/cas/${this.state.owner}/${this.state.applicationName}/login`);
+            }
+          }
+        });
+      }, logoutInterval);
+    };
 
     AuthBackend.logout()
       .then((res) => {
         if (res.status === "ok") {
-          Setting.showMessage("success", "Logged out successfully");
-          this.props.onUpdateAccount(null);
-          const redirectUri = res.data2;
-          if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
-            Setting.goToLink(redirectUri);
-          } else if (params.has("service")) {
-            Setting.goToLink(params.get("service"));
-          } else {
-            Setting.goToLinkSoft(this, `/cas/${this.state.owner}/${this.state.applicationName}/login`);
-          }
+          logoutTimeOut(res.data2);
         } else {
-          Setting.showMessage("error", `Failed to log out: ${res.msg}`);
+          Setting.showMessage("error", `${i18next.t("login:Failed to log out")}: ${res.msg}`);
         }
       });
-
   }
 
   render() {

web/src/auth/LoginPage.js

@@ -938,7 +938,7 @@ class LoginPage extends React.Component {
             signinItem.label ? Setting.renderSignupLink(application, signinItem.label) :
               (
                 <React.Fragment>
-                  {i18next.t("login:No account?")}
+                  {i18next.t("login:No account?")}&nbsp;
                   {
                     Setting.renderSignupLink(application, i18next.t("login:sign up now"))
                   }

web/src/common/CaptchaWidget.js

@@ -27,7 +27,8 @@ export const CaptchaWidget = (props) => {
 
   useEffect(() => {
     switch (captchaType) {
-    case "reCAPTCHA": {
+    case "reCAPTCHA" :
+    case "reCAPTCHA v2": {
       const reTimer = setInterval(() => {
         if (!window.grecaptcha) {
           loadScript("https://recaptcha.net/recaptcha/api.js");
@@ -42,6 +43,32 @@ export const CaptchaWidget = (props) => {
       }, 300);
       break;
     }
+    case "reCAPTCHA v3": {
+      const reTimer = setInterval(() => {
+        if (!window.grecaptcha) {
+          loadScript(`https://recaptcha.net/recaptcha/api.js?render=${siteKey}`);
+        }
+        if (window.grecaptcha && window.grecaptcha.render) {
+          const clientId = window.grecaptcha.render("captcha", {
+            "sitekey": siteKey,
+            "badge": "inline",
+            "size": "invisible",
+            "callback": onChange,
+            "error-callback": function() {
+              const logoWidth = `${document.getElementById("captcha").offsetWidth + 40}px`;
+              document.getElementsByClassName("grecaptcha-logo")[0].firstChild.style.width = logoWidth;
+              document.getElementsByClassName("grecaptcha-badge")[0].style.width = logoWidth;
+            },
+          });
+
+          window.grecaptcha.ready(function() {
+            window.grecaptcha.execute(clientId, {action: "submit"});
+          });
+          clearInterval(reTimer);
+        }
+      }, 300);
+      break;
+    }
     case "hCaptcha": {
       const hTimer = setInterval(() => {
         if (!window.hcaptcha) {

web/src/common/modal/CaptchaModal.js

@@ -115,7 +115,7 @@ export const CaptchaModal = (props) => {
     } else {
       return (
         <Col>
-          <Row>
+          <Row justify={"center"}>
             <CaptchaWidget
               captchaType={captchaType}
               subType={subType}

web/src/index.css

@@ -51,3 +51,19 @@ code {
 .custom-link:hover {
   color: rgb(64 64 64) !important;
 }
+
+.full-height-editor {
+  height: 100%;
+}
+
+.full-height-editor [class*="CodeMirror"] {
+  height: 100%;
+}
+
+.no-horizontal-scroll-editor [class*="CodeMirror-hscrollbar"] {
+  display: none !important;
+}
+
+.no-horizontal-scroll-editor [class*="CodeMirror-scroll"] {
+  overflow-x: hidden !important;
+}

web/src/index.js

@@ -24,6 +24,12 @@ import * as serviceWorker from "./serviceWorker";
 import {BrowserRouter} from "react-router-dom";
 import "./backend/FetchFilter";
 
