Revert "feat: fix Beego session delete concurrent issue (#3103 )"

This reverts commit f21aa9c0d2.
2025-08-27 21:21:34 +08:00 · 2024-08-07 16:51:29 +08:00
137 changed files with 447 additions and 3034 deletions
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@
  <a href="https://github.com/casdoor/casdoor/releases/latest">
    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
+  <a href="https://hub.docker.com/repository/docker/casbin/casdoor">
    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
  </a>
 </p>
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -77,7 +77,6 @@ p, *, *, POST, /api/verify-code, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
 p, *, *, GET, /.well-known/openid-configuration, *, *
-p, *, *, GET, /.well-known/webfinger, *, *
 p, *, *, *, /.well-known/jwks, *, *
 p, *, *, GET, /api/get-saml-login, *, *
 p, *, *, POST, /api/acs, *, *
--- a/captcha/provider.go
+++ b/captcha/provider.go
@@ -26,10 +26,6 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 		return NewDefaultCaptchaProvider()
 	case "reCAPTCHA":
 		return NewReCaptchaProvider()
-	case "reCAPTCHA v2":
-		return NewReCaptchaProvider()
-	case "reCAPTCHA v3":
-		return NewReCaptchaProvider()
 	case "Aliyun Captcha":
 		return NewAliyunCaptchaProvider()
 	case "hCaptcha":
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -21,14 +21,11 @@ originFrontend =
 staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
-enableErrorMask = false
 enableGzip = true
-inactiveTimeoutMinutes =
 ldapServerPort = 389
 radiusServerPort = 1812
 radiusSecret = "secret"
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
 logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
-initDataNewOnly = false
 initDataFile = "./init_data.json"
-frontendBaseDir = "../cc_0"
+frontendBaseDir = "../casdoor"
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -116,13 +116,6 @@ func (c *ApiController) Signup() {
 		return
 	}

-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	err = object.CheckEntryIp(clientIp, nil, application, organization, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	msg := object.CheckUserSignup(application, organization, &authForm, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
@@ -207,10 +200,6 @@ func (c *ApiController) Signup() {
 		Type:              userType,
 		Password:          authForm.Password,
 		DisplayName:       authForm.Name,
-		Gender:            authForm.Gender,
-		Bio:               authForm.Bio,
-		Tag:               authForm.Tag,
-		Education:         authForm.Education,
 		Avatar:            organization.DefaultAvatar,
 		Email:             authForm.Email,
 		Phone:             authForm.Phone,
@@ -245,10 +234,6 @@ func (c *ApiController) Signup() {
 		}
 	}

-	if invitation != nil && invitation.SignupGroup != "" {
-		user.Groups = []string{invitation.SignupGroup}
-	}
-
 	affected, err := object.AddUser(user)
 	if err != nil {
 		c.ResponseError(err.Error())
--- a/controllers/application.go
+++ b/controllers/application.go
@@ -110,9 +110,6 @@ func (c *ApiController) GetApplication() {
 		}
 	}

-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	object.CheckEntryIp(clientIp, nil, application, nil, c.GetAcceptLanguage())
-
 	c.ResponseOk(object.GetMaskedApplication(application, userId))
 }

@@ -232,11 +229,6 @@ func (c *ApiController) UpdateApplication() {
 		return
 	}

-	if err = object.CheckIpWhitelist(application.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application))
 	c.ServeJSON()
 }
@@ -267,11 +259,6 @@ func (c *ApiController) AddApplication() {
 		return
 	}

-	if err = object.CheckIpWhitelist(application.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.AddApplication(&application))
 	c.ServeJSON()
 }
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -55,13 +55,6 @@ func tokenToResponse(token *object.Token) *Response {
 func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *form.AuthForm) (resp *Response) {
 	userId := user.GetId()

-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	err := object.CheckEntryIp(clientIp, user, application, application.OrganizationObj, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	allowed, err := object.CheckLoginPermission(userId, application)
 	if err != nil {
 		c.ResponseError(err.Error(), nil)
@@ -263,9 +256,6 @@ func (c *ApiController) GetApplicationLogin() {
 		}
 	}

-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	object.CheckEntryIp(clientIp, nil, application, nil, c.GetAcceptLanguage())
-
 	application = object.GetMaskedApplication(application, "")
 	if msg != "" {
 		c.ResponseError(msg, application)
@@ -473,15 +463,6 @@ func (c *ApiController) Login() {
 			}

 			password := authForm.Password
-
-			if application.OrganizationObj != nil {
-				password, err = util.GetUnobfuscatedPassword(application.OrganizationObj.PasswordObfuscatorType, application.OrganizationObj.PasswordObfuscatorKey, authForm.Password)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-			}
-
 			isSigninViaLdap := authForm.SigninMethod == "LDAP"
 			var isPasswordWithLdapEnabled bool
 			if authForm.SigninMethod == "Password" {
--- a/controllers/link.go
+++ b/controllers/link.go
@@ -60,6 +60,7 @@ func (c *ApiController) Unlink() {
 			c.ResponseError(err.Error())
 			return
 		}
+
 		if application == nil {
 			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@@ -14,11 +14,7 @@

 package controllers

-import (
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-)
+import "github.com/casdoor/casdoor/object"

 // GetOidcDiscovery
 // @Title GetOidcDiscovery
@@ -46,31 +42,3 @@ func (c *RootController) GetJwks() {
 	c.Data["json"] = jwks
 	c.ServeJSON()
 }
-
-// GetWebFinger
-// @Title GetWebFinger
-// @Tag OIDC API
-// @Param resource query string true "resource"
-// @Success 200 {object} object.WebFinger
-// @router /.well-known/webfinger [get]
-func (c *RootController) GetWebFinger() {
-	resource := c.Input().Get("resource")
-	rels := []string{}
-	host := c.Ctx.Request.Host
-
-	for key, value := range c.Input() {
-		if strings.HasPrefix(key, "rel") {
-			rels = append(rels, value...)
-		}
-	}
-
-	webfinger, err := object.GetWebFinger(resource, rels, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = webfinger
-	c.Ctx.Output.ContentType("application/jrd+json")
-	c.ServeJSON()
-}
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -65,7 +65,7 @@ func (c *ApiController) GetOrganizations() {
 			c.ResponseOk(organizations)
 		} else {
 			limit := util.ParseInt(limit)
-			count, err := object.GetOrganizationCount(owner, organizationName, field, value)
+			count, err := object.GetOrganizationCount(owner, field, value)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -119,11 +119,6 @@ func (c *ApiController) UpdateOrganization() {
 		return
 	}

-	if err = object.CheckIpWhitelist(organization.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization))
 	c.ServeJSON()
 }
@@ -143,7 +138,7 @@ func (c *ApiController) AddOrganization() {
 		return
 	}

-	count, err := object.GetOrganizationCount("", "", "", "")
+	count, err := object.GetOrganizationCount("", "", "")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -154,11 +149,6 @@ func (c *ApiController) AddOrganization() {
 		return
 	}

-	if err = object.CheckIpWhitelist(organization.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.AddOrganization(&organization))
 	c.ServeJSON()
 }
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -182,10 +182,6 @@ func (c *ApiController) BuyProduct() {
 	paidUserName := c.Input().Get("userName")
 	owner, _ := util.GetOwnerAndNameFromId(id)
 	userId := util.GetId(owner, paidUserName)
-	if paidUserName != "" && !c.IsAdmin() {
-		c.ResponseError(c.T("general:Only admin user can specify user"))
-		return
-	}
 	if paidUserName == "" {
 		userId = c.GetSessionUsername()
 	}
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -257,7 +257,7 @@ func (c *ApiController) UploadResource() {
 		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
 	}

-	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 450)
+	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
 	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
 		ext := filepath.Ext(filepath.Base(fullFilePath))
 		index := len(fullFilePath) - len(ext)
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -289,16 +289,6 @@ func (c *ApiController) UpdateUser() {
 		}
 	}

-	if user.MfaEmailEnabled && user.Email == "" {
-		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
-		return
-	}
-
-	if user.MfaPhoneEnabled && user.Phone == "" {
-		c.ResponseError(c.T("user:MFA phone is enabled but phone number is empty"))
-		return
-	}
-
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
@@ -364,8 +354,7 @@ func (c *ApiController) AddUser() {
 		return
 	}

-	emptyUser := object.User{}
-	msg := object.CheckUpdateUser(&emptyUser, &user, c.GetAcceptLanguage())
+	msg := object.CheckUsername(user.Name, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
@@ -411,12 +400,6 @@ func (c *ApiController) GetEmailAndPhone() {
 	organization := c.Ctx.Request.Form.Get("organization")
 	username := c.Ctx.Request.Form.Get("username")

-	enableErrorMask2 := conf.GetConfigBool("enableErrorMask2")
-	if enableErrorMask2 {
-		c.ResponseError("Error")
-		return
-	}
-
 	user, err := object.GetUserByFields(organization, username)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -490,12 +473,7 @@ func (c *ApiController) SetPassword() {
 			c.ResponseError(c.T("general:Missing parameter"))
 			return
 		}
-		if userId != c.GetSession("verifiedUserId") {
-			c.ResponseError(c.T("general:Wrong userId"))
-			return
-		}
 		c.SetSession("verifiedCode", "")
-		c.SetSession("verifiedUserId", "")
 	}

 	targetUser, err := object.GetUser(userId)
@@ -541,23 +519,6 @@ func (c *ApiController) SetPassword() {
 		return
 	}

-	application, err := object.GetApplicationByUser(targetUser)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:the application for user %s is not found"), userId))
-		return
-	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	err = object.CheckEntryIp(clientIp, targetUser, application, organization, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	targetUser.Password = newPassword
 	targetUser.UpdateUserPassword(organization)
 	targetUser.NeedUpdatePassword = false
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -45,22 +45,6 @@ func (c *ApiController) ResponseOk(data ...interface{}) {

 // ResponseError ...
 func (c *ApiController) ResponseError(error string, data ...interface{}) {
-	enableErrorMask2 := conf.GetConfigBool("enableErrorMask2")
-	if enableErrorMask2 {
-		error = c.T("subscription:Error")
-
-		resp := &Response{Status: "error", Msg: error}
-		c.ResponseJsonData(resp, data...)
-		return
-	}
-
-	enableErrorMask := conf.GetConfigBool("enableErrorMask")
-	if enableErrorMask {
-		if strings.HasPrefix(error, "The user: ") && strings.HasSuffix(error, " doesn't exist") || strings.HasPrefix(error, "用户: ") && strings.HasSuffix(error, "不存在") {
-			error = c.T("check:password or code is incorrect")
-		}
-	}
-
 	resp := &Response{Status: "error", Msg: error}
 	c.ResponseJsonData(resp, data...)
 }
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -132,8 +132,7 @@ func (c *ApiController) SendVerificationCode() {
 		c.ResponseError(err.Error())
 		return
 	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)

 	if msg := vform.CheckParameter(form.SendVerifyCode, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
@@ -260,7 +259,7 @@ func (c *ApiController) SendVerificationCode() {
 			return
 		}

-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest)
+		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, vform.Dest)
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
@@ -310,7 +309,7 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
 			return
 		} else {
-			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone)
+			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, phone)
 		}
 	}

@@ -533,6 +532,5 @@ func (c *ApiController) VerifyCode() {
 	}

 	c.SetSession("verifiedCode", authForm.Code)
-	c.SetSession("verifiedUserId", user.GetId())
 	c.ResponseOk()
 }
--- a/deployment/deploy.go
+++ b/deployment/deploy.go
@@ -27,18 +27,7 @@ import (
 )

 func deployStaticFiles(provider *object.Provider) {
-	certificate := ""
-	if provider.Category == "Storage" && provider.Type == "Casdoor" {
-		cert, err := object.GetCert(util.GetId(provider.Owner, provider.Cert))
-		if err != nil {
-			panic(err)
-		}
-		if cert == nil {
-			panic(err)
-		}
-		certificate = cert.Certificate
-	}
-	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint, certificate, provider.Content)
+	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
 	if err != nil {
 		panic(err)
 	}
--- a/form/auth.go
+++ b/form/auth.go
@@ -26,10 +26,6 @@ type AuthForm struct {
 	Name           string `json:"name"`
 	FirstName      string `json:"firstName"`
 	LastName       string `json:"lastName"`
-	Gender         string `json:"gender"`
-	Bio            string `json:"bio"`
-	Tag            string `json:"tag"`
-	Education      string `json:"education"`
 	Email          string `json:"email"`
 	Phone          string `json:"phone"`
 	Affiliation    string `json:"affiliation"`
--- a/go.mod
+++ b/go.mod
@@ -11,9 +11,8 @@ require (
 	github.com/casbin/casbin/v2 v2.77.2
 	github.com/casdoor/go-sms-sender v0.24.0
 	github.com/casdoor/gomail/v2 v2.0.1
-	github.com/casdoor/ldapserver v1.2.0
 	github.com/casdoor/notify v0.45.0
-	github.com/casdoor/oss v1.8.0
+	github.com/casdoor/oss v1.6.0
 	github.com/casdoor/xorm-adapter/v3 v3.1.0
 	github.com/casvisor/casvisor-go-sdk v1.4.0
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
@@ -21,6 +20,7 @@ require (
 	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
 	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
 	github.com/fogleman/gg v1.3.0
+	github.com/forestmgy/ldapserver v1.1.0
 	github.com/go-asn1-ber/asn1-ber v1.5.5
 	github.com/go-git/go-git/v5 v5.11.0
 	github.com/go-ldap/ldap/v3 v3.4.6
@@ -30,7 +30,7 @@ require (
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
 	github.com/go-webauthn/webauthn v0.6.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/uuid v1.6.0
+	github.com/google/uuid v1.4.0
 	github.com/json-iterator/go v1.1.12
 	github.com/lestrrat-go/jwx v1.2.29
 	github.com/lib/pq v1.10.9
--- a/go.sum
+++ b/go.sum
@@ -1083,20 +1083,16 @@ github.com/casbin/casbin/v2 v2.28.3/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRt
 github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg=
 github.com/casbin/casbin/v2 v2.77.2 h1:yQinn/w9x8AswiwqwtrXz93VU48R1aYTXdHEx4RI3jM=
 github.com/casbin/casbin/v2 v2.77.2/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk=
-github.com/casdoor/casdoor-go-sdk v0.50.0 h1:bUYbz/MzJuWfLKJbJM0+U0YpYewAur+THp5TKnufWZM=
-github.com/casdoor/casdoor-go-sdk v0.50.0/go.mod h1:cMnkCQJgMYpgAlgEx8reSt1AVaDIQLcJ1zk5pzBaz+4=
 github.com/casdoor/go-reddit/v2 v2.1.0 h1:kIbfdJ7AA7H0uTQ8s0q4GGZqSS5V9wVE74RrXyD9XPs=
 github.com/casdoor/go-reddit/v2 v2.1.0/go.mod h1:eagkvwlZ4Hcsuc/uQsLHYEulz5jN65SVSwV/AIE7zsc=
 github.com/casdoor/go-sms-sender v0.24.0 h1:LNLsce3EG/87I3JS6UiajF3LlQmdIiCgebEu0IE4wSM=
 github.com/casdoor/go-sms-sender v0.24.0/go.mod h1:bOm4H8/YfJmEHjBatEVQFOnAf0OOn1B0Wi5B7zDhws0=
 github.com/casdoor/gomail/v2 v2.0.1 h1:J+FG6x80s9e5lBHUn8Sv0Y56mud34KiWih5YdmudR/w=
 github.com/casdoor/gomail/v2 v2.0.1/go.mod h1:VnGPslEAtpix5FjHisR/WKB1qvZDBaujbikxDe9d+2Q=
-github.com/casdoor/ldapserver v1.2.0 h1:HdSYe+ULU6z9K+2BqgTrJKQRR4//ERAXB64ttOun6Ow=
-github.com/casdoor/ldapserver v1.2.0/go.mod h1:VwYU2vqQ2pA8sa00PRekH71R2XmgfzMKhmp1XrrDu2s=
 github.com/casdoor/notify v0.45.0 h1:OlaFvcQFjGOgA4mRx07M8AH1gvb5xNo21mcqrVGlLgk=
 github.com/casdoor/notify v0.45.0/go.mod h1:wNHQu0tiDROMBIvz0j3Om3Lhd5yZ+AIfnFb8MYb8OLQ=
-github.com/casdoor/oss v1.8.0 h1:uuyKhDIp7ydOtV4lpqhAY23Ban2Ln8La8+QT36CwylM=
-github.com/casdoor/oss v1.8.0/go.mod h1:uaqO7KBI2lnZcnB8rF7O6C2bN7llIbfC5Ql8ex1yR1U=
+github.com/casdoor/oss v1.6.0 h1:IOWrGLJ+VO82qS796eaRnzFPPA1Sn3cotYTi7O/VIlQ=
+github.com/casdoor/oss v1.6.0/go.mod h1:rJAWA0hLhtu94t6IRpotLUkXO1NWMASirywQYaGizJE=
 github.com/casdoor/xorm-adapter/v3 v3.1.0 h1:NodWayRtSLVSeCvL9H3Hc61k0G17KhV9IymTCNfh3kk=
 github.com/casdoor/xorm-adapter/v3 v3.1.0/go.mod h1:4WTcUw+bTgBylGHeGHzTtBvuTXRS23dtwzFLl9tsgFM=
 github.com/casvisor/casvisor-go-sdk v1.4.0 h1:hbZEGGJ1cwdHFAxeXrMoNw6yha6Oyg2F0qQhBNCN/dg=
@@ -1239,6 +1235,8 @@ github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga
 github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/fogleman/gg v1.3.0 h1:/7zJX8F6AaYQc57WQCyN9cAIz+4bCJGO9B+dyW29am8=
 github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
+github.com/forestmgy/ldapserver v1.1.0 h1:gvil4nuLhqPEL8SugCkFhRyA0/lIvRdwZSqlrw63ll4=
+github.com/forestmgy/ldapserver v1.1.0/go.mod h1:1RZ8lox1QSY7rmbjdmy+sYQXY4Lp7SpGzpdE3+j3IyM=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
@@ -1462,9 +1460,8 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
 github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@@ -15,10 +15,10 @@
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Аккаунт для провайдера: %s и имя пользователя: %s (%s) не существует и не может быть зарегистрирован как новый аккаунт. Пожалуйста, обратитесь в службу поддержки IT",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Аккаунт поставщика: %s и имя пользователя: %s (%s) уже связаны с другим аккаунтом: %s (%s)",
    "The application: %s does not exist": "Приложение: %s не существует",
-    "The login method: login with LDAP is not enabled for the application": "Метод входа в систему: вход с помощью LDAP не включен для приложения",
-    "The login method: login with SMS is not enabled for the application": "Метод входа: вход с помощью SMS не включен для приложения",
-    "The login method: login with email is not enabled for the application": "Метод входа: вход с помощью электронной почты не включен для приложения",
-    "The login method: login with face is not enabled for the application": "Метод входа: вход с помощью лица не включен для приложения",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "Метод входа: вход с паролем не включен для приложения",
    "The organization: %s does not exist": "The organization: %s does not exist",
    "The provider: %s is not enabled for the application": "Провайдер: %s не включен для приложения",
@@ -53,16 +53,16 @@
    "Phone already exists": "Телефон уже существует",
    "Phone cannot be empty": "Телефон не может быть пустым",
    "Phone number is invalid": "Номер телефона является недействительным",
-    "Please register using the email corresponding to the invitation code": "Пожалуйста, зарегистрируйтесь, используя электронную почту, соответствующую коду приглашения",
-    "Please register using the phone  corresponding to the invitation code": "Пожалуйста, зарегистрируйтесь по телефону, соответствующему коду приглашения",
-    "Please register using the username corresponding to the invitation code": "Пожалуйста, зарегистрируйтесь, используя имя пользователя, соответствующее коду приглашения",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
    "Session outdated, please login again": "Сессия устарела, пожалуйста, войдите снова",
    "The invitation code has already been used": "The invitation code has already been used",
    "The user is forbidden to sign in, please contact the administrator": "Пользователю запрещен вход, пожалуйста, обратитесь к администратору",
    "The user: %s doesn't exist in LDAP server": "Пользователь %s не существует на LDAP сервере",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Имя пользователя может состоять только из буквенно-цифровых символов, нижних подчеркиваний или дефисов, не может содержать последовательные дефисы или подчеркивания, а также не может начинаться или заканчиваться на дефис или подчеркивание.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Значение \\\"%s\\\" для поля аккаунта \\\"%s\\\" не соответствует регулярному значению",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Значение \\\"%s\\\" поля регистрации \\\"%s\\\" не соответствует регулярному выражению приложения \\\"%s\\\"",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
    "Username already exists": "Имя пользователя уже существует",
    "Username cannot be an email address": "Имя пользователя не может быть адресом электронной почты",
    "Username cannot contain white spaces": "Имя пользователя не может содержать пробелы",
@@ -78,11 +78,11 @@
  "general": {
    "Missing parameter": "Отсутствующий параметр",
    "Please login first": "Пожалуйста, сначала войдите в систему",
-    "The organization: %s should have one application at least": "Организация: %s должна иметь хотя бы одно приложение",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "Пользователь %s не существует",
    "don't support captchaProvider: ": "неподдерживаемый captchaProvider: ",
    "this operation is not allowed in demo mode": "эта операция не разрешена в демо-режиме",
-    "this operation requires administrator to perform": "для выполнения этой операции требуется администратор"
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
  },
  "ldap": {
    "Ldap server exist": "LDAP-сервер существует"
@@ -101,11 +101,11 @@
    "Unknown modify rule %s.": "Неизвестное изменение правила %s."
  },
  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "Разрешение: \\\"%s\\\" не существует"
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
  },
  "provider": {
    "Invalid application id": "Неверный идентификатор приложения",
-    "the provider: %s does not exist": "Провайдер: %s не существует"
+    "the provider: %s does not exist": "провайдер: %s не существует"
  },
  "resource": {
    "User is nil for tag: avatar": "Пользователь равен нулю для тега: аватар",
@@ -115,7 +115,7 @@
    "Application %s not found": "Приложение %s не найдено"
  },
  "saml_sp": {
-    "provider %s's category is not SAML": "Категория провайдера %s не является SAML"
+    "provider %s's category is not SAML": "категория провайдера %s не является SAML"
  },
  "service": {
    "Empty parameters for emailForm: %v": "Пустые параметры для emailForm: %v",
@@ -148,7 +148,7 @@
  "verification": {
    "Invalid captcha provider.": "Недействительный поставщик CAPTCHA.",
    "Phone number is invalid in your region %s": "Номер телефона недействителен в вашем регионе %s",
-    "The verification code has not been sent yet!": "Код проверки еще не отправлен!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Тест Тьюринга не удался.",
    "Unable to get the email modify rule.": "Невозможно получить правило изменения электронной почты.",
@@ -156,8 +156,8 @@
    "Unknown type": "Неизвестный тип",
    "Wrong verification code!": "Неправильный код подтверждения!",
    "You should verify your code in %d min!": "Вы должны проверить свой код через %d минут!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "Пожалуйста, добавьте поставщика SMS в список \\\"Провайдеры\\\" для приложения: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "Пожалуйста, добавьте поставщика электронной почты в список \\\"Провайдеры\\\" для приложения: %s",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
    "the user does not exist, please sign up first": "Пользователь не существует, пожалуйста, сначала зарегистрируйтесь"
  },
  "webauthn": {
--- a/idp/alipay.go
+++ b/idp/alipay.go
@@ -200,7 +200,7 @@ func (idp *AlipayIdProvider) postWithBody(body interface{}, targetUrl string) ([

