feat: fix CheckUpdateUser() logic to fix add-user error

* feat: Username support email format

* feat: Only fulfill the first requirement

* fix: Improve code robustness

controllers/auth.go

@@ -854,6 +854,7 @@ func (c *ApiController) Login() {
 		}
 
 		if authForm.Passcode != "" {
+			user.CountryCode = user.GetCountryCode(user.CountryCode)
 			mfaUtil := object.GetMfaUtil(authForm.MfaType, user.GetPreferredMfaProps(false))
 			if mfaUtil == nil {
 				c.ResponseError("Invalid multi-factor authentication type")

controllers/verification.go

@@ -294,6 +294,7 @@ func (c *ApiController) SendVerificationCode() {
 			}
 
 			vform.CountryCode = mfaProps.CountryCode
+			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 		}
 
 		provider, err = application.GetSmsProvider(vform.Method, vform.CountryCode)

object/application.go

@@ -723,8 +723,15 @@ func (application *Application) GetId() string {
 }
 
 func (application *Application) IsRedirectUriValid(redirectUri string) bool {
-	redirectUris := append([]string{"http://localhost:", "https://localhost:", "http://127.0.0.1:", "http://casdoor-app", ".chromiumapp.org"}, application.RedirectUris...)
+	isValid, err := util.IsValidOrigin(redirectUri)
-	for _, targetUri := range redirectUris {
+	if err != nil {
+		panic(err)
+	}
+	if isValid {
+		return true
+	}
+
+	for _, targetUri := range application.RedirectUris {
 		targetUriRegex := regexp.MustCompile(targetUri)
 		if targetUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, targetUri) {
 			return true

object/check.go

@@ -520,11 +520,46 @@ func CheckUsername(username string, lang string) string {
 	return ""
 }
 
+func CheckUsernameWithEmail(username string, lang string) string {
+	if username == "" {
+		return i18n.Translate(lang, "check:Empty username.")
+	} else if len(username) > 39 {
+		return i18n.Translate(lang, "check:Username is too long (maximum is 39 characters).")
+	}
+
+	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
+
+	if !util.ReUserNameWithEmail.MatchString(username) {
+		return i18n.Translate(lang, "check:Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.")
+	}
+	return ""
+}
+
 func CheckUpdateUser(oldUser, user *User, lang string) string {
 	if oldUser.Name != user.Name {
-		if msg := CheckUsername(user.Name, lang); msg != "" {
+		organizationName := oldUser.Owner
-			return msg
+		if organizationName == "" {
+			organizationName = user.Owner
 		}
+
+		organization, err := getOrganization("admin", organizationName)
+		if err != nil {
+			return err.Error()
+		}
+		if organization == nil {
+			return fmt.Sprintf(i18n.Translate(lang, "auth:The organization: %s does not exist"), organizationName)
+		}
+
+		if organization.UseEmailAsUsername {
+			if msg := CheckUsernameWithEmail(user.Name, lang); msg != "" {
+				return msg
+			}
+		} else {
+			if msg := CheckUsername(user.Name, lang); msg != "" {
+				return msg
+			}
+		}
+
 		if HasUserByField(user.Owner, "name", user.Name) {
 			return i18n.Translate(lang, "check:Username already exists")
 		}

object/check_ip.go

@@ -43,6 +43,8 @@ func CheckEntryIp(clientIp string, user *User, application *Application, organiz
 		if err != nil {
 			application.IpRestriction = err.Error() + application.Name
 			return fmt.Errorf(err.Error() + application.Name)
+		} else {
+			application.IpRestriction = ""
 		}
 
 		if organization == nil && application.OrganizationObj != nil {
@@ -55,6 +57,8 @@ func CheckEntryIp(clientIp string, user *User, application *Application, organiz
 		if err != nil {
 			organization.IpRestriction = err.Error() + organization.Name
 			return fmt.Errorf(err.Error() + organization.Name)
+		} else {
+			organization.IpRestriction = ""
 		}
 	}
 

object/user.go

@@ -816,6 +816,10 @@ func AddUser(user *User) (bool, error) {
 		user.UpdateUserPassword(organization)
 	}
 