+if (!String.prototype.replaceAll) {
+  String.prototype.replaceAll = function(search, replace) {
+    return this.split(search).join(replace);
+  };
+}
+
 const container = document.getElementById("root");
 
 const app = createRoot(container);

web/src/locales/ar/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/cs/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Uživatelská pole zahrnutá v tokenu",
     "Token format": "Formát tokenu",
     "Token format - Tooltip": "Formát přístupového tokenu",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Nečekali jste, že uvidíte tuto výzvu"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Povolit",
     "Enable dark logo": "Povolit tmavé logo",
     "Enable dark logo - Tooltip": "Povolit tmavé logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Povoleno",
     "Enabled successfully": "Úspěšně povoleno",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Pozvánky",
     "Is enabled": "Je povoleno",
     "Is enabled - Tooltip": "Nastavit, zda může být použito",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPy",
     "LDAPs - Tooltip": "LDAP servery",
     "Languages": "Jazyky",
@@ -441,6 +447,8 @@
     "Base DN": "Základní DN",
     "Base DN - Tooltip": "Základní DN při vyhledávání v LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Upravit LDAP",
     "Enable SSL": "Povolit SSL",
     "Enable SSL - Tooltip": "Zda povolit SSL",
@@ -521,7 +529,7 @@
     "Failed to initiate MFA": "Nepodařilo se zahájit MFA",
     "Have problems?": "Máte problémy?",
     "Multi-factor authentication": "Vícefaktorové ověřování",
-    "Multi-factor authentication - Tooltip": "Dvoufaktorové ověřování - Tooltip",
+    "Multi-factor authentication - Tooltip ": "Dvoufaktorové ověřování - Tooltip",
     "Multi-factor authentication description": "Popis dvoufaktorového ověřování",
     "Multi-factor methods": "Metody dvoufaktorového ověřování",
     "Multi-factor recover": "Obnovení dvoufaktorového ověřování",
@@ -551,6 +559,11 @@
     "Your phone is": "Váš telefon je",
     "preferred": "preferované"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Upravit model",
     "Model text": "Text modelu",
@@ -1136,6 +1149,7 @@
     "Link": "Odkaz",
     "Location": "Místo",
     "Location - Tooltip": "Město bydliště",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Spravované účty",
     "Modify password...": "Změnit heslo...",
     "Multi-factor authentication": "Vícefaktorové ověřování",