 	formData.Set("sign", sign)

-	resp, err := idp.Client.Post(targetUrl, "application/x-www-form-urlencoded;charset=utf-8", strings.NewReader(formData.Encode()))
+	resp, err := idp.Client.PostForm(targetUrl, formData)
 	if err != nil {
 		return nil, err
 	}
--- a/ldap/server.go
+++ b/ldap/server.go
@@ -21,7 +21,7 @@ import (

 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
-	ldap "github.com/casdoor/ldapserver"
+	ldap "github.com/forestmgy/ldapserver"
 	"github.com/lor00x/goldap/message"
 )

--- a/ldap/util.go
+++ b/ldap/util.go
@@ -23,7 +23,7 @@ import (
 	"github.com/casdoor/casdoor/util"
 	"github.com/lor00x/goldap/message"

-	ldap "github.com/casdoor/ldapserver"
+	ldap "github.com/forestmgy/ldapserver"

 	"github.com/xorm-io/builder"
 )
--- a/main.go
+++ b/main.go
@@ -56,7 +56,6 @@ func main() {
 	beego.InsertFilter("*", beego.BeforeRouter, routers.StaticFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.AutoSigninFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.CorsFilter)
-	beego.InsertFilter("*", beego.BeforeRouter, routers.TimeoutFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.ApiFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.PrometheusFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.RecordMessage)
@@ -72,7 +71,6 @@ func main() {
 		beego.BConfig.WebConfig.Session.SessionProviderConfig = conf.GetConfigString("redisEndpoint")
 	}
 	beego.BConfig.WebConfig.Session.SessionCookieLifeTime = 3600 * 24 * 30
-	beego.BConfig.WebConfig.Session.SessionGCMaxLifetime = 3600 * 24 * 30
 	// beego.BConfig.WebConfig.Session.SessionCookieSameSite = http.SameSiteNoneMode

 	err := logs.SetLogger(logs.AdapterFile, conf.GetConfigString("logConfig"))
--- a/object/application.go
+++ b/object/application.go
@@ -31,17 +31,15 @@ type SigninMethod struct {
 }

 type SignupItem struct {
-	Name        string   `json:"name"`
-	Visible     bool     `json:"visible"`
-	Required    bool     `json:"required"`
-	Prompted    bool     `json:"prompted"`
-	Type        string   `json:"type"`
-	CustomCss   string   `json:"customCss"`
-	Label       string   `json:"label"`
-	Placeholder string   `json:"placeholder"`
-	Options     []string `json:"options"`
-	Regex       string   `json:"regex"`
-	Rule        string   `json:"rule"`
+	Name        string `json:"name"`
+	Visible     bool   `json:"visible"`
+	Required    bool   `json:"required"`
+	Prompted    bool   `json:"prompted"`
+	CustomCss   string `json:"customCss"`
+	Label       string `json:"label"`
+	Placeholder string `json:"placeholder"`
+	Regex       string `json:"regex"`
+	Rule        string `json:"rule"`
 }

 type SigninItem struct {
@@ -80,28 +78,24 @@ type Application struct {
 	EnableSamlCompress    bool            `json:"enableSamlCompress"`
 	EnableSamlC14n10      bool            `json:"enableSamlC14n10"`
 	EnableSamlPostBinding bool            `json:"enableSamlPostBinding"`
-	UseEmailAsSamlNameId  bool            `json:"useEmailAsSamlNameId"`
 	EnableWebAuthn        bool            `json:"enableWebAuthn"`
 	EnableLinkWithEmail   bool            `json:"enableLinkWithEmail"`
 	OrgChoiceMode         string          `json:"orgChoiceMode"`
 	SamlReplyUrl          string          `xorm:"varchar(100)" json:"samlReplyUrl"`
 	Providers             []*ProviderItem `xorm:"mediumtext" json:"providers"`
 	SigninMethods         []*SigninMethod `xorm:"varchar(2000)" json:"signinMethods"`
-	SignupItems           []*SignupItem   `xorm:"varchar(3000)" json:"signupItems"`
+	SignupItems           []*SignupItem   `xorm:"varchar(2000)" json:"signupItems"`
 	SigninItems           []*SigninItem   `xorm:"mediumtext" json:"signinItems"`
 	GrantTypes            []string        `xorm:"varchar(1000)" json:"grantTypes"`
 	OrganizationObj       *Organization   `xorm:"-" json:"organizationObj"`
 	CertPublicKey         string          `xorm:"-" json:"certPublicKey"`
 	Tags                  []string        `xorm:"mediumtext" json:"tags"`
 	SamlAttributes        []*SamlItem     `xorm:"varchar(1000)" json:"samlAttributes"`
-	IsShared              bool            `json:"isShared"`
-	IpRestriction         string          `json:"ipRestriction"`

 	ClientId             string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret         string     `xorm:"varchar(100)" json:"clientSecret"`
 	RedirectUris         []string   `xorm:"varchar(1000)" json:"redirectUris"`
 	TokenFormat          string     `xorm:"varchar(100)" json:"tokenFormat"`
-	TokenSigningMethod   string     `xorm:"varchar(100)" json:"tokenSigningMethod"`
 	TokenFields          []string   `xorm:"varchar(1000)" json:"tokenFields"`
 	ExpireInHours        int        `json:"expireInHours"`
 	RefreshExpireInHours int        `json:"refreshExpireInHours"`
@@ -109,7 +103,6 @@ type Application struct {
 	SigninUrl            string     `xorm:"varchar(200)" json:"signinUrl"`
 	ForgetUrl            string     `xorm:"varchar(200)" json:"forgetUrl"`
 	AffiliationUrl       string     `xorm:"varchar(100)" json:"affiliationUrl"`
-	IpWhitelist          string     `xorm:"varchar(200)" json:"ipWhitelist"`
 	TermsOfUse           string     `xorm:"varchar(100)" json:"termsOfUse"`
 	SignupHtml           string     `xorm:"mediumtext" json:"signupHtml"`
 	SigninHtml           string     `xorm:"mediumtext" json:"signinHtml"`
@@ -130,9 +123,9 @@ func GetApplicationCount(owner, field, value string) (int64, error) {
 	return session.Count(&Application{})
 }

-func GetOrganizationApplicationCount(owner, organization, field, value string) (int64, error) {
+func GetOrganizationApplicationCount(owner, Organization, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Where("organization = ? or is_shared = ? ", organization, true).Count(&Application{})
+	return session.Count(&Application{Organization: Organization})
 }

 func GetApplications(owner string) ([]*Application, error) {
@@ -147,7 +140,7 @@ func GetApplications(owner string) ([]*Application, error) {

 func GetOrganizationApplications(owner string, organization string) ([]*Application, error) {
 	applications := []*Application{}
-	err := ormer.Engine.Desc("created_time").Where("organization = ? or is_shared = ? ", organization, true).Find(&applications, &Application{})
+	err := ormer.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
 	if err != nil {
 		return applications, err
 	}
@@ -169,7 +162,7 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) ([]*Application, error) {
 	applications := []*Application{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Where("organization = ? or is_shared = ? ", organization, true).Find(&applications, &Application{})
+	err := session.Find(&applications, &Application{Organization: organization})
 	if err != nil {
 		return applications, err
 	}
@@ -344,18 +337,12 @@ func getApplication(owner string, name string) (*Application, error) {
 		return nil, nil
 	}

-	realApplicationName, sharedOrg := util.GetSharedOrgFromApp(name)
-
-	application := Application{Owner: owner, Name: realApplicationName}
+	application := Application{Owner: owner, Name: name}
 	existed, err := ormer.Engine.Get(&application)
 	if err != nil {
 		return nil, err
 	}

-	if application.IsShared && sharedOrg != "" {
-		application.Organization = sharedOrg
-	}
-
 	if existed {
 		err = extendApplicationWithProviders(&application)
 		if err != nil {
@@ -441,18 +428,11 @@ func GetApplicationByUserId(userId string) (application *Application, err error)

 func GetApplicationByClientId(clientId string) (*Application, error) {
 	application := Application{}
-
-	realClientId, sharedOrg := util.GetSharedOrgFromApp(clientId)
-
-	existed, err := ormer.Engine.Where("client_id=?", realClientId).Get(&application)
+	existed, err := ormer.Engine.Where("client_id=?", clientId).Get(&application)
 	if err != nil {
 		return nil, err
 	}

-	if application.IsShared && sharedOrg != "" {
-		application.Organization = sharedOrg
-	}
-
 	if existed {
 		err = extendApplicationWithProviders(&application)
 		if err != nil {
@@ -536,7 +516,7 @@ func GetMaskedApplication(application *Application, userId string) *Application

 	providerItems := []*ProviderItem{}
 	for _, providerItem := range application.Providers {
-		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha" || providerItem.Provider.Category == "SAML") {
+		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha") {
 			providerItems = append(providerItems, providerItem)
 		}
 	}
@@ -646,10 +626,6 @@ func UpdateApplication(id string, application *Application) (bool, error) {
 		return false, err
 	}

-	if application.IsShared == true && application.Organization != "built-in" {
-		return false, fmt.Errorf("only applications belonging to built-in organization can be shared")
-	}
-
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}
@@ -723,15 +699,8 @@ func (application *Application) GetId() string {
 }

 func (application *Application) IsRedirectUriValid(redirectUri string) bool {
-	isValid, err := util.IsValidOrigin(redirectUri)
-	if err != nil {
-		panic(err)
-	}
-	if isValid {
-		return true
-	}
-
-	for _, targetUri := range application.RedirectUris {
+	redirectUris := append([]string{"http://localhost:", "https://localhost:", "http://127.0.0.1:", "http://casdoor-app", ".chromiumapp.org"}, application.RedirectUris...)
+	for _, targetUri := range redirectUris {
 		targetUriRegex := regexp.MustCompile(targetUri)
 		if targetUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, targetUri) {
 			return true
--- a/object/check.go
+++ b/object/check.go
@@ -539,11 +539,6 @@ func CheckUpdateUser(oldUser, user *User, lang string) string {
 			return i18n.Translate(lang, "check:Phone already exists")
 		}
 	}
-	if oldUser.IpWhitelist != user.IpWhitelist {
-		if err := CheckIpWhitelist(user.IpWhitelist, lang); err != nil {
-			return err.Error()
-		}
-	}

 	return ""
 }
--- a/object/check_ip.go
+++ b/object/check_ip.go
@@ -1,100 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"fmt"
-	"net"
-	"strings"
-
-	"github.com/casdoor/casdoor/i18n"
-)
-
-func CheckEntryIp(clientIp string, user *User, application *Application, organization *Organization, lang string) error {
-	entryIp := net.ParseIP(clientIp)
-	if entryIp == nil {
-		return fmt.Errorf(i18n.Translate(lang, "check:Failed to parse client IP: %s"), clientIp)
-	} else if entryIp.IsLoopback() {
-		return nil
-	}
-
-	var err error
-	if user != nil {
-		err = isEntryIpAllowd(user.IpWhitelist, entryIp, lang)
-		if err != nil {
-			return fmt.Errorf(err.Error() + user.Name)
-		}
-	}
-
-	if application != nil {
-		err = isEntryIpAllowd(application.IpWhitelist, entryIp, lang)
-		if err != nil {
-			application.IpRestriction = err.Error() + application.Name
-			return fmt.Errorf(err.Error() + application.Name)
-		}
-
-		if organization == nil && application.OrganizationObj != nil {
-			organization = application.OrganizationObj
-		}
-	}
-
-	if organization != nil {
-		err = isEntryIpAllowd(organization.IpWhitelist, entryIp, lang)
-		if err != nil {
-			organization.IpRestriction = err.Error() + organization.Name
-			return fmt.Errorf(err.Error() + organization.Name)
-		}
-	}
-
-	return nil
-}
-
-func isEntryIpAllowd(ipWhitelistStr string, entryIp net.IP, lang string) error {
-	if ipWhitelistStr == "" {
-		return nil
-	}
-
-	ipWhitelist := strings.Split(ipWhitelistStr, ",")
-	for _, ip := range ipWhitelist {
-		_, ipNet, err := net.ParseCIDR(ip)
-		if err != nil {
-			return err
-		}
-		if ipNet == nil {
-			return fmt.Errorf(i18n.Translate(lang, "check:CIDR for IP: %s should not be empty"), entryIp.String())
-		}
-
-		if ipNet.Contains(entryIp) {
-			return nil
-		}
-	}
-
-	return fmt.Errorf(i18n.Translate(lang, "check:Your IP address: %s has been banned according to the configuration of: "), entryIp.String())
-}
-
-func CheckIpWhitelist(ipWhitelistStr string, lang string) error {
-	if ipWhitelistStr == "" {
-		return nil
-	}
-
-	ipWhiteList := strings.Split(ipWhitelistStr, ",")
-	for _, ip := range ipWhiteList {
-		if _, _, err := net.ParseCIDR(ip); err != nil {
-			return fmt.Errorf(i18n.Translate(lang, "check:%s does not meet the CIDR format requirements: %s"), ip, err.Error())
-		}
-	}
-
-	return nil
-}
--- a/object/check_util.go
+++ b/object/check_util.go
@@ -52,9 +52,6 @@ func GetFailedSigninConfigByUser(user *User) (int, int, error) {
 	if err != nil {
 		return 0, 0, err
 	}
-	if application == nil {
-		return 0, 0, fmt.Errorf("the application for user %s is not found", user.GetId())
-	}

 	failedSigninLimit := application.FailedSigninLimit
 	if failedSigninLimit == 0 {
--- a/object/init_data.go
+++ b/object/init_data.go
@@ -48,16 +48,12 @@ type InitData struct {
 	Transactions  []*Transaction        `json:"transactions"`
 }

-var initDataNewOnly bool
-
 func InitFromFile() {
 	initDataFile := conf.GetConfigString("initDataFile")
 	if initDataFile == "" {
 		return
 	}