+	if user.CreatedTime == "" {
+		user.CreatedTime = util.GetCurrentTime()
+	}
+
 	err = user.UpdateUserHash()
 	if err != nil {
 		return false, err

routers/cors_filter.go

@@ -16,11 +16,11 @@ package routers
 
 import (
 	"net/http"
-	"strings"
 
 	"github.com/beego/beego/context"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
 )
 
 const (
@@ -52,7 +52,13 @@ func CorsFilter(ctx *context.Context) {
 		origin = ""
 	}
 
-	if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "https://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") || strings.HasPrefix(origin, "http://casdoor-app") || strings.Contains(origin, ".chromiumapp.org") {
+	isValid, err := util.IsValidOrigin(origin)
+	if err != nil {
+		ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
+		responseError(ctx, err.Error())
+		return
+	}
+	if isValid {
 		setCorsHeaders(ctx, origin)
 		return
 	}

util/validation.go

@@ -17,6 +17,7 @@ package util
 import (
 	"fmt"
 	"net/mail"
+	"net/url"
 	"regexp"
 	"strings"
 
@@ -24,10 +25,11 @@ import (
 )
 
 var (
-	rePhone          *regexp.Regexp
+	rePhone             *regexp.Regexp
-	ReWhiteSpace     *regexp.Regexp
+	ReWhiteSpace        *regexp.Regexp
-	ReFieldWhiteList *regexp.Regexp
+	ReFieldWhiteList    *regexp.Regexp
-	ReUserName       *regexp.Regexp
+	ReUserName          *regexp.Regexp
+	ReUserNameWithEmail *regexp.Regexp
 )
 
 func init() {
@@ -35,6 +37,7 @@ func init() {
 	ReWhiteSpace, _ = regexp.Compile(`\s`)
 	ReFieldWhiteList, _ = regexp.Compile(`^[A-Za-z0-9]+$`)
 	ReUserName, _ = regexp.Compile("^[a-zA-Z0-9]+([-._][a-zA-Z0-9]+)*$")
+	ReUserNameWithEmail, _ = regexp.Compile(`^([a-zA-Z0-9]+([-._][a-zA-Z0-9]+)*)|([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})$`) // Add support for email formats
 }
 
 func IsEmailValid(email string) bool {
@@ -100,3 +103,21 @@ func GetCountryCode(prefix string, phone string) (string, error) {
 func FilterField(field string) bool {
 	return ReFieldWhiteList.MatchString(field)
 }
+
+func IsValidOrigin(origin string) (bool, error) {
+	urlObj, err := url.Parse(origin)
+	if err != nil {
+		return false, err
+	}
+	if urlObj == nil {
+		return false, nil
+	}
+
+	originHostOnly := ""
+	if urlObj.Host != "" {
+		originHostOnly = fmt.Sprintf("%s://%s", urlObj.Scheme, urlObj.Hostname())
+	}
+
+	res := originHostOnly == "http://localhost" || originHostOnly == "https://localhost" || originHostOnly == "http://127.0.0.1" || originHostOnly == "http://casdoor-app" || strings.HasSuffix(originHostOnly, ".chromiumapp.org")
+	return res, nil
+}

web/src/ApplicationEditPage.js

@@ -603,7 +603,7 @@ class ApplicationEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:IP whitelist"), i18next.t("general:IP whitelist - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input placeholder = {this.state.application.organizationObj?.ipWhitelist} value={this.state.application.ipWhiteList} onChange={e => {
+            <Input placeholder = {this.state.application.organizationObj?.ipWhitelist} value={this.state.application.ipWhitelist} onChange={e => {
               this.updateApplicationField("ipWhitelist", e.target.value);
             }} />
           </Col>

web/src/ProviderEditPage.js

@@ -908,7 +908,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "Qiniu Cloud Kodo", "Synology", "Casdoor"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Synology", "Casdoor"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :

web/src/RoleEditPage.js

@@ -187,7 +187,7 @@ class RoleEditPage extends React.Component {
             {Setting.getLabel(i18next.t("role:Sub users"), i18next.t("role:Sub users - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.role.users}
+            <Select virtual={true} mode="multiple" style={{width: "100%"}} value={this.state.role.users}
               onChange={(value => {this.updateRoleField("users", value);})}
               options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))}
             />

web/src/auth/LoginPage.js

@@ -227,6 +227,22 @@ class LoginPage extends React.Component {
     return "password";
   }
 