web/src/locales/de/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token-Format",
     "Token format - Tooltip": "Das Format des Access-Tokens",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Sie sind unerwartet auf diese Aufforderungsseite gelangt"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Ist aktiviert",
     "Is enabled - Tooltip": "Festlegen, ob es verwendet werden kann",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP-Server",
     "Languages": "Sprachen",
@@ -441,6 +447,8 @@
     "Base DN": "Basis-DN",
     "Base DN - Tooltip": "Basis-DN während der LDAP-Suche",
     "CN": "KN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "LDAP bearbeiten",
     "Enable SSL": "Aktivieren Sie SSL",
     "Enable SSL - Tooltip": "Ob SSL aktiviert werden soll",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Modell bearbeiten",
     "Model text": "Modelltext",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Ort",
     "Location - Tooltip": "Stadt des Wohnsitzes",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Verwaltete Konten",
     "Modify password...": "Passwort ändern...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/en/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "The user fields included in the token",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/es/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Formato del token",
     "Token format - Tooltip": "El formato del token de acceso",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Es inesperado ver esta página de inicio"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Está habilitado",
     "Is enabled - Tooltip": "Establecer si se puede usar",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs (Secure LDAP)",
     "LDAPs - Tooltip": "Servidores LDAP",
     "Languages": "Idiomas",
@@ -441,6 +447,8 @@
     "Base DN": "DN base",
     "Base DN - Tooltip": "Base DN durante la búsqueda LDAP",
     "CN": "CN (siglas en inglés) podría traducirse como \"Red de Comunicaciones\". Sin embargo, sin más contexto, no es posible saber cuál es el significado exacto de estas siglas",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Editar LDAP",
     "Enable SSL": "Habilitar SSL",
     "Enable SSL - Tooltip": "Si se habilita SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Editar modelo",
     "Model text": "Texto modelo",
@@ -1136,6 +1149,7 @@
     "Link": "Enlace",
     "Location": "Ubicación",
     "Location - Tooltip": "Ciudad de residencia",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Cuentas gestionadas",
     "Modify password...": "Modificar contraseña...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/fa/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/fi/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/fr/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Format de jeton",
     "Token format - Tooltip": "Le format du jeton d'accès",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Il n'était pas prévu que vous voyez cette page de saisie"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Activer",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Activé",
     "Enabled successfully": "Activé avec succès",
     "Enforcers": "Exécuteurs",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Est activé",
     "Is enabled - Tooltip": "Définir s'il peut être utilisé",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "Serveurs LDAP",
     "Languages": "Langues",
@@ -441,6 +447,8 @@
     "Base DN": "DN racine",
     "Base DN - Tooltip": "Le DN racine (base DN) lors de la recherche LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Modifier le LDAP",
     "Enable SSL": "Activer SSL",
     "Enable SSL - Tooltip": "Activer SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Votre téléphone est",
     "preferred": "préféré"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Modifier le modèle",
     "Model text": "Définition du modèle",
@@ -1136,6 +1149,7 @@
     "Link": "Lier",
     "Location": "Localisation",
     "Location - Tooltip": "Ville de résidence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Comptes gérés",
     "Modify password...": "Modifier le mot de passe...",
     "Multi-factor authentication": "Authentification multifacteur",

web/src/locales/he/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/id/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Format token",
     "Token format - Tooltip": "Format dari token akses",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Anda tidak mengharapkan untuk melihat halaman prompt ini"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Diaktifkan",
     "Is enabled - Tooltip": "Atur apakah itu dapat digunakan",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "Server LDAP",
     "Languages": "Bahasa-bahasa",
@@ -441,6 +447,8 @@
     "Base DN": "DN dasar",
     "Base DN - Tooltip": "Base DN selama pencarian LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Mengedit LDAP",
     "Enable SSL": "Aktifkan SSL",
     "Enable SSL - Tooltip": "Apakah untuk mengaktifkan SSL?",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Mengedit Model",
     "Model text": "Teks Model",
@@ -1136,6 +1149,7 @@
     "Link": "Tautan",
     "Location": "Lokasi",
     "Location - Tooltip": "Kota tempat tinggal",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Akun yang dikelola",
     "Modify password...": "Mengubah kata sandi...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/it/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/ja/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "トークン形式",
     "Token format - Tooltip": "アクセストークンのフォーマット",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "このプロンプトページを見ることは予期せぬことである"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "可能になっています",
     "Is enabled - Tooltip": "使用可能かどうかを設定してください",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAP",
     "LDAPs - Tooltip": "LDAPサーバー",
     "Languages": "言語",
@@ -441,6 +447,8 @@
     "Base DN": "ベース DN",
     "Base DN - Tooltip": "LDAP検索中のBase DN",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "LDAPを編集",
     "Enable SSL": "SSL を有効にする",
     "Enable SSL - Tooltip": "SSLを有効にするかどうか",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "編集モデル",
     "Model text": "モデルテキスト",
@@ -1136,6 +1149,7 @@
     "Link": "リンク",
     "Location": "場所",
     "Location - Tooltip": "居住都市",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "管理アカウント",
     "Modify password...": "パスワードを変更する...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/kk/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/ko/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "토큰 형식",
     "Token format - Tooltip": "접근 토큰의 형식",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "당신은 이 프롬프트 페이지를 볼 것을 예상하지 못했습니다"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "활성화됩니다",
     "Is enabled - Tooltip": "사용 가능한 지 여부를 설정하세요",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP 서버",
     "Languages": "언어",
@@ -441,6 +447,8 @@
     "Base DN": "기본 DN",
     "Base DN - Tooltip": "LDAP 검색 중 기본 DN",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "LDAP 수정",
     "Enable SSL": "SSL 활성화",
     "Enable SSL - Tooltip": "SSL을 활성화할지 여부를 결정하십시오",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "편집 형태 모델",
     "Model text": "모델 텍스트",
@@ -1136,6 +1149,7 @@
     "Link": "링크",
     "Location": "장소",
     "Location - Tooltip": "거주 도시",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "관리 계정",
     "Modify password...": "비밀번호 수정하기...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/ms/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/nl/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/pl/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/pt/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Formato do token",
     "Token format - Tooltip": "O formato do token de acesso",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Você não deveria ver esta página de prompt"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Habilitar",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Habilitado",
     "Enabled successfully": "Habilitado com sucesso",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Está habilitado",
     "Is enabled - Tooltip": "Define se está habilitado",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "Servidores LDAP",
     "Languages": "Idiomas",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN durante a busca LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Editar LDAP",
     "Enable SSL": "Habilitar SSL",
     "Enable SSL - Tooltip": "Se habilitar o SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Editar Modelo",
     "Model text": "Texto do Modelo",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Localização",
     "Location - Tooltip": "Cidade de residência",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Contas gerenciadas",
     "Modify password...": "Modificar senha...",
     "Multi-factor authentication": "Autenticação de vários fatores",