-	initDataNewOnly = conf.GetConfigBool("initDataNewOnly")
-
 	initData, err := readInitDataFromFile(initDataFile)
 	if err != nil {
 		panic(err)
@@ -186,9 +182,6 @@ func readInitDataFromFile(filePath string) (*InitData, error) {
 		if organization.Tags == nil {
 			organization.Tags = []string{}
 		}
-		if organization.AccountItems == nil {
-			organization.AccountItems = []*AccountItem{}
-		}
 	}
 	for _, application := range data.Applications {
 		if application.Providers == nil {
@@ -273,9 +266,6 @@ func initDefinedOrganization(organization *Organization) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := deleteOrganization(organization)
 		if err != nil {
 			panic(err)
@@ -285,9 +275,7 @@ func initDefinedOrganization(organization *Organization) {
 		}
 	}
 	organization.CreatedTime = util.GetCurrentTime()
-	if len(organization.AccountItems) == 0 {
-		organization.AccountItems = getBuiltInAccountItems()
-	}
+	organization.AccountItems = getBuiltInAccountItems()

 	_, err = AddOrganization(organization)
 	if err != nil {
@@ -302,9 +290,6 @@ func initDefinedApplication(application *Application) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := deleteApplication(application)
 		if err != nil {
 			panic(err)
@@ -326,9 +311,6 @@ func initDefinedUser(user *User) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := deleteUser(user)
 		if err != nil {
 			panic(err)
@@ -355,9 +337,6 @@ func initDefinedCert(cert *Cert) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteCert(cert)
 		if err != nil {
 			panic(err)
@@ -380,9 +359,6 @@ func initDefinedLdap(ldap *Ldap) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteLdap(ldap)
 		if err != nil {
 			panic(err)
@@ -404,9 +380,6 @@ func initDefinedProvider(provider *Provider) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteProvider(provider)
 		if err != nil {
 			panic(err)
@@ -428,9 +401,6 @@ func initDefinedModel(model *Model) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteModel(model)
 		if err != nil {
 			panic(err)
@@ -453,9 +423,6 @@ func initDefinedPermission(permission *Permission) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := deletePermission(permission)
 		if err != nil {
 			panic(err)
@@ -478,9 +445,6 @@ func initDefinedPayment(payment *Payment) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeletePayment(payment)
 		if err != nil {
 			panic(err)
@@ -503,9 +467,6 @@ func initDefinedProduct(product *Product) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteProduct(product)
 		if err != nil {
 			panic(err)
@@ -528,9 +489,6 @@ func initDefinedResource(resource *Resource) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteResource(resource)
 		if err != nil {
 			panic(err)
@@ -553,9 +511,6 @@ func initDefinedRole(role *Role) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := deleteRole(role)
 		if err != nil {
 			panic(err)
@@ -578,9 +533,6 @@ func initDefinedSyncer(syncer *Syncer) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteSyncer(syncer)
 		if err != nil {
 			panic(err)
@@ -603,9 +555,6 @@ func initDefinedToken(token *Token) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteToken(token)
 		if err != nil {
 			panic(err)
@@ -628,9 +577,6 @@ func initDefinedWebhook(webhook *Webhook) {
 	}

 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteWebhook(webhook)
 		if err != nil {
 			panic(err)
@@ -652,9 +598,6 @@ func initDefinedGroup(group *Group) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := deleteGroup(group)
 		if err != nil {
 			panic(err)
@@ -676,9 +619,6 @@ func initDefinedAdapter(adapter *Adapter) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteAdapter(adapter)
 		if err != nil {
 			panic(err)
@@ -700,9 +640,6 @@ func initDefinedEnforcer(enforcer *Enforcer) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteEnforcer(enforcer)
 		if err != nil {
 			panic(err)
@@ -724,9 +661,6 @@ func initDefinedPlan(plan *Plan) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeletePlan(plan)
 		if err != nil {
 			panic(err)
@@ -748,9 +682,6 @@ func initDefinedPricing(pricing *Pricing) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeletePricing(pricing)
 		if err != nil {
 			panic(err)
@@ -772,9 +703,6 @@ func initDefinedInvitation(invitation *Invitation) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteInvitation(invitation)
 		if err != nil {
 			panic(err)
@@ -810,9 +738,6 @@ func initDefinedSubscription(subscription *Subscription) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteSubscription(subscription)
 		if err != nil {
 			panic(err)
@@ -834,9 +759,6 @@ func initDefinedTransaction(transaction *Transaction) {
 		panic(err)
 	}
 	if existed != nil {
-		if initDataNewOnly {
-			return
-		}
 		affected, err := DeleteTransaction(transaction)
 		if err != nil {
 			panic(err)
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -32,7 +32,6 @@ type Ldap struct {
 	BaseDn       string   `xorm:"varchar(100)" json:"baseDn"`
 	Filter       string   `xorm:"varchar(200)" json:"filter"`
 	FilterFields []string `xorm:"varchar(100)" json:"filterFields"`
-	DefaultGroup string   `xorm:"varchar(100)" json:"defaultGroup"`

 	AutoSync int    `json:"autoSync"`
 	LastSync string `xorm:"varchar(100)" json:"lastSync"`
@@ -149,7 +148,7 @@ func UpdateLdap(ldap *Ldap) (bool, error) {
 	}

 	affected, err := ormer.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group").Update(ldap)
+		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync").Update(ldap)
 	if err != nil {
 		return false, nil
 	}
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@@ -339,10 +339,6 @@ func SyncLdapUsers(owner string, syncUsers []LdapUser, ldapId string) (existUser
 				Ldap:              syncUser.Uuid,
 			}

-			if ldap.DefaultGroup != "" {
-				newUser.Groups = []string{ldap.DefaultGroup}
-			}
-
 			affected, err := AddUser(newUser)
 			if err != nil {
 				return nil, nil, err
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@@ -44,18 +44,6 @@ type OidcDiscovery struct {
 	EndSessionEndpoint                     string   `json:"end_session_endpoint"`
 }

-type WebFinger struct {
-	Subject    string             `json:"subject"`
-	Links      []WebFingerLink    `json:"links"`
-	Aliases    *[]string          `json:"aliases,omitempty"`
-	Properties *map[string]string `json:"properties,omitempty"`
-}
-
-type WebFingerLink struct {
-	Rel  string `json:"rel"`
-	Href string `json:"href"`
-}
-
 func isIpAddress(host string) bool {
 	// Attempt to split the host and port, ignoring the error
 	hostWithoutPort, _, err := net.SplitHostPort(host)
@@ -124,7 +112,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		ResponseModesSupported:                 []string{"query", "fragment", "login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
 		SubjectTypesSupported:                  []string{"public"},
-		IdTokenSigningAlgValuesSupported:       []string{"RS256", "RS512", "ES256", "ES384", "ES512"},
+		IdTokenSigningAlgValuesSupported:       []string{"RS256"},
 		ScopesSupported:                        []string{"openid", "email", "profile", "address", "phone", "offline_access"},
 		ClaimsSupported:                        []string{"iss", "ver", "sub", "aud", "iat", "exp", "id", "type", "displayName", "avatar", "permanentAvatar", "email", "phone", "location", "affiliation", "title", "homepage", "bio", "tag", "region", "language", "score", "ranking", "isOnline", "isAdmin", "isForbidden", "signupApplication", "ldap"},
 		RequestParameterSupported:              true,
@@ -172,43 +160,3 @@ func GetJsonWebKeySet() (jose.JSONWebKeySet, error) {

 	return jwks, nil
 }
-
-func GetWebFinger(resource string, rels []string, host string) (WebFinger, error) {
-	wf := WebFinger{}
-
-	resourceSplit := strings.Split(resource, ":")
-
-	if len(resourceSplit) != 2 {
-		return wf, fmt.Errorf("invalid resource")
-	}
-
-	resourceType := resourceSplit[0]
-	resourceValue := resourceSplit[1]
-
-	oidcDiscovery := GetOidcDiscovery(host)
-
-	switch resourceType {
-	case "acct":
-		user, err := GetUserByEmailOnly(resourceValue)
-		if err != nil {
-			return wf, err
-		}
-
-		if user == nil {
-			return wf, fmt.Errorf("user not found")
-		}
-
-		wf.Subject = resource
-
-		for _, rel := range rels {
-			if rel == "http://openid.net/specs/connect/1.0/issuer" {
-				wf.Links = append(wf.Links, WebFingerLink{
-					Rel:  "http://openid.net/specs/connect/1.0/issuer",
-					Href: oidcDiscovery.Issuer,
-				})
-			}
-		}
-	}
-
-	return wf, nil
-}
--- a/object/organization.go
+++ b/object/organization.go
@@ -56,12 +56,10 @@ type Organization struct {
 	WebsiteUrl             string     `xorm:"varchar(100)" json:"websiteUrl"`
 	Logo                   string     `xorm:"varchar(200)" json:"logo"`
 	LogoDark               string     `xorm:"varchar(200)" json:"logoDark"`
-	Favicon                string     `xorm:"varchar(200)" json:"favicon"`
+	Favicon                string     `xorm:"varchar(100)" json:"favicon"`
 	PasswordType           string     `xorm:"varchar(100)" json:"passwordType"`
 	PasswordSalt           string     `xorm:"varchar(100)" json:"passwordSalt"`
 	PasswordOptions        []string   `xorm:"varchar(100)" json:"passwordOptions"`
-	PasswordObfuscatorType string     `xorm:"varchar(100)" json:"passwordObfuscatorType"`
-	PasswordObfuscatorKey  string     `xorm:"varchar(100)" json:"passwordObfuscatorKey"`
 	CountryCodes           []string   `xorm:"varchar(200)"  json:"countryCodes"`
 	DefaultAvatar          string     `xorm:"varchar(200)" json:"defaultAvatar"`
 	DefaultApplication     string     `xorm:"varchar(100)" json:"defaultApplication"`
@@ -71,21 +69,19 @@ type Organization struct {
 	MasterPassword         string     `xorm:"varchar(100)" json:"masterPassword"`
 	DefaultPassword        string     `xorm:"varchar(100)" json:"defaultPassword"`
 	MasterVerificationCode string     `xorm:"varchar(100)" json:"masterVerificationCode"`
-	IpWhitelist            string     `xorm:"varchar(200)" json:"ipWhitelist"`
 	InitScore              int        `json:"initScore"`
 	EnableSoftDeletion     bool       `json:"enableSoftDeletion"`
 	IsProfilePublic        bool       `json:"isProfilePublic"`
 	UseEmailAsUsername     bool       `json:"useEmailAsUsername"`
 	EnableTour             bool       `json:"enableTour"`
-	IpRestriction          string     `json:"ipRestriction"`

 	MfaItems     []*MfaItem     `xorm:"varchar(300)" json:"mfaItems"`
 	AccountItems []*AccountItem `xorm:"varchar(5000)" json:"accountItems"`
 }

-func GetOrganizationCount(owner, name, field, value string) (int64, error) {
+func GetOrganizationCount(owner, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Organization{Name: name})
+	return session.Count(&Organization{})
 }

 func GetOrganizations(owner string, name ...string) ([]*Organization, error) {
@@ -323,7 +319,6 @@ func GetDefaultApplication(id string) (*Application, error) {
 		if defaultApplication == nil {
 			return nil, fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
 		} else {
-			defaultApplication.Organization = organization.Name
 			return defaultApplication, nil
 		}
 	}
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@@ -364,7 +364,7 @@ func GetAllActions(userId string) ([]string, error) {

 	res := []string{}
 	for _, enforcer := range enforcers {
-		items := enforcer.GetAllActions()
+		items := enforcer.GetAllObjects()
 		res = append(res, items...)
 	}
 	return res, nil
--- a/object/record.go
+++ b/object/record.go
@@ -50,7 +50,7 @@ func maskPassword(recordString string) string {
 }

 func NewRecord(ctx *context.Context) (*casvisorsdk.Record, error) {
-	clientIp := strings.Replace(util.GetClientIpFromRequest(ctx.Request), ": ", "", -1)
+	ip := strings.Replace(util.GetIPFromRequest(ctx.Request), ": ", "", -1)
 	action := strings.Replace(ctx.Request.URL.Path, "/api/", "", -1)
 	requestUri := util.FilterQuery(ctx.Request.RequestURI, []string{"accessToken"})
 	if len(requestUri) > 1000 {
@@ -83,7 +83,7 @@ func NewRecord(ctx *context.Context) (*casvisorsdk.Record, error) {
 	record := casvisorsdk.Record{
 		Name:        util.GenerateId(),
 		CreatedTime: util.GetCurrentTime(),
-		ClientIp:    clientIp,
+		ClientIp:    ip,
 		User:        "",
 		Method:      ctx.Request.Method,
 		RequestUri:  requestUri,
--- a/object/resource.go
+++ b/object/resource.go
@@ -36,7 +36,7 @@ type Resource struct {
 	FileType    string `xorm:"varchar(100)" json:"fileType"`
 	FileFormat  string `xorm:"varchar(100)" json:"fileFormat"`
 	FileSize    int    `json:"fileSize"`
-	Url         string `xorm:"varchar(500)" json:"url"`
+	Url         string `xorm:"varchar(255)" json:"url"`
 	Description string `xorm:"varchar(255)" json:"description"`
 }

--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -65,11 +65,7 @@ func NewSamlResponse(application *Application, user *User, host string, certific
 	assertion.CreateAttr("IssueInstant", now)
 	assertion.CreateElement("saml:Issuer").SetText(host)
 	subject := assertion.CreateElement("saml:Subject")
-	nameIDValue := user.Name
-	if application.UseEmailAsSamlNameId {
-		nameIDValue = user.Email
-	}
-	subject.CreateElement("saml:NameID").SetText(nameIDValue)
+	subject.CreateElement("saml:NameID").SetText(user.Name)
 	subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
 	subjectConfirmation.CreateAttr("Method", "urn:oasis:names:tc:SAML:2.0:cm:bearer")
 	subjectConfirmationData := subjectConfirmation.CreateElement("saml:SubjectConfirmationData")
@@ -188,17 +184,17 @@ type NameIDFormat struct {
 }

 type SingleSignOnService struct {
-	// XMLName  xml.Name
+	XMLName  xml.Name
 	Binding  string `xml:"Binding,attr"`
 	Location string `xml:"Location,attr"`
 }

 type Attribute struct {
 	// XMLName      xml.Name
-	Xmlns        string   `xml:"xmlns,attr"`
 	Name         string   `xml:"Name,attr"`
 	NameFormat   string   `xml:"NameFormat,attr"`
 	FriendlyName string   `xml:"FriendlyName,attr"`
+	Xmlns        string   `xml:"xmlns,attr"`
 	Values       []string `xml:"AttributeValue"`
 }

@@ -390,7 +386,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 }

 // NewSamlResponse11 return a saml1.1 response(not 2.0)
-func NewSamlResponse11(application *Application, user *User, requestID string, host string) (*etree.Element, error) {
+func NewSamlResponse11(user *User, requestID string, host string) (*etree.Element, error) {
 	samlResponse := &etree.Element{
 		Space: "samlp",
 		Tag:   "Response",
@@ -434,11 +430,7 @@ func NewSamlResponse11(application *Application, user *User, requestID string, h
 	// nameIdentifier inside subject
 	nameIdentifier := subject.CreateElement("saml:NameIdentifier")
 	// nameIdentifier.CreateAttr("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")
-	if application.UseEmailAsSamlNameId {
-		nameIdentifier.SetText(user.Email)
-	} else {
-		nameIdentifier.SetText(user.Name)
-	}
+	nameIdentifier.SetText(user.Name)

 	// subjectConfirmation inside subject
 	subjectConfirmation := subject.CreateElement("saml:SubjectConfirmation")
@@ -447,11 +439,7 @@ func NewSamlResponse11(application *Application, user *User, requestID string, h
 	attributeStatement := assertion.CreateElement("saml:AttributeStatement")
 	subjectInAttribute := attributeStatement.CreateElement("saml:Subject")
 	nameIdentifierInAttribute := subjectInAttribute.CreateElement("saml:NameIdentifier")
-	if application.UseEmailAsSamlNameId {
-		nameIdentifierInAttribute.SetText(user.Email)
-	} else {
-		nameIdentifierInAttribute.SetText(user.Name)
-	}
+	nameIdentifierInAttribute.SetText(user.Name)

 	subjectConfirmationInAttribute := subjectInAttribute.CreateElement("saml:SubjectConfirmation")
 	subjectConfirmationInAttribute.CreateElement("saml:ConfirmationMethod").SetText("urn:oasis:names:tc:SAML:1.0:cm:artifact")
--- a/object/storage.go
+++ b/object/storage.go
@@ -30,13 +30,6 @@ import (

 var isCloudIntranet bool

-const (
-	ProviderTypeGoogleCloudStorage = "Google Cloud Storage"
-	ProviderTypeTencentCloudCOS    = "Tencent Cloud COS"
-	ProviderTypeAzureBlob          = "Azure Blob"
-	ProviderTypeLocalFileSystem    = "Local File System"
-)
-
 func init() {
 	isCloudIntranet = conf.GetConfigBool("isCloudIntranet")
 }
@@ -87,28 +80,27 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 	objectKey := util.UrlJoin(util.GetUrlPath(provider.Domain), escapedPath)

 	host := ""
-	if provider.Type != ProviderTypeLocalFileSystem {
+	if provider.Type != "Local File System" {
 		// provider.Domain = "https://cdn.casbin.com/casdoor/"
 		host = util.GetUrlHost(provider.Domain)
 	} else {
 		// provider.Domain = "http://localhost:8000" or "https://door.casdoor.com"
 		host = util.UrlJoin(provider.Domain, "/files")
 	}
-	if provider.Type == ProviderTypeAzureBlob || provider.Type == ProviderTypeGoogleCloudStorage {
+	if provider.Type == "Azure Blob" {
 		host = util.UrlJoin(host, provider.Bucket)
 	}

 	fileUrl := ""
 	if host != "" {
-		// fileUrl = util.UrlJoin(host, escapePath(objectKey))
-		fileUrl = util.UrlJoin(host, objectKey)
+		fileUrl = util.UrlJoin(host, escapePath(objectKey))
 	}

-	// if fileUrl != "" && hasTimestamp {
-	//	fileUrl = fmt.Sprintf("%s?t=%s", fileUrl, util.GetCurrentUnixTime())
-	// }
+	if fileUrl != "" && hasTimestamp {
+		fileUrl = fmt.Sprintf("%s?t=%s", fileUrl, util.GetCurrentUnixTime())
+	}

-	if provider.Type == ProviderTypeTencentCloudCOS {
+	if provider.Type == "Tencent Cloud COS" {
 		objectKey = escapePath(objectKey)
 	}