+  getCurrentLoginMethod() {
+    if (this.state.loginMethod === "password") {
+      return "Password";
+    } else if (this.state.loginMethod?.includes("verificationCode")) {
+      return "Verification code";
+    } else if (this.state.loginMethod === "webAuthn") {
+      return "WebAuthn";
+    } else if (this.state.loginMethod === "ldap") {
+      return "LDAP";
+    } else if (this.state.loginMethod === "faceId") {
+      return "Face ID";
+    } else {
+      return "Password";
+    }
+  }
+
   getPlaceholder() {
     switch (this.state.loginMethod) {
     case "verificationCode": return i18next.t("login:Email or phone");
@@ -262,17 +278,7 @@ class LoginPage extends React.Component {
       values["organization"] = this.getApplicationObj().organization;
     }
 
-    if (this.state.loginMethod === "password") {
+    values["signinMethod"] = this.getCurrentLoginMethod();
-      values["signinMethod"] = "Password";
-    } else if (this.state.loginMethod?.includes("verificationCode")) {
-      values["signinMethod"] = "Verification code";
-    } else if (this.state.loginMethod === "webAuthn") {
-      values["signinMethod"] = "WebAuthn";
-    } else if (this.state.loginMethod === "ldap") {
-      values["signinMethod"] = "LDAP";
-    } else if (this.state.loginMethod === "faceId") {
-      values["signinMethod"] = "Face ID";
-    }
     const oAuthParams = Util.getOAuthGetParameters();
 
     values["type"] = oAuthParams?.responseType ?? this.state.type;
@@ -409,6 +415,7 @@ class LoginPage extends React.Component {
     if (this.state.type === "cas") {
       // CAS
       const casParams = Util.getCasParameters();
+      values["signinMethod"] = this.getCurrentLoginMethod();
       values["type"] = this.state.type;
       AuthBackend.loginCas(values, casParams).then((res) => {
         const loginHandler = (res) => {
@@ -437,8 +444,8 @@ class LoginPage extends React.Component {
                     formValues={values}
                     authParams={casParams}
                     application={this.getApplicationObj()}
-                    onFail={() => {
+                    onFail={(errorMessage) => {
-                      Setting.showMessage("error", i18next.t("mfa:Verification failed"));
+                      Setting.showMessage("error", errorMessage);
                     }}
                     onSuccess={(res) => loginHandler(res)}
                   />);
@@ -506,8 +513,8 @@ class LoginPage extends React.Component {
                       formValues={values}
                       authParams={oAuthParams}
                       application={this.getApplicationObj()}
-                      onFail={() => {
+                      onFail={(errorMessage) => {
-                        Setting.showMessage("error", i18next.t("mfa:Verification failed"));
+                        Setting.showMessage("error", errorMessage);
                       }}
                       onSuccess={(res) => loginHandler(res)}
                     />);

web/src/auth/MfaSetupPage.js

@@ -37,7 +37,7 @@ class MfaSetupPage extends React.Component {
     this.state = {
       account: props.account,
       application: null,
-      applicationName: props.account.signupApplication ?? "",
+      applicationName: props.account.signupApplication ?? localStorage.getItem("applicationName") ?? "",
       current: location.state?.from !== undefined ? 1 : 0,
       mfaProps: null,
       mfaType: params.get("mfaType") ?? SmsMfaType,

web/src/auth/Obfuscator.js

@@ -14,6 +14,7 @@
 
 import CryptoJS from "crypto-js";
 import i18next from "i18next";
+import {Buffer} from "buffer";
 
 export function getRandomKeyForObfuscator(obfuscatorType) {
   if (obfuscatorType === "DES") {