web/src/locales/ru/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Формат жетона",
     "Token format - Tooltip": "Формат токена доступа",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Вы не ожидали увидеть эту страницу-подсказку"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Включить",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Включено",
     "Enabled successfully": "Успешно включено",
     "Enforcers": "Контролёры доступа",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Включен",
     "Is enabled - Tooltip": "Установить, может ли использоваться",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPы",
     "LDAPs - Tooltip": "LDAP серверы",
     "Languages": "Языки",
@@ -441,6 +447,8 @@
     "Base DN": "Базовый DN",
     "Base DN - Tooltip": "Базовый DN во время поиска LDAP",
     "CN": "КНР",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Изменить LDAP",
     "Enable SSL": "Включить SSL",
     "Enable SSL - Tooltip": "Перевод: Следует ли включать SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Ваш телефон",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Редактировать модель",
     "Model text": "Модельный текст",
@@ -1136,6 +1149,7 @@
     "Link": "Ссылка",
     "Location": "Местоположение",
     "Location - Tooltip": "Город проживания",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Управляемые аккаунты",
     "Modify password...": "Изменить пароль...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/sk/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Používateľské polia zahrnuté v tokene",
     "Token format": "Formát tokenu",
     "Token format - Tooltip": "Formát prístupového tokenu",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Neočekávali ste, že uvidíte túto výzvu"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Povoliť",
     "Enable dark logo": "Povoliť tmavé logo",
     "Enable dark logo - Tooltip": "Povoliť tmavé logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Povolené",
     "Enabled successfully": "Úspešne povolené",
     "Enforcers": "Vynútitelia",
@@ -265,6 +269,8 @@
     "Invitations": "Pozvánky",
     "Is enabled": "Je povolené",
     "Is enabled - Tooltip": "Nastavte, či môže byť použitý",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAP",
     "LDAPs - Tooltip": "LDAP servery",
     "Languages": "Jazyky",
@@ -441,6 +447,8 @@
     "Base DN": "Základný DN",
     "Base DN - Tooltip": "Základný DN počas vyhľadávania LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Upraviť LDAP",
     "Enable SSL": "Povoliť SSL",
     "Enable SSL - Tooltip": "Či povoliť SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Váš telefón je",
     "preferred": "preferované"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Upraviť model",
     "Model text": "Text modelu",
@@ -1136,6 +1149,7 @@
     "Link": "Odkaz",
     "Location": "Miesto",
     "Location - Tooltip": "Mesto bydliska",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Spravované účty",
     "Modify password...": "Zmeniť heslo...",
     "Multi-factor authentication": "Viacfaktorová autentifikácia",