@@ -117,18 +109,7 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool

 func getStorageProvider(provider *Provider, lang string) (oss.StorageInterface, error) {
 	endpoint := getProviderEndpoint(provider)
-	certificate := ""
-	if provider.Category == "Storage" && provider.Type == "Casdoor" {
-		cert, err := GetCert(util.GetId(provider.Owner, provider.Cert))
-		if err != nil {
-			return nil, err
-		}
-		if cert == nil {
-			return nil, fmt.Errorf("no cert for %s", provider.Cert)
-		}
-		certificate = cert.Certificate
-	}
-	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint, certificate, provider.Content)
+	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
 	if err != nil {
 		return nil, err
 	}
@@ -154,15 +135,15 @@ func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffe
 	}

 	fileUrl, objectKey := GetUploadFileUrl(provider, fullFilePath, true)
-	objectKeyRefined := refineObjectKey(provider, objectKey)

-	object, err := storageProvider.Put(objectKeyRefined, fileBuffer)
-	if err != nil {
-		return "", "", err
+	objectKeyRefined := objectKey
+	if provider.Type == "Google Cloud Storage" {
+		objectKeyRefined = strings.TrimPrefix(objectKeyRefined, "/")
 	}

-	if provider.Type == "Casdoor" {
-		fileUrl = object.Path
+	_, err = storageProvider.Put(objectKeyRefined, fileBuffer)
+	if err != nil {
+		return "", "", err
 	}

 	return fileUrl, objectKey, nil
@@ -203,13 +184,5 @@ func DeleteFile(provider *Provider, objectKey string, lang string) error {
 		return err
 	}

-	objectKeyRefined := refineObjectKey(provider, objectKey)
-	return storageProvider.Delete(objectKeyRefined)
-}
-
-func refineObjectKey(provider *Provider, objectKey string) string {
-	if provider.Type == ProviderTypeGoogleCloudStorage {
-		return strings.TrimPrefix(objectKey, "/")
-	}
-	return objectKey
+	return storageProvider.Delete(objectKey)
 }
--- a/object/token_cas.go
+++ b/object/token_cas.go
@@ -277,11 +277,12 @@ func GetValidationBySaml(samlRequest string, host string) (string, string, error
 	if err != nil {
 		return "", "", err
 	}
+
 	if application == nil {
 		return "", "", fmt.Errorf("the application for user %s is not found", userId)
 	}

-	samlResponse, err := NewSamlResponse11(application, user, request.RequestID, host)
+	samlResponse, err := NewSamlResponse11(user, request.RequestID, host)
 	if err != nil {
 		return "", "", err
 	}
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -17,7 +17,6 @@ package object
 import (
 	"fmt"
 	"reflect"
-	"strings"
 	"time"

 	"github.com/casdoor/casdoor/util"
@@ -129,7 +128,7 @@ type UserWithoutThirdIdp struct {
 	LastSigninWrongTime string `xorm:"varchar(100)" json:"lastSigninWrongTime"`
 	SigninWrongTimes    int    `json:"signinWrongTimes"`

-	ManagedAccounts []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
+	// ManagedAccounts []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
 }

 type ClaimsShort struct {
@@ -255,8 +254,6 @@ func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {

 		LastSigninWrongTime: user.LastSigninWrongTime,
 		SigninWrongTimes:    user.SigninWrongTimes,
-
-		ManagedAccounts: user.ManagedAccounts,
 	}

 	return res
@@ -368,10 +365,6 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		},
 	}

-	if application.IsShared {
-		claims.Audience = []string{application.ClientId + "-org-" + user.Owner}
-	}
-
 	var token *jwt.Token
 	var refreshToken *jwt.Token

@@ -379,52 +372,36 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		application.TokenFormat = "JWT"
 	}

-	var jwtMethod jwt.SigningMethod
-
-	if application.TokenSigningMethod == "RS256" {
-		jwtMethod = jwt.SigningMethodRS256
-	} else if application.TokenSigningMethod == "RS512" {
-		jwtMethod = jwt.SigningMethodRS512
-	} else if application.TokenSigningMethod == "ES256" {
-		jwtMethod = jwt.SigningMethodES256
-	} else if application.TokenSigningMethod == "ES512" {
-		jwtMethod = jwt.SigningMethodES512
-	} else if application.TokenSigningMethod == "ES384" {
-		jwtMethod = jwt.SigningMethodES384
-	} else {
-		jwtMethod = jwt.SigningMethodRS256
-	}
-
 	// the JWT token length in "JWT-Empty" mode will be very short, as User object only has two properties: owner and name
 	if application.TokenFormat == "JWT" {
 		claimsWithoutThirdIdp := getClaimsWithoutThirdIdp(claims)

-		token = jwt.NewWithClaims(jwtMethod, claimsWithoutThirdIdp)
+		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsWithoutThirdIdp)
 		claimsWithoutThirdIdp.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsWithoutThirdIdp.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwtMethod, claimsWithoutThirdIdp)
+		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsWithoutThirdIdp)
 	} else if application.TokenFormat == "JWT-Empty" {
 		claimsShort := getShortClaims(claims)

-		token = jwt.NewWithClaims(jwtMethod, claimsShort)
+		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
 		claimsShort.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsShort.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwtMethod, claimsShort)
+		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
 	} else if application.TokenFormat == "JWT-Custom" {
 		claimsCustom := getClaimsCustom(claims, application.TokenFields)

-		token = jwt.NewWithClaims(jwtMethod, claimsCustom)
+		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsCustom)
 		refreshClaims := getClaimsCustom(claims, application.TokenFields)
 		refreshClaims["exp"] = jwt.NewNumericDate(refreshExpireTime)
 		refreshClaims["TokenType"] = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwtMethod, refreshClaims)
+		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, refreshClaims)
 	} else if application.TokenFormat == "JWT-Standard" {
 		claimsStandard := getStandardClaims(claims)

-		token = jwt.NewWithClaims(jwtMethod, claimsStandard)
+		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsStandard)
 		claimsStandard.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
 		claimsStandard.TokenType = "refresh-token"
-		refreshToken = jwt.NewWithClaims(jwtMethod, claimsStandard)
+		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsStandard)
 	} else {
 		return "", "", "", fmt.Errorf("unknown application TokenFormat: %s", application.TokenFormat)
 	}
@@ -442,57 +419,34 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		}
 	}

-	var (
-		tokenString        string
-		refreshTokenString string
-		key                interface{}
-	)
-
-	if strings.Contains(application.TokenSigningMethod, "RS") || application.TokenSigningMethod == "" {
-		// RSA private key
-		key, err = jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
-	} else if strings.Contains(application.TokenSigningMethod, "ES") {
-		// ES private key
-		key, err = jwt.ParseECPrivateKeyFromPEM([]byte(cert.PrivateKey))
-	} else if strings.Contains(application.TokenSigningMethod, "Ed") {
-		// Ed private key
-		key, err = jwt.ParseEdPrivateKeyFromPEM([]byte(cert.PrivateKey))
-	}
+	// RSA private key
+	key, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(cert.PrivateKey))
 	if err != nil {
 		return "", "", "", err
 	}

 	token.Header["kid"] = cert.Name
-	tokenString, err = token.SignedString(key)
+	tokenString, err := token.SignedString(key)
 	if err != nil {
 		return "", "", "", err
 	}
-	refreshTokenString, err = refreshToken.SignedString(key)
+	refreshTokenString, err := refreshToken.SignedString(key)

 	return tokenString, refreshTokenString, name, err
 }

 func ParseJwtToken(token string, cert *Cert) (*Claims, error) {
 	t, err := jwt.ParseWithClaims(token, &Claims{}, func(token *jwt.Token) (interface{}, error) {
-		var (
-			certificate interface{}
-			err         error
-		)
+		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}

 		if cert.Certificate == "" {
 			return nil, fmt.Errorf("the certificate field should not be empty for the cert: %v", cert)
 		}

-		if _, ok := token.Method.(*jwt.SigningMethodRSA); ok {
-			// RSA certificate
-			certificate, err = jwt.ParseRSAPublicKeyFromPEM([]byte(cert.Certificate))
-		} else if _, ok := token.Method.(*jwt.SigningMethodECDSA); ok {
-			// ES certificate
-			certificate, err = jwt.ParseECPublicKeyFromPEM([]byte(cert.Certificate))
-		} else {
-			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
-		}
-
+		// RSA certificate
+		certificate, err := jwt.ParseRSAPublicKeyFromPEM([]byte(cert.Certificate))
 		if err != nil {
 			return nil, err
 		}
--- a/object/token_oauth.go
+++ b/object/token_oauth.go
@@ -332,9 +332,6 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 	if err != nil {
 		return nil, err
 	}
-	if user == nil {
-		return "", fmt.Errorf("The user: %s doesn't exist", util.GetId(application.Organization, token.User))
-	}

 	if user.IsForbidden {
 		return &TokenError{
@@ -431,26 +428,22 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	if token == nil {
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("authorization code: [%s] is invalid", code),
+			ErrorDescription: "authorization code is invalid",
 		}, nil
 	}
-
 	if token.CodeIsUsed {
 		// anti replay attacks
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("authorization code has been used for token: [%s]", token.GetId()),
+			ErrorDescription: "authorization code has been used",
 		}, nil
 	}

-	if token.CodeChallenge != "" {
-		challengeAnswer := pkceChallenge(verifier)
-		if challengeAnswer != token.CodeChallenge {
-			return nil, &TokenError{
-				Error:            InvalidGrant,
-				ErrorDescription: fmt.Sprintf("verifier is invalid, challengeAnswer: [%s], token.CodeChallenge: [%s]", challengeAnswer, token.CodeChallenge),
-			}, nil
-		}
+	if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: "verifier is invalid",
+		}, nil
 	}

 	if application.ClientSecret != clientSecret {
@@ -459,13 +452,13 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 		if token.CodeChallenge == "" {
 			return nil, &TokenError{
 				Error:            InvalidClient,
-				ErrorDescription: fmt.Sprintf("client_secret is invalid for application: [%s], token.CodeChallenge: empty", application.GetId()),
+				ErrorDescription: "client_secret is invalid",
 			}, nil
 		} else {
 			if clientSecret != "" {
 				return nil, &TokenError{
 					Error:            InvalidClient,
-					ErrorDescription: fmt.Sprintf("client_secret is invalid for application: [%s], token.CodeChallenge: [%s]", application.GetId(), token.CodeChallenge),
+					ErrorDescription: "client_secret is invalid",
 				}, nil
 			}
 		}
@@ -474,16 +467,15 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 	if application.Name != token.Application {
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("the token is for wrong application (client_id), application.Name: [%s], token.Application: [%s]", application.Name, token.Application),
+			ErrorDescription: "the token is for wrong application (client_id)",
 		}, nil
 	}

-	nowUnix := time.Now().Unix()
-	if nowUnix > token.CodeExpireIn {
+	if time.Now().Unix() > token.CodeExpireIn {
 		// code must be used within 5 minutes
 		return nil, &TokenError{
 			Error:            InvalidGrant,
-			ErrorDescription: fmt.Sprintf("authorization code has expired, nowUnix: [%s], token.CodeExpireIn: [%s]", time.Unix(nowUnix, 0).Format(time.RFC3339), time.Unix(token.CodeExpireIn, 0).Format(time.RFC3339)),
+			ErrorDescription: "authorization code has expired",
 		}, nil
 	}
 	return token, nil, nil
--- a/object/token_standard_jwt.go
+++ b/object/token_standard_jwt.go
@@ -18,20 +18,16 @@ import (
 	"fmt"
 	"strings"

-	"github.com/casdoor/casdoor/util"
 	"github.com/golang-jwt/jwt/v4"
 )

 type ClaimsStandard struct {
 	*UserShort
-	EmailVerified       bool        `json:"email_verified,omitempty"`
-	PhoneNumber         string      `json:"phone_number,omitempty"`
-	PhoneNumberVerified bool        `json:"phone_number_verified,omitempty"`
-	Gender              string      `json:"gender,omitempty"`
-	TokenType           string      `json:"tokenType,omitempty"`
-	Nonce               string      `json:"nonce,omitempty"`
-	Scope               string      `json:"scope,omitempty"`
-	Address             OIDCAddress `json:"address,omitempty"`
+	Gender    string      `json:"gender,omitempty"`
+	TokenType string      `json:"tokenType,omitempty"`
+	Nonce     string      `json:"nonce,omitempty"`
+	Scope     string      `json:"scope,omitempty"`
+	Address   OIDCAddress `json:"address,omitempty"`

 	jwt.RegisteredClaims
 }
@@ -47,14 +43,12 @@ func getStreetAddress(user *User) string {
 func getStandardClaims(claims Claims) ClaimsStandard {
 	res := ClaimsStandard{
 		UserShort:        getShortUser(claims.User),
-		EmailVerified:    claims.User.EmailVerified,
 		TokenType:        claims.TokenType,
 		Nonce:            claims.Nonce,
 		Scope:            claims.Scope,
 		RegisteredClaims: claims.RegisteredClaims,
 	}

-	res.Phone = ""
 	var scopes []string

 	if strings.Contains(claims.Scope, ",") {
@@ -68,15 +62,6 @@ func getStandardClaims(claims Claims) ClaimsStandard {
 			res.Address = OIDCAddress{StreetAddress: getStreetAddress(claims.User)}
 		} else if scope == "profile" {
 			res.Gender = claims.User.Gender
-		} else if scope == "phone" && claims.User.Phone != "" {
-			res.PhoneNumberVerified = true
-			phoneNumber, ok := util.GetE164Number(claims.User.Phone, claims.User.CountryCode)
-			if !ok {
-				res.PhoneNumberVerified = false
-			} else {
-				res.PhoneNumber = phoneNumber
-			}
-
 		}
 	}

--- a/object/user.go
+++ b/object/user.go
@@ -206,7 +206,6 @@ type User struct {
 	ManagedAccounts    []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
 	MfaAccounts        []MfaAccount     `xorm:"mfaAccounts blob" json:"mfaAccounts"`
 	NeedUpdatePassword bool             `json:"needUpdatePassword"`
-	IpWhitelist        string           `xorm:"varchar(200)" json:"ipWhitelist"`
 }

 type Userinfo struct {
@@ -697,7 +696,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 			"eveonline", "fitbit", "gitea", "heroku", "influxcloud", "instagram", "intercom", "kakao", "lastfm", "mailru", "meetup",
 			"microsoftonline", "naver", "nextcloud", "onedrive", "oura", "patreon", "paypal", "salesforce", "shopify", "soundcloud",
 			"spotify", "strava", "stripe", "type", "tiktok", "tumblr", "twitch", "twitter", "typetalk", "uber", "vk", "wepay", "xero", "yahoo",
-			"yammer", "yandex", "zoom", "custom", "need_update_password", "ip_whitelist",
+			"yammer", "yandex", "zoom", "custom", "need_update_password",
 		}
 	}
 	if isAdmin {
@@ -816,10 +815,6 @@ func AddUser(user *User) (bool, error) {
 		user.UpdateUserPassword(organization)
 	}

-	if user.CreatedTime == "" {
-		user.CreatedTime = util.GetCurrentTime()
-	}
-
 	err = user.UpdateUserHash()
 	if err != nil {
 		return false, err
@@ -955,17 +950,7 @@ func DeleteUser(user *User) (bool, error) {
 		return false, err
 	}

-	organization, err := GetOrganizationByUser(user)
-	if err != nil {
-		return false, err
-	}
-	if organization != nil && organization.EnableSoftDeletion {
-		user.IsDeleted = true
-		user.DeletedTime = util.GetCurrentTime()
-		return UpdateUser(user.GetId(), user, []string{"is_deleted", "deleted_time"}, false)
-	} else {
-		return deleteUser(user)
-	}
+	return deleteUser(user)
 }

 func GetUserInfo(user *User, scope string, aud string, host string) (*Userinfo, error) {
@@ -1153,7 +1138,7 @@ func (user *User) IsApplicationAdmin(application *Application) bool {
 		return false
 	}

-	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin() || (user.IsAdmin && application.IsShared)
+	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin()
 }

 func (user *User) IsGlobalAdmin() bool {
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -271,213 +271,113 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Owner != newUser.Owner {
 		item := GetAccountItemByName("Organization", organization)
-		if item == nil {
-			newUser.Owner = oldUser.Owner
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Name != newUser.Name {
 		item := GetAccountItemByName("Name", organization)
-		if item == nil {
-			newUser.Name = oldUser.Name
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Id != newUser.Id {
 		item := GetAccountItemByName("ID", organization)
-		if item == nil {
-			newUser.Id = oldUser.Id
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.DisplayName != newUser.DisplayName {
 		item := GetAccountItemByName("Display name", organization)
-		if item == nil {
-			newUser.DisplayName = oldUser.DisplayName
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Avatar != newUser.Avatar {
 		item := GetAccountItemByName("Avatar", organization)
-		if item == nil {
-			newUser.Avatar = oldUser.Avatar
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Type != newUser.Type {
 		item := GetAccountItemByName("User type", organization)
-		if item == nil {
-			newUser.Type = oldUser.Type
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	// The password is *** when not modified
 	if oldUser.Password != newUser.Password && newUser.Password != "***" {
 		item := GetAccountItemByName("Password", organization)
-		if item == nil {
-			newUser.Password = oldUser.Password
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Email != newUser.Email {
 		item := GetAccountItemByName("Email", organization)
-		if item == nil {
-			newUser.Email = oldUser.Email
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Phone != newUser.Phone {
 		item := GetAccountItemByName("Phone", organization)
-		if item == nil {
-			newUser.Phone = oldUser.Phone
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.CountryCode != newUser.CountryCode {
 		item := GetAccountItemByName("Country code", organization)
-		if item == nil {
-			newUser.CountryCode = oldUser.CountryCode
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Region != newUser.Region {
 		item := GetAccountItemByName("Country/Region", organization)
-		if item == nil {
-			newUser.Region = oldUser.Region
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Location != newUser.Location {
 		item := GetAccountItemByName("Location", organization)
-		if item == nil {
-			newUser.Location = oldUser.Location
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Affiliation != newUser.Affiliation {
 		item := GetAccountItemByName("Affiliation", organization)
-		if item == nil {
-			newUser.Affiliation = oldUser.Affiliation
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Title != newUser.Title {
 		item := GetAccountItemByName("Title", organization)
-		if item == nil {
-			newUser.Title = oldUser.Title
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Homepage != newUser.Homepage {
 		item := GetAccountItemByName("Homepage", organization)
-		if item == nil {
-			newUser.Homepage = oldUser.Homepage
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Bio != newUser.Bio {
 		item := GetAccountItemByName("Bio", organization)
-		if item == nil {
-			newUser.Bio = oldUser.Bio
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Tag != newUser.Tag {
 		item := GetAccountItemByName("Tag", organization)
-		if item == nil {
-			newUser.Tag = oldUser.Tag
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.SignupApplication != newUser.SignupApplication {
 		item := GetAccountItemByName("Signup application", organization)
-		if item == nil {
-			newUser.SignupApplication = oldUser.SignupApplication
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Gender != newUser.Gender {
 		item := GetAccountItemByName("Gender", organization)
-		if item == nil {
-			newUser.Gender = oldUser.Gender
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Birthday != newUser.Birthday {
 		item := GetAccountItemByName("Birthday", organization)
-		if item == nil {
-			newUser.Birthday = oldUser.Birthday
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Education != newUser.Education {
 		item := GetAccountItemByName("Education", organization)
-		if item == nil {
-			newUser.Education = oldUser.Education
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.IdCard != newUser.IdCard {
 		item := GetAccountItemByName("ID card", organization)
-		if item == nil {
-			newUser.IdCard = oldUser.IdCard
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.IdCardType != newUser.IdCardType {
 		item := GetAccountItemByName("ID card type", organization)
-		if item == nil {
-			newUser.IdCardType = oldUser.IdCardType
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
 	newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
 	if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
 		item := GetAccountItemByName("Properties", organization)
-		if item == nil {
-			newUser.Properties = oldUser.Properties
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.PreferredMfaType != newUser.PreferredMfaType {
 		item := GetAccountItemByName("Multi-factor authentication", organization)
-		if item == nil {
-			newUser.PreferredMfaType = oldUser.PreferredMfaType
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Groups == nil {
@@ -490,11 +390,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	newUserGroupsJson, _ := json.Marshal(newUser.Groups)
 	if string(oldUserGroupsJson) != string(newUserGroupsJson) {
 		item := GetAccountItemByName("Groups", organization)
-		if item == nil {
-			newUser.Groups = oldUser.Groups
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Address == nil {
@@ -508,125 +404,65 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	newUserAddressJson, _ := json.Marshal(newUser.Address)
 	if string(oldUserAddressJson) != string(newUserAddressJson) {
 		item := GetAccountItemByName("Address", organization)
-		if item == nil {
-			newUser.Address = oldUser.Address
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if newUser.FaceIds != nil {
 		item := GetAccountItemByName("Face ID", organization)
-		if item == nil {
-			newUser.FaceIds = oldUser.FaceIds
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.IsAdmin != newUser.IsAdmin {
 		item := GetAccountItemByName("Is admin", organization)
-		if item == nil {
-			newUser.IsAdmin = oldUser.IsAdmin
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.IsForbidden != newUser.IsForbidden {
 		item := GetAccountItemByName("Is forbidden", organization)
-		if item == nil {
-			newUser.IsForbidden = oldUser.IsForbidden
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.IsDeleted != newUser.IsDeleted {
 		item := GetAccountItemByName("Is deleted", organization)
-		if item == nil {
-			newUser.IsDeleted = oldUser.IsDeleted
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.NeedUpdatePassword != newUser.NeedUpdatePassword {
 		item := GetAccountItemByName("Need update password", organization)
-		if item == nil {
-			newUser.NeedUpdatePassword = oldUser.NeedUpdatePassword
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
-	}
-	if oldUser.IpWhitelist != newUser.IpWhitelist {
-		item := GetAccountItemByName("IP whitelist", organization)
-		if item == nil {
-			newUser.IpWhitelist = oldUser.IpWhitelist
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Balance != newUser.Balance {
 		item := GetAccountItemByName("Balance", organization)
-		if item == nil {
-			newUser.Balance = oldUser.Balance
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Score != newUser.Score {
 		item := GetAccountItemByName("Score", organization)
-		if item == nil {
-			newUser.Score = oldUser.Score
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Karma != newUser.Karma {
 		item := GetAccountItemByName("Karma", organization)
-		if item == nil {
-			newUser.Karma = oldUser.Karma
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Language != newUser.Language {
 		item := GetAccountItemByName("Language", organization)
-		if item == nil {
-			newUser.Language = oldUser.Language
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Ranking != newUser.Ranking {
 		item := GetAccountItemByName("Ranking", organization)
-		if item == nil {
-			newUser.Ranking = oldUser.Ranking
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Currency != newUser.Currency {
 		item := GetAccountItemByName("Currency", organization)
-		if item == nil {
-			newUser.Currency = oldUser.Currency
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	if oldUser.Hash != newUser.Hash {
 		item := GetAccountItemByName("Hash", organization)
-		if item == nil {
-			newUser.Hash = oldUser.Hash
-		} else {
-			itemsChanged = append(itemsChanged, item)
-		}
+		itemsChanged = append(itemsChanged, item)
 	}

 	for _, accountItem := range itemsChanged {
--- a/object/verification.go
+++ b/object/verification.go
@@ -166,76 +166,19 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT
 	return nil
 }

-func filterRecordIn24Hours(record *VerificationRecord) *VerificationRecord {
-	if record == nil {
-		return nil
-	}
-
-	now := time.Now().Unix()
-	if now-record.Time > 60*60*24 {
-		return nil
-	}
-
-	return record
-}
-
 func getVerificationRecord(dest string) (*VerificationRecord, error) {
-	record := &VerificationRecord{}
+	var record VerificationRecord
 	record.Receiver = dest

-	has, err := ormer.Engine.Desc("time").Where("is_used = false").Get(record)
+	has, err := ormer.Engine.Desc("time").Where("is_used = false").Get(&record)
 	if err != nil {
 		return nil, err
 	}
-
-	record = filterRecordIn24Hours(record)
-	if record == nil {
-		has = false
-	}
-
-	if !has {
-		record = &VerificationRecord{}
-		record.Receiver = dest
-
-		has, err = ormer.Engine.Desc("time").Get(record)
-		if err != nil {
-			return nil, err
-		}
-
-		record = filterRecordIn24Hours(record)
-		if record == nil {
-			has = false
-		}
-
-		if !has {
-			return nil, nil
-		}
-
-		return record, nil
-	}
-
-	return record, nil
-}
-
-func getUnusedVerificationRecord(dest string) (*VerificationRecord, error) {
-	record := &VerificationRecord{}
-	record.Receiver = dest
-
-	has, err := ormer.Engine.Desc("time").Where("is_used = false").Get(record)
-	if err != nil {
-		return nil, err
-	}
-
-	record = filterRecordIn24Hours(record)
-	if record == nil {
-		has = false
-	}
-
 	if !has {
 		return nil, nil
 	}

-	return record, nil
+	return &record, nil
 }

 func CheckVerificationCode(dest string, code string, lang string) (*VerifyResult, error) {
@@ -244,9 +187,7 @@ func CheckVerificationCode(dest string, code string, lang string) (*VerifyResult
 		return nil, err
 	}
 	if record == nil {
-		return &VerifyResult{noRecordError, i18n.Translate(lang, "verification:The verification code has not been sent yet!")}, nil
-	} else if record.IsUsed {
-		return &VerifyResult{noRecordError, i18n.Translate(lang, "verification:The verification code has already been used!")}, nil
+		return &VerifyResult{noRecordError, i18n.Translate(lang, "verification:The verification code has not been sent yet, or has already been used!")}, nil
 	}

 	timeoutInMinutes, err := conf.GetConfigInt64("verificationCodeTimeout")
@@ -255,6 +196,9 @@ func CheckVerificationCode(dest string, code string, lang string) (*VerifyResult
 	}

 	now := time.Now().Unix()
+	if now-record.Time > timeoutInMinutes*60*10 {
+		return &VerifyResult{noRecordError, i18n.Translate(lang, "verification:The verification code has not been sent yet!")}, nil
+	}
 	if now-record.Time > timeoutInMinutes*60 {
 		return &VerifyResult{timeoutError, fmt.Sprintf(i18n.Translate(lang, "verification:You should verify your code in %d min!"), timeoutInMinutes)}, nil
 	}
@@ -267,7 +211,7 @@ func CheckVerificationCode(dest string, code string, lang string) (*VerifyResult
 }

 func DisableVerificationCode(dest string) error {
-	record, err := getUnusedVerificationRecord(dest)
+	record, err := getVerificationRecord(dest)
 	if record == nil || err != nil {
 		return nil
 	}
--- a/routers/authz_filter.go
+++ b/routers/authz_filter.go
@@ -56,7 +56,7 @@ func getSubject(ctx *context.Context) (string, string) {
 	return util.GetOwnerAndNameFromId(username)
 }

-func getObject(ctx *context.Context) (string, string, error) {
+func getObject(ctx *context.Context) (string, string) {
 	method := ctx.Request.Method
 	path := ctx.Request.URL.Path

@@ -65,13 +65,13 @@ func getObject(ctx *context.Context) (string, string, error) {
 			if ctx.Input.Query("id") == "/" {
 				adapterId := ctx.Input.Query("adapterId")
 				if adapterId != "" {
-					return util.GetOwnerAndNameFromIdWithError(adapterId)
+					return util.GetOwnerAndNameFromIdNoCheck(adapterId)
 				}
 			} else {
 				// query == "?id=built-in/admin"
 				id := ctx.Input.Query("id")
 				if id != "" {
-					return util.GetOwnerAndNameFromIdWithError(id)
+					return util.GetOwnerAndNameFromIdNoCheck(id)
 				}
 			}
 		}
@@ -80,34 +80,34 @@ func getObject(ctx *context.Context) (string, string, error) {
 			// query == "?id=built-in/admin"
 			id := ctx.Input.Query("id")
 			if id != "" {
-				return util.GetOwnerAndNameFromIdWithError(id)
+				return util.GetOwnerAndNameFromIdNoCheck(id)
 			}
 		}

 		owner := ctx.Input.Query("owner")
 		if owner != "" {
-			return owner, "", nil
+			return owner, ""
 		}

-		return "", "", nil
+		return "", ""
 	} else {
 		if path == "/api/add-policy" || path == "/api/remove-policy" || path == "/api/update-policy" {
 			id := ctx.Input.Query("id")
 			if id != "" {
-				return util.GetOwnerAndNameFromIdWithError(id)
+				return util.GetOwnerAndNameFromIdNoCheck(id)
 			}
 		}

 		body := ctx.Input.RequestBody
 		if len(body) == 0 {
-			return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name"), nil
+			return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name")
 		}

 		var obj Object
 		err := json.Unmarshal(body, &obj)
 		if err != nil {
-			// this is not error
-			return "", "", nil
+			// panic(err)
+			return "", ""
 		}

 		if path == "/api/delete-resource" {
@@ -117,7 +117,7 @@ func getObject(ctx *context.Context) (string, string, error) {
 			}
 		}

-		return obj.Owner, obj.Name, nil
+		return obj.Owner, obj.Name
 	}
 }

@@ -183,12 +183,7 @@ func ApiFilter(ctx *context.Context) {

 	objOwner, objName := "", ""
 	if urlPath != "/api/get-app-login" && urlPath != "/api/get-resource" {
-		var err error
-		objOwner, objName, err = getObject(ctx)
-		if err != nil {
-			responseError(ctx, err.Error())
-			return
-		}
+		objOwner, objName = getObject(ctx)
 	}

 	if strings.HasPrefix(urlPath, "/api/notify-payment") {
--- a/routers/auto_signin_filter.go
+++ b/routers/auto_signin_filter.go
@@ -16,7 +16,6 @@ package routers

 import (
 	"fmt"
-	"strings"

 	"github.com/beego/beego/context"
 	"github.com/casdoor/casdoor/object"
@@ -24,10 +23,6 @@ import (
 )

 func AutoSigninFilter(ctx *context.Context) {
-	urlPath := ctx.Request.URL.Path
-	if strings.HasPrefix(urlPath, "/api/login/oauth/access_token") {
-		return
-	}
 	//if getSessionUser(ctx) != "" {
 	//	return
 	//}
@@ -72,17 +67,6 @@ func AutoSigninFilter(ctx *context.Context) {
 		return
 	}

-	accessKey := ctx.Input.Query("accessKey")
-	accessSecret := ctx.Input.Query("accessSecret")
-	if accessKey != "" && accessSecret != "" {
-		userId, err := getUsernameByKeys(ctx)
-		if err != nil {
-			responseError(ctx, err.Error())
-		}
-
-		setSessionUser(ctx, userId)
-	}
-
 	// "/page?clientId=123&clientSecret=456"
 	userId, err := getUsernameByClientIdSecret(ctx)
 	if err != nil {
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@@ -16,11 +16,11 @@ package routers

 import (
 	"net/http"
+	"strings"

 	"github.com/beego/beego/context"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
 )

 const (
@@ -48,17 +48,7 @@ func CorsFilter(ctx *context.Context) {
 	originHostname := getHostname(origin)
 	host := removePort(ctx.Request.Host)

-	if origin == "null" {
-		origin = ""
-	}
-
-	isValid, err := util.IsValidOrigin(origin)
-	if err != nil {
-		ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
-		responseError(ctx, err.Error())
-		return
-	}
-	if isValid {
+	if strings.HasPrefix(origin, "http://localhost") || strings.HasPrefix(origin, "https://localhost") || strings.HasPrefix(origin, "http://127.0.0.1") || strings.HasPrefix(origin, "http://casdoor-app") || strings.Contains(origin, ".chromiumapp.org") {
 		setCorsHeaders(ctx, origin)
 		return
 	}
--- a/routers/router.go
+++ b/routers/router.go
@@ -290,7 +290,6 @@ func initAPI() {

 	beego.Router("/.well-known/openid-configuration", &controllers.RootController{}, "GET:GetOidcDiscovery")
 	beego.Router("/.well-known/jwks", &controllers.RootController{}, "*:GetJwks")
-	beego.Router("/.well-known/webfinger", &controllers.RootController{}, "GET:GetWebFinger")

 	beego.Router("/cas/:organization/:application/serviceValidate", &controllers.RootController{}, "GET:CasServiceValidate")
 	beego.Router("/cas/:organization/:application/proxyValidate", &controllers.RootController{}, "GET:CasProxyValidate")
--- a/routers/static_filter.go
+++ b/routers/static_filter.go
@@ -43,10 +43,6 @@ func getWebBuildFolder() string {
 		return path
 	}

-	if util.FileExist(filepath.Join(frontendBaseDir, "index.html")) {
-		return frontendBaseDir
-	}
-
 	path = filepath.Join(frontendBaseDir, "web/build")
 	return path
 }
@@ -62,7 +58,7 @@ func fastAutoSignin(ctx *context.Context) (string, error) {
 	redirectUri := ctx.Input.Query("redirect_uri")
 	scope := ctx.Input.Query("scope")
 	state := ctx.Input.Query("state")
-	nonce := ctx.Input.Query("nonce")
+	nonce := ""
 	codeChallenge := ctx.Input.Query("code_challenge")
 	if clientId == "" || responseType != "code" || redirectUri == "" {
 		return "", nil
--- a/routers/timeout_filter.go
+++ b/routers/timeout_filter.go
@@ -1,64 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package routers
-
-import (
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/beego/beego/context"
-	"github.com/casdoor/casdoor/conf"
-)
-
-var (
-	inactiveTimeoutMinutes int64
-	requestTimeMap         sync.Map
-)
-
-func init() {
-	var err error
-	inactiveTimeoutMinutes, err = conf.GetConfigInt64("inactiveTimeoutMinutes")
-	if err != nil {
-		inactiveTimeoutMinutes = 0
-	}
-}
-
-func timeoutLogout(ctx *context.Context, sessionId string) {
-	requestTimeMap.Delete(sessionId)
-	ctx.Input.CruSession.Set("username", "")
-	ctx.Input.CruSession.Set("accessToken", "")
-	ctx.Input.CruSession.Delete("SessionData")
-	responseError(ctx, fmt.Sprintf(T(ctx, "auth:Timeout for inactivity of %d minutes"), inactiveTimeoutMinutes))
-}
-
-func TimeoutFilter(ctx *context.Context) {
-	if inactiveTimeoutMinutes <= 0 {
-		return
-	}
-
-	owner, name := getSubject(ctx)
-	if owner == "anonymous" || name == "anonymous" {
-		return
-	}
-
-	sessionId := ctx.Input.CruSession.SessionID()
-	currentTime := time.Now()
-	preRequestTime, has := requestTimeMap.Load(sessionId)
-	requestTimeMap.Store(sessionId, currentTime)
-	if has && preRequestTime.(time.Time).Add(time.Minute*time.Duration(inactiveTimeoutMinutes)).Before(currentTime) {
-		timeoutLogout(ctx, sessionId)
-	}
-}
--- a/storage/casdoor.go
+++ b/storage/casdoor.go
@@ -1,19 +0,0 @@
-package storage
-
-import (
-	"github.com/casdoor/oss"
-	"github.com/casdoor/oss/casdoor"
-)
-
-func NewCasdoorStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string, cert string, content string) oss.StorageInterface {
-	sp := casdoor.New(&casdoor.Config{
-		clientId,
-		clientSecret,
-		endpoint,
-		cert,
-		region,
-		content,
-		bucket,
-	})
-	return sp
-}
--- a/storage/storage.go
+++ b/storage/storage.go
@@ -16,7 +16,7 @@ package storage

 import "github.com/casdoor/oss"

-func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string, cert string, content string) (oss.StorageInterface, error) {
+func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string) (oss.StorageInterface, error) {
 	switch providerType {
 	case "Local File System":
 		return NewLocalFileSystemStorageProvider(), nil
@@ -36,8 +36,6 @@ func GetStorageProvider(providerType string, clientId string, clientSecret strin
 		return NewGoogleCloudStorageProvider(clientSecret, bucket, endpoint), nil
 	case "Synology":
 		return NewSynologyNasStorageProvider(clientId, clientSecret, endpoint), nil
-	case "Casdoor":
-		return NewCasdoorStorageProvider(providerType, clientId, clientSecret, region, bucket, endpoint, cert, content), nil
 	}

 	return nil, nil
--- a/util/log.go
+++ b/util/log.go
@@ -23,50 +23,50 @@ import (
 	"github.com/beego/beego/logs"
 )

-func getIpInfo(clientIp string) string {
-	if clientIp == "" {
+func GetIPInfo(clientIP string) string {
+	if clientIP == "" {
 		return ""
 	}