web/src/locales/sv/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Enable",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Invitations",
     "Is enabled": "Is enabled",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Languages",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Edit Model",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/tr/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Token fields - Tooltip",
     "Token format": "Token format",
     "Token format - Tooltip": "The format of access token",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Etkinleştir",
     "Enable dark logo": "Enable dark logo",
     "Enable dark logo - Tooltip": "Enable dark logo",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Etkin",
     "Enabled successfully": "Başarıyla etkinleştirildi",
     "Enforcers": "Enforcers",
@@ -265,6 +269,8 @@
     "Invitations": "Davetler",
     "Is enabled": "Aktif Mi?",
     "Is enabled - Tooltip": "Set whether it can use",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAP servers",
     "Languages": "Diller",
@@ -441,6 +447,8 @@
     "Base DN": "Base DN",
     "Base DN - Tooltip": "Base DN during LDAP search",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Edit LDAP",
     "Enable SSL": "Enable SSL",
     "Enable SSL - Tooltip": "Whether to enable SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Telefon numaranız",
     "preferred": "tercih edilen"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Modeli Düzenle",
     "Model text": "Model text",
@@ -1136,6 +1149,7 @@
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "City of residence",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Managed accounts",
     "Modify password...": "Modify password...",
     "Multi-factor authentication": "Multi-factor authentication",

web/src/locales/uk/data.json

@@ -121,6 +121,8 @@
     "Token fields - Tooltip": "Поля маркерів – підказка",
     "Token format": "Формат маркера",
     "Token format - Tooltip": "Формат маркера доступу",
+    "Token signing method": "Token signing method",
+    "Token signing method - Tooltip": "Signing method of JWT token, needs to be the same algorithm as the certificate",
     "You are unexpected to see this prompt page": "Ви неочікувано побачите цю сторінку запиту"
   },
   "cert": {
@@ -234,6 +236,8 @@
     "Enable": "Увімкнути",
     "Enable dark logo": "Увімкнути темний логотип",
     "Enable dark logo - Tooltip": "Увімкнути темний логотип",
+    "Enable tour": "Enable tour",
+    "Enable tour - Tooltip": "Display tour for users",
     "Enabled": "Увімкнено",
     "Enabled successfully": "Успішно ввімкнено",
     "Enforcers": "Силовики",
@@ -265,6 +269,8 @@
     "Invitations": "Запрошення",
     "Is enabled": "Увімкнено",
     "Is enabled - Tooltip": "Встановіть, чи можна використовувати",
+    "Is shared": "Is shared",
+    "Is shared - Tooltip": "Share this application with other organizations",
     "LDAPs": "LDAP",
     "LDAPs - Tooltip": "Сервери LDAP",
     "Languages": "Мови",
@@ -441,6 +447,8 @@
     "Base DN": "Базовий DN",
     "Base DN - Tooltip": "Базовий DN під час пошуку LDAP",
     "CN": "CN",
+    "Default group": "Default group",
+    "Default group - Tooltip": "Group to which users belong after synchronization",
     "Edit LDAP": "Редагувати LDAP",
     "Enable SSL": "Увімкніть SSL",
     "Enable SSL - Tooltip": "Чи вмикати SSL",
@@ -551,6 +559,11 @@
     "Your phone is": "Ваш телефон",
     "preferred": "бажаний"
   },
+  "mfaAccount": {
+    "Account Name": "Account Name",
+    "Issuer": "Issuer",
+    "Secret Key": "Secret Key"
+  },
   "model": {
     "Edit Model": "Редагувати модель",
     "Model text": "Текст моделі",
@@ -1136,6 +1149,7 @@
     "Link": "Посилання",
     "Location": "Місцезнаходження",
     "Location - Tooltip": "Місто проживання",
+    "MFA accounts": "MFA accounts",
     "Managed accounts": "Керовані облікові записи",
     "Modify password...": "Змінити пароль...",
     "Multi-factor authentication": "Багатофакторна аутентифікація",