-	ips := strings.Split(clientIp, ",")
-	res := strings.TrimSpace(ips[0])
-	//res := ""
-	//for i := range ips {
-	//	ip := strings.TrimSpace(ips[i])
-	//	ipstr := fmt.Sprintf("%s: %s", ip, "")
-	//	if i != len(ips)-1 {
-	//		res += ipstr + " -> "
-	//	} else {
-	//		res += ipstr
-	//	}
-	//}
+	ips := strings.Split(clientIP, ",")
+	res := ""
+	for i := range ips {
+		ip := strings.TrimSpace(ips[i])
+		// desc := GetDescFromIP(ip)
+		ipstr := fmt.Sprintf("%s: %s", ip, "")
+		if i != len(ips)-1 {
+			res += ipstr + " -> "
+		} else {
+			res += ipstr
+		}
+	}

 	return res
 }

-func GetClientIpFromRequest(req *http.Request) string {
-	clientIp := req.Header.Get("x-forwarded-for")
-	if clientIp == "" {
+func GetIPFromRequest(req *http.Request) string {
+	clientIP := req.Header.Get("x-forwarded-for")
+	if clientIP == "" {
 		ipPort := strings.Split(req.RemoteAddr, ":")
 		if len(ipPort) >= 1 && len(ipPort) <= 2 {
-			clientIp = ipPort[0]
+			clientIP = ipPort[0]
 		} else if len(ipPort) > 2 {
 			idx := strings.LastIndex(req.RemoteAddr, ":")
-			clientIp = req.RemoteAddr[0:idx]
-			clientIp = strings.TrimLeft(clientIp, "[")
-			clientIp = strings.TrimRight(clientIp, "]")
+			clientIP = req.RemoteAddr[0:idx]
+			clientIP = strings.TrimLeft(clientIP, "[")
+			clientIP = strings.TrimRight(clientIP, "]")
 		}
 	}

-	return getIpInfo(clientIp)
+	return GetIPInfo(clientIP)
 }

 func LogInfo(ctx *context.Context, f string, v ...interface{}) {
-	ipString := fmt.Sprintf("(%s) ", GetClientIpFromRequest(ctx.Request))
+	ipString := fmt.Sprintf("(%s) ", GetIPFromRequest(ctx.Request))
 	logs.Info(ipString+f, v...)
 }

 func LogWarning(ctx *context.Context, f string, v ...interface{}) {
-	ipString := fmt.Sprintf("(%s) ", GetClientIpFromRequest(ctx.Request))
+	ipString := fmt.Sprintf("(%s) ", GetIPFromRequest(ctx.Request))
 	logs.Warning(ipString+f, v...)
 }
--- a/util/obfuscator.go
+++ b/util/obfuscator.go
@@ -1,76 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package util
-
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/des"
-	"encoding/hex"
-	"fmt"
-)
-
-func unPaddingPkcs7(s []byte) []byte {
-	length := len(s)
-	if length == 0 {
-		return s
-	}
-	unPadding := int(s[length-1])
-	return s[:(length - unPadding)]
-}
-
-func decryptDesOrAes(passwordCipher string, block cipher.Block) (string, error) {
-	passwordCipherBytes, err := hex.DecodeString(passwordCipher)
-	if err != nil {
-		return "", err
-	}
-
-	if len(passwordCipherBytes) < block.BlockSize() {
-		return "", fmt.Errorf("the password ciphertext should contain a random hexadecimal string of length %d at the beginning", block.BlockSize()*2)
-	}
-
-	iv := passwordCipherBytes[:block.BlockSize()]
-	password := make([]byte, len(passwordCipherBytes)-block.BlockSize())
-
-	mode := cipher.NewCBCDecrypter(block, iv)
-	mode.CryptBlocks(password, passwordCipherBytes[block.BlockSize():])
-
-	return string(unPaddingPkcs7(password)), nil
-}
-
-func GetUnobfuscatedPassword(passwordObfuscatorType string, passwordObfuscatorKey string, passwordCipher string) (string, error) {
-	if passwordObfuscatorType == "Plain" || passwordObfuscatorType == "" {
-		return passwordCipher, nil
-	} else if passwordObfuscatorType == "DES" || passwordObfuscatorType == "AES" {
-		key, err := hex.DecodeString(passwordObfuscatorKey)
-		if err != nil {
-			return "", err
-		}
-
-		var block cipher.Block
-		if passwordObfuscatorType == "DES" {
-			block, err = des.NewCipher(key)
-		} else {
-			block, err = aes.NewCipher(key)
-		}
-		if err != nil {
-			return "", err
-		}
-
-		return decryptDesOrAes(passwordCipher, block)
-	} else {
-		return "", fmt.Errorf("unsupported password obfuscator type: %s", passwordObfuscatorType)
-	}
-}
--- a/util/string.go
+++ b/util/string.go
@@ -131,15 +131,6 @@ func GetOwnerAndNameFromId(id string) (string, string) {
 	return tokens[0], tokens[1]
 }

-func GetOwnerAndNameFromIdWithError(id string) (string, string, error) {
-	tokens := strings.Split(id, "/")
-	if len(tokens) != 2 {
-		return "", "", errors.New("GetOwnerAndNameFromId() error, wrong token count for ID: " + id)
-	}
-
-	return tokens[0], tokens[1], nil
-}
-
 func GetOwnerFromId(id string) string {
 	tokens := strings.Split(id, "/")
 	if len(tokens) != 2 {
@@ -163,16 +154,6 @@ func GetOwnerAndNameAndOtherFromId(id string) (string, string, string) {
 	return tokens[0], tokens[1], tokens[2]
 }

-func GetSharedOrgFromApp(rawName string) (name string, organization string) {
-	name = rawName
-	splitName := strings.Split(rawName, "-org-")
-	if len(splitName) >= 2 {
-		organization = splitName[len(splitName)-1]
-		name = splitName[0]
-	}
-	return name, organization
-}
-
 func GenerateId() string {
 	return uuid.NewString()
 }
--- a/util/validation.go
+++ b/util/validation.go
@@ -17,7 +17,6 @@ package util
 import (
 	"fmt"
 	"net/mail"
-	"net/url"
 	"regexp"
 	"strings"

@@ -52,9 +51,6 @@ func IsPhoneValid(phone string, countryCode string) bool {
 }

 func IsPhoneAllowInRegin(countryCode string, allowRegions []string) bool {
-	if ContainsString(allowRegions, "All") {
-		return true
-	}
 	return ContainsString(allowRegions, countryCode)
 }

@@ -101,21 +97,3 @@ func GetCountryCode(prefix string, phone string) (string, error) {
 func FilterField(field string) bool {
 	return ReFieldWhiteList.MatchString(field)
 }
-
-func IsValidOrigin(origin string) (bool, error) {
-	urlObj, err := url.Parse(origin)
-	if err != nil {
-		return false, err
-	}
-	if urlObj == nil {
-		return false, nil
-	}
-
-	originHostOnly := ""
-	if urlObj.Host != "" {
-		originHostOnly = fmt.Sprintf("%s://%s", urlObj.Scheme, urlObj.Hostname())
-	}
-
-	res := originHostOnly == "http://localhost" || originHostOnly == "https://localhost" || originHostOnly == "http://127.0.0.1" || originHostOnly == "http://casdoor-app" || strings.HasSuffix(originHostOnly, ".chromiumapp.org")
-	return res, nil
-}
--- a/web/package.json
+++ b/web/package.json
@@ -27,7 +27,6 @@
    "copy-to-clipboard": "^3.3.1",
    "core-js": "^3.25.0",
    "craco-less": "^2.0.0",
-    "crypto-js": "^4.2.0",
    "echarts": "^5.4.3",
    "ethers": "5.6.9",
    "face-api.js": "^0.22.2",
--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@@ -56,11 +56,9 @@ class AdapterListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -344,8 +344,7 @@ class App extends Component {
        window.location.pathname.startsWith("/cas") ||
        window.location.pathname.startsWith("/select-plan") ||
        window.location.pathname.startsWith("/buy-plan") ||
-        window.location.pathname.startsWith("/qrcode") ||
-        window.location.pathname.startsWith("/captcha");
+        window.location.pathname.startsWith("/qrcode") ;
  }

  onClick = ({key}) => {
@@ -362,11 +361,7 @@ class App extends Component {
    if (this.isDoorPages()) {
      return (
        <ConfigProvider theme={{
-          token: {
-            colorPrimary: this.state.themeData.colorPrimary,
-            borderRadius: this.state.themeData.borderRadius,
-          },
-          algorithm: Setting.getAlgorithm(this.state.themeAlgorithm),
+          algorithm: Setting.getAlgorithm(["default"]),
        }}>
          <StyleProvider hashPriority="high" transformers={[legacyLogicalPropertiesTransformer]}>
            <Layout id="parent-area">
@@ -376,7 +371,6 @@ class App extends Component {
                    <EntryPage
                      account={this.state.account}
                      theme={this.state.themeData}
-                      themeAlgorithm={this.state.themeAlgorithm}
                      updateApplication={(application) => {
                        this.setState({
                          application: application,
@@ -451,6 +445,7 @@ class App extends Component {
                setLogoutState={() => {
                  this.setState({
                    account: null,
+                    themeAlgorithm: ["default"],
                  });
                }}
              />
--- a/web/src/App.less
+++ b/web/src/App.less
@@ -129,15 +129,6 @@ img {
  background-attachment: fixed;
 }

-.loginBackgroundDark {
-  flex: auto;
-  display: flex;
-  align-items: center;
-  background: #000 no-repeat;
-  background-size: 100% 100%;
-  background-attachment: fixed;
-}
-
 .ant-menu-horizontal {
  border-bottom: none !important;
 }
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -46,18 +46,12 @@ require("codemirror/mode/css/css");
 const {Option} = Select;

 const template = `<style>
-  .login-panel {
+  .login-panel{
    padding: 40px 70px 0 70px;
    border-radius: 10px;
    background-color: #ffffff;
    box-shadow: 0 0 30px 20px rgba(0, 0, 0, 0.20);
-  }
-  .login-panel-dark {
-    padding: 40px 70px 0 70px;
-    border-radius: 10px;
-    background-color: #333333;
-    box-shadow: 0 0 30px 20px rgba(255, 255, 255, 0.20);
-  }
+}
 </style>`;

 const previewGrid = Setting.isMobile() ? 22 : 11;
@@ -122,6 +116,7 @@ class ApplicationEditPage extends React.Component {
  UNSAFE_componentWillMount() {
    this.getApplication();
    this.getOrganizations();
+    this.getProviders();
  }

  getApplication() {
@@ -150,9 +145,7 @@ class ApplicationEditPage extends React.Component {
          application: application,
        });

-        this.getProviders(application);
-
-        this.getCerts(application);
+        this.getCerts(application.organization);

        this.getSamlMetadata(application.enableSamlPostBinding);
      });
@@ -173,11 +166,7 @@ class ApplicationEditPage extends React.Component {
      });
  }

-  getCerts(application) {
-    let owner = application.organization;
-    if (application.isShared) {
-      owner = this.props.owner;
-    }
+  getCerts(owner) {
    CertBackend.getCerts(owner)
      .then((res) => {
        this.setState({
@@ -186,12 +175,8 @@ class ApplicationEditPage extends React.Component {
      });
  }

-  getProviders(application) {
-    let owner = application.organization;
-    if (application.isShared) {
-      owner = this.props.account.owner;
-    }
-    ProviderBackend.getProviders(owner)
+  getProviders() {
+    ProviderBackend.getProviders(this.state.owner)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
@@ -278,16 +263,6 @@ class ApplicationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Is shared"), i18next.t("general:Is shared - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Switch disabled={Setting.isAdminUser()} checked={this.state.application.isShared} onChange={checked => {
-              this.updateApplicationField("isShared", checked);
-            }} />
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Logo"), i18next.t("general:Logo - Tooltip"))} :
@@ -413,16 +388,6 @@ class ApplicationEditPage extends React.Component {
            />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("application:Token signing method"), i18next.t("application:Token signing method - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.application.tokenSigningMethod === "" ? "RS256" : this.state.application.tokenSigningMethod} onChange={(value => {this.updateApplicationField("tokenSigningMethod", value);})}
-              options={["RS256", "RS512", "ES256", "ES512", "ES384"].map((item) => Setting.getOption(item, item))}
-            />
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("application:Token fields"), i18next.t("application:Token fields - Tooltip"))} :
@@ -598,16 +563,6 @@ class ApplicationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:IP whitelist"), i18next.t("general:IP whitelist - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input placeholder = {this.state.application.organizationObj?.ipWhitelist} value={this.state.application.ipWhiteList} onChange={e => {
-              this.updateApplicationField("ipWhitelist", e.target.value);
-            }} />
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("signup:Terms of Use"), i18next.t("signup:Terms of Use - Tooltip"))} :
@@ -719,16 +674,6 @@ class ApplicationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}}>
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
-            {Setting.getLabel(i18next.t("application:Use Email as NameID"), i18next.t("application:Use Email as NameID - Tooltip"))} :
-          </Col>
-          <Col span={1}>
-            <Switch checked={this.state.application.useEmailAsSamlNameId} onChange={checked => {
-              this.updateApplicationField("useEmailAsSamlNameId", checked);
-            }} />
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
            {Setting.getLabel(i18next.t("application:Enable SAML POST binding"), i18next.t("application:Enable SAML POST binding - Tooltip"))} :
@@ -993,7 +938,6 @@ class ApplicationEditPage extends React.Component {
                <SigninTable
                  title={i18next.t("application:Signin items")}
                  table={this.state.application.signinItems}
-                  themeAlgorithm={this.state.themeAlgorithm}
                  onUpdateTable={(value) => {
                    this.updateApplicationField("signinItems", value);
                  }}
@@ -1045,11 +989,7 @@ class ApplicationEditPage extends React.Component {
      redirectUri = "\"ERROR: You must specify at least one Redirect URL in 'Redirect URLs'\"";
    }

-    let clientId = this.state.application.clientId;
-    if (this.state.application.isShared) {
-      clientId += `-org-${this.props.account.owner}`;
-    }
-    const signInUrl = `/login/oauth/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;
+    const signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${redirectUri}&scope=read&state=casdoor`;
    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "97%", width: "100%", background: "rgba(0,0,0,0.4)"};
    if (!Setting.isPasswordEnabled(this.state.application)) {
      signUpUrl = signInUrl.replace("/login/oauth/authorize", "/signup/oauth/authorize");
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@@ -97,11 +97,9 @@ class ApplicationListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
@@ -125,7 +123,7 @@ class ApplicationListPage extends BaseListPage {
        render: (text, record, index) => {
          return (
            <Link to={`/applications/${record.organization}/${text}`}>
-              {Setting.getApplicationDisplayName(record)}
+              {text}
            </Link>
          );
        },
--- a/web/src/CaptchaPage.js
+++ b/web/src/CaptchaPage.js
@@ -1,116 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React from "react";
-import {CaptchaModal} from "./common/modal/CaptchaModal";
-import * as ApplicationBackend from "./backend/ApplicationBackend";
-import * as Setting from "./Setting";
-
-class CaptchaPage extends React.Component {
-  constructor(props) {
-    super(props);
-    const params = new URLSearchParams(this.props.location.search);
-    this.state = {
-      owner: "admin",
-      application: null,
-      clientId: params.get("client_id"),
-      applicationName: params.get("state"),
-      redirectUri: params.get("redirect_uri"),
-    };
-  }
-
-  componentDidMount() {
-    this.getApplication();
-  }
-
-  onUpdateApplication(application) {
-    this.setState({
-      application: application,
-    });
-  }
-
-  getApplication() {
-    if (this.state.applicationName === null) {
-      return null;
-    }
-
-    ApplicationBackend.getApplication(this.state.owner, this.state.applicationName)
-      .then((res) => {
-        if (res.status === "error") {
-          this.onUpdateApplication(null);
-          this.setState({
-            msg: res.msg,
-          });
-          return ;
-        }
-        this.onUpdateApplication(res.data);
-      });
-  }
-
-  getCaptchaProviderItems(application) {
-    const providers = application?.providers;
-
-    if (providers === undefined || providers === null) {
-      return null;
-    }
-
-    return providers.filter(providerItem => {
-      if (providerItem.provider === undefined || providerItem.provider === null) {
-        return false;
-      }
-
-      return providerItem.provider.category === "Captcha";
-    });
-  }
-
-  callback(values) {
-    Setting.goToLink(`${this.state.redirectUri}?code=${values.captchaToken}&type=${values.captchaType}&secret=${values.clientSecret}&applicationId=${values.applicationId}`);
-  }
-
-  renderCaptchaModal(application) {
-    const captchaProviderItems = this.getCaptchaProviderItems(application);
-    if (captchaProviderItems === null) {
-      return null;
-    }
-    const alwaysProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Always");
-    const dynamicProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Dynamic");
-    const provider = alwaysProviderItems.length > 0
-      ? alwaysProviderItems[0].provider
-      : dynamicProviderItems[0].provider;
-
-    return <CaptchaModal
-      owner={provider.owner}
-      name={provider.name}
-      visible={true}
-      onOk={(captchaType, captchaToken, clientSecret) => {
-        const values = {
-          captchaType: captchaType,
-          captchaToken: captchaToken,
-          clientSecret: clientSecret,
-          applicationId: `${provider.owner}/${provider.name}`,
-        };
-        this.callback(values);
-      }}
-      onCancel={() => this.callback({captchaType: "none", captchaToken: "", clientSecret: ""})}
-      isCurrentProvider={true}
-    />;
-  }
-  render() {
-    return (
-      this.renderCaptchaModal(this.state.application)
-    );
-  }
-}
-
-export default CaptchaPage;
--- a/web/src/CasbinEditor.js
+++ b/web/src/CasbinEditor.js
@@ -1,97 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React, {useCallback, useEffect, useRef, useState} from "react";
-import {Controlled as CodeMirror} from "react-codemirror2";
-import "codemirror/lib/codemirror.css";
-import "codemirror/mode/properties/properties";
-import * as Setting from "./Setting";
-import IframeEditor from "./IframeEditor";
-import {Tabs} from "antd";
-
-const {TabPane} = Tabs;
-
-const CasbinEditor = ({model, onModelTextChange}) => {
-  const [activeKey, setActiveKey] = useState("advanced");
-  const iframeRef = useRef(null);
-  const [localModelText, setLocalModelText] = useState(model.modelText);
-
-  const handleModelTextChange = useCallback((newModelText) => {
-    if (!Setting.builtInObject(model)) {
-      setLocalModelText(newModelText);
-      onModelTextChange(newModelText);
-    }
-  }, [model, onModelTextChange]);
-
-  const syncModelText = useCallback(() => {
-    return new Promise((resolve) => {
-      if (activeKey === "advanced" && iframeRef.current) {
-        const handleSyncMessage = (event) => {
-          if (event.data.type === "modelUpdate") {
-            window.removeEventListener("message", handleSyncMessage);
-            handleModelTextChange(event.data.modelText);
-            resolve();
-          }
-        };
-        window.addEventListener("message", handleSyncMessage);
-        iframeRef.current.getModelText();
-      } else {
-        resolve();
-      }
-    });
-  }, [activeKey, handleModelTextChange]);
-
-  const handleTabChange = (key) => {
-    syncModelText().then(() => {
-      setActiveKey(key);
-      if (key === "advanced" && iframeRef.current) {
-        iframeRef.current.updateModelText(localModelText);
-      }
-    });
-  };
-
-  useEffect(() => {
-    setLocalModelText(model.modelText);
-  }, [model.modelText]);
-
-  return (
-    <div style={{height: "100%", width: "100%", display: "flex", flexDirection: "column"}}>
-      <Tabs activeKey={activeKey} onChange={handleTabChange} style={{flex: "0 0 auto", marginTop: "-10px"}}>
-        <TabPane tab="Basic Editor" key="basic" />
-        <TabPane tab="Advanced Editor" key="advanced" />
-      </Tabs>
-      <div style={{flex: "1 1 auto", overflow: "hidden"}}>
-        {activeKey === "advanced" ? (
-          <IframeEditor
-            ref={iframeRef}
-            initialModelText={localModelText}
-            onModelTextChange={handleModelTextChange}
-            style={{width: "100%", height: "100%"}}
-          />
-        ) : (
-          <CodeMirror
-            value={localModelText}
-            className="full-height-editor no-horizontal-scroll-editor"
-            options={{mode: "properties", theme: "default"}}
-            onBeforeChange={(editor, data, value) => {
-              handleModelTextChange(value);
-            }}
-          />
-        )}
-      </div>
-    </div>
-  );
-};
-
-export default CasbinEditor;
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@@ -288,14 +288,14 @@ class CertEditPage extends React.Component {
          Setting.showMessage("success", i18next.t("general:Successfully saved"));
          this.setState({
            certName: this.state.cert.name,
-          }, () => {
-            if (exitAfterSave) {
-              this.props.history.push("/certs");
-            } else {
-              this.props.history.push(`/certs/${this.state.cert.owner}/${this.state.cert.name}`);
-              this.getCert();
-            }
          });
+
+          if (exitAfterSave) {
+            this.props.history.push("/certs");
+          } else {
+            this.props.history.push(`/certs/${this.state.cert.owner}/${this.state.cert.name}`);
+            this.getCert();
+          }
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
          this.updateCertField("name", this.state.certName);
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@@ -73,11 +73,9 @@ class CertListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/EnforcerListPage.js
+++ b/web/src/EnforcerListPage.js
@@ -55,11 +55,9 @@ class EnforcerListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/EntryPage.js
+++ b/web/src/EntryPage.js
@@ -32,9 +32,7 @@ import {authConfig} from "./auth/Auth";
 import ProductBuyPage from "./ProductBuyPage";
 import PaymentResultPage from "./PaymentResultPage";
 import QrCodePage from "./QrCodePage";
-import CaptchaPage from "./CaptchaPage";
 import CustomHead from "./basic/CustomHead";
-import * as Util from "./auth/Util";

 class EntryPage extends React.Component {
  constructor(props) {
@@ -95,20 +93,10 @@ class EntryPage extends React.Component {
        });
    };

-    if (this.state.application?.ipRestriction) {
-      return Util.renderMessageLarge(this, this.state.application.ipRestriction);
-    }
-
-    if (this.state.application?.organizationObj?.ipRestriction) {
-      return Util.renderMessageLarge(this, this.state.application.organizationObj.ipRestriction);
-    }
-
-    const isDarkMode = this.props.themeAlgorithm.includes("dark");
-
    return (
      <React.Fragment>
        <CustomHead headerHtml={this.state.application?.headerHtml} />
-        <div className={`${isDarkMode ? "loginBackgroundDark" : "loginBackground"}`}
+        <div className="loginBackground"
          style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${this.state.application?.formBackgroundUrl})`}}>
          <Spin size="large" spinning={this.state.application === undefined && this.state.pricing === undefined} tip={i18next.t("login:Loading")}
            style={{margin: "0 auto"}} />
@@ -132,10 +120,8 @@ class EntryPage extends React.Component {
            <Route exact path="/buy-plan/:owner/:pricingName" render={(props) => <ProductBuyPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
            <Route exact path="/buy-plan/:owner/:pricingName/result" render={(props) => <PaymentResultPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
            <Route exact path="/qrcode/:owner/:paymentName" render={(props) => <QrCodePage {...this.props} onUpdateApplication={onUpdateApplication} {...props} />} />
-            <Route exact path="/captcha" render={(props) => <CaptchaPage {...props} />} />
          </Switch>
        </div>
-
      </React.Fragment>
    );
  }
--- a/web/src/GroupListPage.js
+++ b/web/src/GroupListPage.js
@@ -84,11 +84,9 @@ class GroupListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/IframeEditor.js
+++ b/web/src/IframeEditor.js
@@ -1,66 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React, {forwardRef, useEffect, useImperativeHandle, useRef, useState} from "react";
-
-const IframeEditor = forwardRef(({initialModelText, onModelTextChange}, ref) => {
-  const iframeRef = useRef(null);
-  const [iframeReady, setIframeReady] = useState(false);
-
-  useEffect(() => {
-    const handleMessage = (event) => {
-      if (event.origin !== "https://editor.casbin.org") {return;}
-
-      if (event.data.type === "modelUpdate") {
-        onModelTextChange(event.data.modelText);
-      } else if (event.data.type === "iframeReady") {
-        setIframeReady(true);
-        iframeRef.current?.contentWindow.postMessage({
-          type: "initializeModel",
-          modelText: initialModelText,
-        }, "*");
-      }
-    };
-
-    window.addEventListener("message", handleMessage);
-    return () => window.removeEventListener("message", handleMessage);
-  }, [onModelTextChange, initialModelText]);
-
-  useImperativeHandle(ref, () => ({
-    getModelText: () => {
-      iframeRef.current?.contentWindow.postMessage({type: "getModelText"}, "*");
-    },
-    updateModelText: (newModelText) => {
-      if (iframeReady) {
-        iframeRef.current?.contentWindow.postMessage({
-          type: "updateModelText",
-          modelText: newModelText,
-        }, "*");
-      }
-    },
-  }));
-
-  return (
-    <iframe
-      ref={iframeRef}
-      src="https://editor.casbin.org/model-editor"
-      frameBorder="0"
-      width="100%"
-      height="500px"
-      title="Casbin Model Editor"
-    />
-  );
-});
-
-export default IframeEditor;
--- a/web/src/InvitationEditPage.js
+++ b/web/src/InvitationEditPage.js
@@ -20,7 +20,6 @@ import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 import copy from "copy-to-clipboard";
-import * as GroupBackend from "./backend/GroupBackend";

 const {Option} = Select;

@@ -34,7 +33,6 @@ class InvitationEditPage extends React.Component {
      invitation: null,
      organizations: [],
      applications: [],
-      groups: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
    };
  }
@@ -43,7 +41,6 @@ class InvitationEditPage extends React.Component {
    this.getInvitation();
    this.getOrganizations();
    this.getApplicationsByOrganization(this.state.organizationName);
-    this.getGroupsByOrganization(this.state.organizationName);
  }

  getInvitation() {
@@ -78,17 +75,6 @@ class InvitationEditPage extends React.Component {
      });
  }

-  getGroupsByOrganization(organizationName) {
-    GroupBackend.getGroups(organizationName)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            groups: res.data,
-          });
-        }
-      });
-  }
-
  parseInvitationField(key, value) {
    if ([""].includes(key)) {
      value = Setting.myParseInt(value);
@@ -134,7 +120,7 @@ class InvitationEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account) || isCreatedByPlan} value={this.state.invitation.owner} onChange={(value => {this.updateInvitationField("owner", value); this.getApplicationsByOrganization(value);this.getGroupsByOrganization(value);})}>
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account) || isCreatedByPlan} value={this.state.invitation.owner} onChange={(value => {this.updateInvitationField("owner", value); this.getApplicationsByOrganization(value);})}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
              }
@@ -218,21 +204,6 @@ class InvitationEditPage extends React.Component {
              ]} />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("provider:Signup group"), i18next.t("provider:Signup group - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.invitation.signupGroup} onChange={(value => {this.updateInvitationField("signupGroup", value);})}>
-              <Option key={""} value={""}>
-                {i18next.t("general:Default")}
-              </Option>
-              {
-                this.state.groups.map((group, index) => <Option key={index} value={`${group.owner}/${group.name}`}>{group.name}</Option>)
-              }
-            </Select>
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("signup:Username"), i18next.t("signup:Username - Tooltip"))} :
--- a/web/src/InvitationListPage.js
+++ b/web/src/InvitationListPage.js
@@ -68,11 +68,9 @@ class InvitationListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@@ -13,13 +13,12 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select, Space, Switch} from "antd";
-import {EyeInvisibleOutlined, EyeTwoTone, HolderOutlined, UsergroupAddOutlined} from "@ant-design/icons";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
+import {EyeInvisibleOutlined, EyeTwoTone} from "@ant-design/icons";
 import * as LddpBackend from "./backend/LdapBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
-import * as GroupBackend from "./backend/GroupBackend";

 const {Option} = Select;

@@ -31,14 +30,12 @@ class LdapEditPage extends React.Component {
      organizationName: props.match.params.organizationName,
      ldap: null,
      organizations: [],
-      groups: null,
    };
  }

  UNSAFE_componentWillMount() {
    this.getLdap();
    this.getOrganizations();
-    this.getGroups();
  }

  getLdap() {
@@ -63,17 +60,6 @@ class LdapEditPage extends React.Component {
      });
  }

-  getGroups() {
-    GroupBackend.getGroups(this.state.organizationName)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            groups: res.data,
-          });
-        }
-      });
-  }
-
  updateLdapField(key, value) {
    this.setState((prevState) => {
      prevState.ldap[key] = value;
@@ -228,31 +214,6 @@ class LdapEditPage extends React.Component {
            />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
-            {Setting.getLabel(i18next.t("ldap:Default group"), i18next.t("ldap:Default group - Tooltip"))} :
-          </Col>
-          <Col span={21}>
-            <Select virtual={false} style={{width: "100%"}} value={this.state.ldap.defaultGroup ?? []} onChange={(value => {
-              this.updateLdapField("defaultGroup", value);
-            })}
-            >
-              <Option key={""} value={""}>
-                <Space>
-                  {i18next.t("general:Default")}
-                </Space>
-              </Option>
-              {
-                this.state.groups?.map((group) => <Option key={group.name} value={`${group.owner}/${group.name}`}>
-                  <Space>
-                    {group.type === "Physical" ? <UsergroupAddOutlined /> : <HolderOutlined />}
-                    {group.displayName}
-                  </Space>
-                </Option>)
-              }
-            </Select>
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}}>
          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
            {Setting.getLabel(i18next.t("ldap:Auto Sync"), i18next.t("ldap:Auto Sync - Tooltip"))} :
--- a/web/src/ModelEditPage.js
+++ b/web/src/ModelEditPage.js
@@ -18,7 +18,11 @@ import * as ModelBackend from "./backend/ModelBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
-import ModelEditor from "./CasbinEditor";
+
+import {Controlled as CodeMirror} from "react-codemirror2";
+import "codemirror/lib/codemirror.css";
+
+require("codemirror/mode/properties/properties");

 const {Option} = Select;

@@ -143,10 +147,16 @@ class ModelEditPage extends React.Component {
            {Setting.getLabel(i18next.t("model:Model text"), i18next.t("model:Model text - Tooltip"))} :
          </Col>
          <Col span={22}>
-            <div style={{position: "relative", height: "500px"}} >
-              <ModelEditor
-                model={this.state.model}
-                onModelTextChange={(value) => this.updateModelField("modelText", value)}
+            <div style={{width: "100%"}} >
+              <CodeMirror
+                value={this.state.model.modelText}
+                options={{mode: "properties", theme: "default"}}
+                onBeforeChange={(editor, data, value) => {
+                  if (Setting.builtInObject(this.state.model)) {
+                    return;
+                  }
+                  this.updateModelField("modelText", value);
+                }}
              />
            </div>
          </Col>
--- a/web/src/ModelListPage.js
+++ b/web/src/ModelListPage.js
@@ -72,11 +72,9 @@ class ModelListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@@ -19,7 +19,6 @@ import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as LdapBackend from "./backend/LdapBackend";
 import * as Setting from "./Setting";
 import * as Conf from "./Conf";
-import * as Obfuscator from "./auth/Obfuscator";
 import i18next from "i18next";
 import {LinkOutlined} from "@ant-design/icons";
 import LdapTable from "./table/LdapTable";
@@ -113,22 +112,6 @@ class OrganizationEditPage extends React.Component {
    });
  }

-  updatePasswordObfuscator(key, value) {
-    const organization = this.state.organization;
-    if (organization.passwordObfuscatorType === "") {
-      organization.passwordObfuscatorType = "Plain";
-    }
-    if (key === "type") {
-      organization.passwordObfuscatorType = value;
-      organization.passwordObfuscatorKey = Obfuscator.getRandomKeyForObfuscator(value);
-    } else if (key === "key") {
-      organization.passwordObfuscatorKey = value;
-    }
-    this.setState({
-      organization: organization,
-    });
-  }
-
  renderOrganization() {
    return (
      <Card size="small" title={
@@ -311,34 +294,6 @@ class OrganizationEditPage extends React.Component {
            />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Password obfuscator"), i18next.t("general:Password obfuscator - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}}
-              value={this.state.organization.passwordObfuscatorType}
-              onChange={(value => {this.updatePasswordObfuscator("type", value);})}>
-              {
-                [
-                  {id: "Plain", name: "Plain"},
-                  {id: "AES", name: "AES"},
-                  {id: "DES", name: "DES"},
-                ].map((obfuscatorType, index) => <Option key={index} value={obfuscatorType.id}>{obfuscatorType.name}</Option>)
-              }
-            </Select>
-          </Col>
-        </Row>
-        {
-          (this.state.organization.passwordObfuscatorType === "Plain" || this.state.organization.passwordObfuscatorType === "") ? null : (<Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-              {Setting.getLabel(i18next.t("general:Password obf key"), i18next.t("general:Password obf key - Tooltip"))} :
-            </Col>
-            <Col span={22} >
-              <Input value={this.state.organization.passwordObfuscatorKey} onChange={(e) => {this.updatePasswordObfuscator("key", e.target.value);}} />
-            </Col>
-          </Row>)
-        }
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Supported country codes"), i18next.t("general:Supported country codes - Tooltip"))} :
@@ -350,7 +305,6 @@ class OrganizationEditPage extends React.Component {
              }}
              filterOption={(input, option) => (option?.text ?? "").toLowerCase().includes(input.toLowerCase())}
            >
-              {Setting.getCountryCodeOption({name: i18next.t("organization:All"), code: "All", phone: 0})}
              {
                Setting.getCountryCodeData().map((country) => Setting.getCountryCodeOption(country))
              }
@@ -406,7 +360,7 @@ class OrganizationEditPage extends React.Component {
          </Col>
          <Col span={22} >
            <Select virtual={false} style={{width: "100%"}} value={this.state.organization.defaultApplication} onChange={(value => {this.updateOrganizationField("defaultApplication", value);})}
-              options={this.state.applications?.map((item) => Setting.getOption(Setting.getApplicationDisplayName(item.name), item.name))
+              options={this.state.applications?.map((item) => Setting.getOption(item.name, item.name))
              } />
          </Col>
        </Row>
@@ -452,16 +406,6 @@ class OrganizationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:IP whitelist"), i18next.t("general:IP whitelist - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input value={this.state.organization.ipWhitelist} onChange={e => {
-              this.updateOrganizationField("ipWhitelist", e.target.value);
-            }} />
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
            {Setting.getLabel(i18next.t("organization:Init score"), i18next.t("organization:Init score - Tooltip"))} :
@@ -584,12 +528,6 @@ class OrganizationEditPage extends React.Component {
    const organization = Setting.deepCopy(this.state.organization);
    organization.accountItems = organization.accountItems?.filter(accountItem => accountItem.name !== "Please select an account item");

-    const passwordObfuscatorErrorMessage = Obfuscator.checkPasswordObfuscator(organization.passwordObfuscatorType, organization.passwordObfuscatorKey);
-    if (passwordObfuscatorErrorMessage.length > 0) {
-      Setting.showMessage("error", passwordObfuscatorErrorMessage);
-      return;
-    }
-
    OrganizationBackend.updateOrganization(this.state.organization.owner, this.state.organizationName, organization)
      .then((res) => {
        if (res.status === "ok") {
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@@ -35,8 +35,6 @@ class OrganizationListPage extends BaseListPage {
      passwordType: "plain",
      PasswordSalt: "",
      passwordOptions: [],
-      passwordObfuscatorType: "Plain",
-      passwordObfuscatorKey: "",
      countryCodes: ["US"],
      defaultAvatar: `${Setting.StaticBaseUrl}/img/casbin.svg`,
      defaultApplication: "",
@@ -117,11 +115,11 @@ class OrganizationListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
            pagination: {
              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+              total: this.state.pagination.total - 1},
          });
          window.dispatchEvent(new Event("storageOrganizationsChanged"));
        } else {
--- a/web/src/PaymentListPage.js
+++ b/web/src/PaymentListPage.js
@@ -70,11 +70,9 @@ class PaymentListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/PermissionListPage.js
+++ b/web/src/PermissionListPage.js
@@ -69,11 +69,9 @@ class PermissionListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/PlanListPage.js
+++ b/web/src/PlanListPage.js
@@ -63,11 +63,9 @@ class PlanListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/PricingListPage.js
+++ b/web/src/PricingListPage.js
@@ -59,11 +59,9 @@ class PricingListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/ProductListPage.js
+++ b/web/src/ProductListPage.js
@@ -65,11 +65,9 @@ class ProductListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@@ -843,7 +843,7 @@ class ProviderEditPage extends React.Component {
          )
        }
        {
-          this.state.provider.type !== "ADFS" && this.state.provider.type !== "AzureAD" && this.state.provider.type !== "AzureADB2C" && (this.state.provider.type !== "Casdoor" && this.state.category !== "Storage") && this.state.provider.type !== "Okta" ? null : (
+          this.state.provider.type !== "ADFS" && this.state.provider.type !== "AzureAD" && this.state.provider.type !== "AzureADB2C" && this.state.provider.type !== "Casdoor" && this.state.provider.type !== "Okta" ? null : (
            <Row style={{marginTop: "20px"}} >
              <Col style={{marginTop: "5px"}} span={2}>
                {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@@ -870,7 +870,7 @@ class ProviderEditPage extends React.Component {
                </Col>
              </Row>
            )}
-            {["Custom HTTP SMS", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology", "Casdoor"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology"].includes(this.state.provider.type) ? null : (
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
                  {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
@@ -885,9 +885,7 @@ class ProviderEditPage extends React.Component {
            {["Custom HTTP SMS", "Local File System"].includes(this.state.provider.type) ? null : (
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
-                  {["Casdoor"].includes(this.state.provider.type) ?
-                    Setting.getLabel(i18next.t("general:Provider"), i18next.t("provider:Provider - Tooltip"))
-                    : Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
+                  {Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
                </Col>
                <Col span={22} >
                  <Input value={this.state.provider.bucket} onChange={e => {
@@ -908,7 +906,7 @@ class ProviderEditPage extends React.Component {
                </Col>
              </Row>
            )}
-            {["Custom HTTP SMS", "Qiniu Cloud Kodo", "Synology", "Casdoor"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology"].includes(this.state.provider.type) ? null : (
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
                  {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@@ -920,24 +918,10 @@ class ProviderEditPage extends React.Component {
                </Col>
              </Row>
            )}
-            {["Casdoor"].includes(this.state.provider.type) ? (
+            {["AWS S3", "Tencent Cloud COS", "Qiniu Cloud Kodo"].includes(this.state.provider.type) ? (
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
-                  {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
-                </Col>
-                <Col span={22} >
-                  <Input value={this.state.provider.content} onChange={e => {
-                    this.updateProviderField("content", e.target.value);
-                  }} />
-                </Col>
-              </Row>
-            ) : null}
-            {["AWS S3", "Tencent Cloud COS", "Qiniu Cloud Kodo", "Casdoor"].includes(this.state.provider.type) ? (
-              <Row style={{marginTop: "20px"}} >
-                <Col style={{marginTop: "5px"}} span={2}>
-                  {["Casdoor"].includes(this.state.provider.type) ?
-                    Setting.getLabel(i18next.t("general:Application"), i18next.t("general:Application - Tooltip")) :
-                    Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
+                  {Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
                </Col>
                <Col span={22} >
                  <Input value={this.state.provider.regionId} onChange={e => {
@@ -1314,7 +1298,7 @@ class ProviderEditPage extends React.Component {
          ) : null
        }
        {
-          (this.state.provider.type === "Alipay" || this.state.provider.type === "WeChat Pay" || this.state.provider.type === "Casdoor") ? (
+          (this.state.provider.type === "Alipay" || this.state.provider.type === "WeChat Pay") ? (
            <Row style={{marginTop: "20px"}} >
              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                {Setting.getLabel(i18next.t("general:Cert"), i18next.t("general:Cert - Tooltip"))} :
--- a/web/src/ProviderListPage.js
+++ b/web/src/ProviderListPage.js
@@ -76,11 +76,9 @@ class ProviderListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/ResourceListPage.js
+++ b/web/src/ResourceListPage.js
@@ -40,11 +40,9 @@ class ResourceListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/RoleListPage.js
+++ b/web/src/RoleListPage.js
@@ -61,11 +61,9 @@ class RoleListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/SessionListPage.js
+++ b/web/src/SessionListPage.js
@@ -27,11 +27,9 @@ class SessionListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@@ -229,10 +229,6 @@ export const OtherProviderInfo = {
      logo: `${StaticBaseUrl}/img/social_synology.png`,
      url: "https://www.synology.com/en-global/dsm/feature/file_sharing",
    },
-    "Casdoor": {
-      logo: `${StaticBaseUrl}/img/casdoor.png`,
-      url: "https://casdoor.org/docs/provider/storage/overview",
-    },
  },
  SAML: {
    "Aliyun IDaaS": {
@@ -287,14 +283,6 @@ export const OtherProviderInfo = {
      logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
      url: "https://www.google.com/recaptcha",
    },
-    "reCAPTCHA v2": {
-      logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
-      url: "https://www.google.com/recaptcha",
-    },
-    "reCAPTCHA v3": {
-      logo: `${StaticBaseUrl}/img/social_recaptcha.png`,
-      url: "https://www.google.com/recaptcha",
-    },
    "hCaptcha": {
      logo: `${StaticBaseUrl}/img/social_hcaptcha.png`,
      url: "https://www.hcaptcha.com",
@@ -418,9 +406,6 @@ export function getCountryCode(country) {
 }

 export function getCountryCodeData(countryCodes = phoneNumber.getCountries()) {
-  if (countryCodes?.includes("All")) {
-    countryCodes = phoneNumber.getCountries();
-  }
  return countryCodes?.map((countryCode) => {
    if (phoneNumber.isSupportedCountry(countryCode)) {
      const name = initCountries().getName(countryCode, getLanguage());
@@ -439,10 +424,10 @@ export function getCountryCodeOption(country) {
    <Option key={country.code} value={country.code} label={`+${country.phone}`} text={`${country.name}, ${country.code}, ${country.phone}`} >
      <div style={{display: "flex", justifyContent: "space-between", marginRight: "10px"}}>
        <div>
-          {country.code === "All" ? null : getCountryImage(country)}
+          {getCountryImage(country)}
          {`${country.name}`}
        </div>
-        {country.code === "All" ? null : `+${country.phone}`}
+        {`+${country.phone}`}
      </div>
    </Option>
  );
@@ -1077,7 +1062,6 @@ export function getProviderTypeOptions(category) {
        {id: "Qiniu Cloud Kodo", name: "Qiniu Cloud Kodo"},
        {id: "Google Cloud Storage", name: "Google Cloud Storage"},
        {id: "Synology", name: "Synology"},
-        {id: "Casdoor", name: "Casdoor"},
      ]
    );
  } else if (category === "SAML") {
@@ -1099,8 +1083,7 @@ export function getProviderTypeOptions(category) {
  } else if (category === "Captcha") {
    return ([
      {id: "Default", name: "Default"},
-      {id: "reCAPTCHA v2", name: "reCAPTCHA v2"},
-      {id: "reCAPTCHA v3", name: "reCAPTCHA v3"},
+      {id: "reCAPTCHA", name: "reCAPTCHA"},
      {id: "hCaptcha", name: "hCaptcha"},
      {id: "Aliyun Captcha", name: "Aliyun Captcha"},
      {id: "GEETEST", name: "GEETEST"},
@@ -1171,7 +1154,7 @@ export function renderLogo(application) {

 function isSigninMethodEnabled(application, signinMethod) {
  if (application && application.signinMethods) {
-    return application.signinMethods.filter(item => item.name === signinMethod && item.rule !== "Hide-Password").length > 0;
+    return application.signinMethods.filter(item => item.name === signinMethod).length > 0;
  } else {
    return false;
  }
@@ -1388,13 +1371,6 @@ export function getApplicationName(application) {
  return `${application?.owner}/${application?.name}`;
 }

-export function getApplicationDisplayName(application) {
-  if (application.isShared) {
-    return `${application.name}(Shared)`;
-  }
-  return application.name;
-}
-
 export function getRandomName() {
  return Math.random().toString(36).slice(-6);
 }
@@ -1557,7 +1533,3 @@ export function getCurrencyText(product) {
    return "(Unknown currency)";
  }
 }
-
-export function isDarkTheme(themeAlgorithm) {
-  return themeAlgorithm && themeAlgorithm.includes("dark");
-}
--- a/web/src/SubscriptionListPage.js
+++ b/web/src/SubscriptionListPage.js
@@ -64,11 +64,9 @@ class SubscriptionListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/SyncerEditPage.js
+++ b/web/src/SyncerEditPage.js
@@ -434,9 +434,10 @@ class SyncerEditPage extends React.Component {
            {Setting.getLabel(i18next.t("syncer:Table"), i18next.t("syncer:Table - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Input value={this.state.syncer.table} onChange={e => {
-              this.updateSyncerField("table", e.target.value);
-            }} />
+            <Input value={this.state.syncer.table}
+              disabled={this.state.syncer.type === "Keycloak"} onChange={e => {
+                this.updateSyncerField("table", e.target.value);
+              }} />
          </Col>
        </Row>
        <Row style={{marginTop: "20px"}} >
--- a/web/src/SyncerListPage.js
+++ b/web/src/SyncerListPage.js
@@ -69,11 +69,9 @@ class SyncerListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/TokenListPage.js
+++ b/web/src/TokenListPage.js
@@ -61,11 +61,9 @@ class TokenListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/TransactionEditPage.js
+++ b/web/src/TransactionEditPage.js
@@ -125,7 +125,7 @@ class TransactionEditPage extends React.Component {
          application: application,
        });

-        this.getCerts(application);
+        this.getCerts(application.organization);

        this.getSamlMetadata(application.enableSamlPostBinding);
      });
--- a/web/src/TransactionListPage.js
+++ b/web/src/TransactionListPage.js
@@ -54,11 +54,9 @@ class TransactionListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@@ -1050,8 +1050,6 @@ class UserEditPage extends React.Component {
            <MfaAccountTable
              title={i18next.t("user:MFA accounts")}
              table={this.state.user.mfaAccounts}
-              accessToken={this.props.account?.accessToken}
-              icon={this.state.user.avatar}
              onUpdateTable={(table) => {this.updateUserField("mfaAccounts", table);}}
            />
          </Col>
@@ -1070,19 +1068,6 @@ class UserEditPage extends React.Component {
          </Col>
        </Row>
      );
-    } else if (accountItem.name === "IP whitelist") {
-      return (
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:IP whitelist"), i18next.t("general:IP whitelist - Tooltip"))} :
-          </Col>
-          <Col span={22}>
-            <Input value={this.state.user.ipWhitelist} onChange={e => {
-              this.updateUserField("ipWhitelist", e.target.value);
-            }} />
-          </Col>
-        </Row>
-      );
    }
  }

--- a/web/src/UserListPage.js
+++ b/web/src/UserListPage.js
@@ -110,11 +110,9 @@ class UserListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/WebhookListPage.js
+++ b/web/src/WebhookListPage.js
@@ -61,11 +61,9 @@ class WebhookListPage extends BaseListPage {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
--- a/web/src/auth/CasLogout.js
+++ b/web/src/auth/CasLogout.js
@@ -34,42 +34,25 @@ class CasLogout extends React.Component {

  UNSAFE_componentWillMount() {
    const params = new URLSearchParams(this.props.location.search);
-    const logoutInterval = 100;
-
-    const logoutTimeOut = (redirectUri) => {
-      setTimeout(() => {
-        AuthBackend.getAccount().then((accountRes) => {
-          if (accountRes.status === "ok") {
-            AuthBackend.logout().then((logoutRes) => {
-              if (logoutRes.status === "ok") {
-                logoutTimeOut(logoutRes.data2);
-              } else {
-                Setting.showMessage("error", `${i18next.t("login:Failed to log out")}: ${logoutRes.msg}`);
-              }
-            });
-          } else {
-            Setting.showMessage("success", i18next.t("application:Logged out successfully"));
-            this.props.onUpdateAccount(null);
-            if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
-              Setting.goToLink(redirectUri);
-            } else if (params.has("service")) {
-              Setting.goToLink(params.get("service"));
-            } else {
-              Setting.goToLinkSoft(this, `/cas/${this.state.owner}/${this.state.applicationName}/login`);
-            }
-          }
-        });
-      }, logoutInterval);
-    };

    AuthBackend.logout()
      .then((res) => {
        if (res.status === "ok") {
-          logoutTimeOut(res.data2);
+          Setting.showMessage("success", "Logged out successfully");
+          this.props.onUpdateAccount(null);
+          const redirectUri = res.data2;
+          if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
+            Setting.goToLink(redirectUri);
+          } else if (params.has("service")) {
+            Setting.goToLink(params.get("service"));
+          } else {
+            Setting.goToLinkSoft(this, `/cas/${this.state.owner}/${this.state.applicationName}/login`);
+          }
        } else {
-          Setting.showMessage("error", `${i18next.t("login:Failed to log out")}: ${res.msg}`);
+          Setting.showMessage("error", `Failed to log out: ${res.msg}`);
        }
      });
+
  }

  render() {
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -19,7 +19,6 @@ import {withRouter} from "react-router-dom";
 import * as UserWebauthnBackend from "../backend/UserWebauthnBackend";
 import OrganizationSelect from "../common/select/OrganizationSelect";
 import * as Conf from "../Conf";
-import * as Obfuscator from "./Obfuscator";
 import * as AuthBackend from "./AuthBackend";
 import * as OrganizationBackend from "../backend/OrganizationBackend";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
@@ -52,6 +51,7 @@ class LoginPage extends React.Component {
      username: null,
      validEmailOrPhone: false,
      validEmail: false,
+      enableCaptchaModal: CaptchaRule.Never,
      openCaptchaModal: false,
      openFaceRecognitionModal: false,
      verifyCaptcha: undefined,
@@ -92,6 +92,17 @@ class LoginPage extends React.Component {
    }
    if (prevProps.application !== this.props.application) {
      this.setState({loginMethod: this.getDefaultLoginMethod(this.props.application)});
+
+      const captchaProviderItems = this.getCaptchaProviderItems(this.props.application);
+      if (captchaProviderItems) {
+        if (captchaProviderItems.some(providerItem => providerItem.rule === "Always")) {
+          this.setState({enableCaptchaModal: CaptchaRule.Always});
+        } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Dynamic")) {
+          this.setState({enableCaptchaModal: CaptchaRule.Dynamic});
+        } else {
+          this.setState({enableCaptchaModal: CaptchaRule.Never});
+        }
+      }
    }

    if (prevProps.account !== this.props.account && this.props.account !== undefined) {
@@ -121,19 +132,6 @@ class LoginPage extends React.Component {
    }
  }

-  getCaptchaRule(application) {
-    const captchaProviderItems = this.getCaptchaProviderItems(application);
-    if (captchaProviderItems) {
-      if (captchaProviderItems.some(providerItem => providerItem.rule === "Always")) {
-        return CaptchaRule.Always;
-      } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Dynamic")) {
-        return CaptchaRule.Dynamic;
-      } else {
-        return CaptchaRule.Never;
-      }
-    }
-  }
-
  checkCaptchaStatus(values) {
    AuthBackend.getCaptchaStatus(values)
      .then((res) => {
@@ -227,22 +225,6 @@ class LoginPage extends React.Component {
    return "password";
  }

-  getCurrentLoginMethod() {
-    if (this.state.loginMethod === "password") {
-      return "Password";
-    } else if (this.state.loginMethod?.includes("verificationCode")) {
-      return "Verification code";
-    } else if (this.state.loginMethod === "webAuthn") {
-      return "WebAuthn";
-    } else if (this.state.loginMethod === "ldap") {
-      return "LDAP";
-    } else if (this.state.loginMethod === "faceId") {
-      return "Face ID";
-    } else {
-      return "Password";
-    }
-  }
-
  getPlaceholder() {
    switch (this.state.loginMethod) {
    case "verificationCode": return i18next.t("login:Email or phone");
@@ -278,7 +260,17 @@ class LoginPage extends React.Component {
      values["organization"] = this.getApplicationObj().organization;
    }

-    values["signinMethod"] = this.getCurrentLoginMethod();
+    if (this.state.loginMethod === "password") {
+      values["signinMethod"] = "Password";
+    } else if (this.state.loginMethod?.includes("verificationCode")) {
+      values["signinMethod"] = "Verification code";
+    } else if (this.state.loginMethod === "webAuthn") {
+      values["signinMethod"] = "WebAuthn";
+    } else if (this.state.loginMethod === "ldap") {
+      values["signinMethod"] = "LDAP";
+    } else if (this.state.loginMethod === "faceId") {
+      values["signinMethod"] = "Face ID";
+    }
    const oAuthParams = Util.getOAuthGetParameters();

    values["type"] = oAuthParams?.responseType ?? this.state.type;
@@ -387,22 +379,13 @@ class LoginPage extends React.Component {
      return;
    }
    if (this.state.loginMethod === "password" || this.state.loginMethod === "ldap") {
-      const organization = this.getApplicationObj()?.organizationObj;
-      const [passwordCipher, errorMessage] = Obfuscator.encryptByPasswordObfuscator(organization?.passwordObfuscatorType, organization?.passwordObfuscatorKey, values["password"]);
-      if (errorMessage.length > 0) {
-        Setting.showMessage("error", errorMessage);
-        return;
-      } else {
-        values["password"] = passwordCipher;
-      }
-      const captchaRule = this.getCaptchaRule(this.getApplicationObj());
-      if (captchaRule === CaptchaRule.Always) {
+      if (this.state.enableCaptchaModal === CaptchaRule.Always) {
        this.setState({
          openCaptchaModal: true,
          values: values,
        });
        return;
-      } else if (captchaRule === CaptchaRule.Dynamic) {
+      } else if (this.state.enableCaptchaModal === CaptchaRule.Dynamic) {
        this.checkCaptchaStatus(values);
        return;
      }
@@ -415,7 +398,6 @@ class LoginPage extends React.Component {
    if (this.state.type === "cas") {
      // CAS
      const casParams = Util.getCasParameters();
-      values["signinMethod"] = this.getCurrentLoginMethod();
      values["type"] = this.state.type;
      AuthBackend.loginCas(values, casParams).then((res) => {
        const loginHandler = (res) => {
@@ -920,7 +902,7 @@ class LoginPage extends React.Component {
  }

  renderCaptchaModal(application) {
-    if (this.getCaptchaRule(this.getApplicationObj()) === CaptchaRule.Never) {
+    if (this.state.enableCaptchaModal === CaptchaRule.Never) {
      return null;
    }
    const captchaProviderItems = this.getCaptchaProviderItems(application);
@@ -956,7 +938,7 @@ class LoginPage extends React.Component {
            signinItem.label ? Setting.renderSignupLink(application, signinItem.label) :
              (
                <React.Fragment>
-                  {i18next.t("login:No account?")}&nbsp;
+                  {i18next.t("login:No account?")}
                  {
                    Setting.renderSignupLink(application, i18next.t("login:sign up now"))
                  }
@@ -1143,9 +1125,6 @@ class LoginPage extends React.Component {
    ]);

    application?.signinMethods?.forEach((signinMethod) => {
-      if (signinMethod.rule === "Hide-Password") {
-        return;
-      }
      const item = itemsMap.get(generateItemKey(signinMethod.name, signinMethod.rule));
      if (item) {
        let label = signinMethod.name === signinMethod.displayName ? item.label : signinMethod.displayName;
@@ -1300,7 +1279,7 @@ class LoginPage extends React.Component {
        <div className="login-content" style={{margin: this.props.preview ?? this.parseOffset(application.formOffset)}}>
          {Setting.inIframe() || Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
          {Setting.inIframe() || !Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCssMobile}} />}
-          <div className={Setting.isDarkTheme(this.props.themeAlgorithm) ? "login-panel-dark" : "login-panel"}>
+          <div className="login-panel">
            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
              <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
            </div>
--- a/Show More
+++ b/Show More