feat: update github.com/golang-jwt/jwt dependency to v5 (#3708)

297.8 FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory

Dockerfile

@@ -1,10 +1,10 @@
 FROM --platform=$BUILDPLATFORM node:18.19.0 AS FRONT
 WORKDIR /web
 COPY ./web .
-RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build
+RUN yarn install --frozen-lockfile --network-timeout 1000000 && NODE_OPTIONS="--max-old-space-size=4096" yarn run build
 
 
-FROM --platform=$BUILDPLATFORM golang:1.20.12 AS BACK
+FROM --platform=$BUILDPLATFORM golang:1.21.13 AS BACK
 WORKDIR /go/src/casdoor
 COPY . .
 RUN ./build.sh

controllers/account.go

@@ -139,6 +139,8 @@ func (c *ApiController) Signup() {
 		invitationName = invitation.Name
 	}
 
+	userEmailVerified := false
+
 	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && authForm.Email != "" {
 		var checkResult *object.VerifyResult
 		checkResult, err = object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
@@ -150,6 +152,8 @@ func (c *ApiController) Signup() {
 			c.ResponseError(checkResult.Msg)
 			return
 		}
+
+		userEmailVerified = true
 	}
 
 	var checkPhone string
@@ -228,6 +232,7 @@ func (c *ApiController) Signup() {
 		Karma:             0,
 		Invitation:        invitationName,
 		InvitationCode:    authForm.InvitationCode,
+		EmailVerified:     userEmailVerified,
 	}
 
 	if len(organization.Tags) > 0 {
@@ -249,6 +254,10 @@ func (c *ApiController) Signup() {
 		user.Groups = []string{invitation.SignupGroup}
 	}
 
+	if application.DefaultGroup != "" && user.Groups == nil {
+		user.Groups = []string{application.DefaultGroup}
+	}
+
 	affected, err := object.AddUser(user)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -458,6 +467,10 @@ func (c *ApiController) GetAccount() {
 		return
 	}
 
+	if organization != nil && len(organization.CountryCodes) == 1 && u != nil && u.CountryCode == "" {
+		u.CountryCode = organization.CountryCodes[0]
+	}
+
 	accessToken := c.GetSessionToken()
 	if accessToken == "" {
 		accessToken, err = object.GetAccessTokenByUser(user, c.Ctx.Request.Host)

controllers/auth.go

@@ -29,6 +29,7 @@ import (
 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/form"
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/proxy"
@@ -402,11 +403,27 @@ func (c *ApiController) Login() {
 				return
 			}
 
-			if err := object.CheckFaceId(user, authForm.FaceId, c.GetAcceptLanguage()); err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
+			faceIdProvider, err := object.GetFaceIdProviderByApplication(util.GetId(application.Owner, application.Name), "false", c.GetAcceptLanguage())
+			if err != nil {
+				c.ResponseError(err.Error())
 			}
 
+			if faceIdProvider == nil {
+				if err := object.CheckFaceId(user, authForm.FaceId, c.GetAcceptLanguage()); err != nil {
+					c.ResponseError(err.Error(), nil)
+					return
+				}
+			} else {
+				ok, err := user.CheckUserFace(authForm.FaceIdImage, faceIdProvider)
+				if err != nil {
+					c.ResponseError(err.Error(), nil)
+				}
+
+				if !ok {
+					c.ResponseError(i18n.Translate(c.GetAcceptLanguage(), "check:Face data does not exist, cannot log in"))
+					return
+				}
+			}
 		} else if authForm.Password == "" {
 			if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
 				c.ResponseError(err.Error(), nil)
@@ -466,6 +483,14 @@ func (c *ApiController) Login() {
 				verificationType = "sms"
 			} else {
 				verificationType = "email"
+				if !user.EmailVerified {
+					user.EmailVerified = true
+					_, err = object.UpdateUser(user.GetId(), user, []string{"email_verified"}, false)
+					if err != nil {
+						c.ResponseError(err.Error(), nil)
+						return
+					}
+				}
 			}
 		} else {
 			var application *object.Application
@@ -598,6 +623,9 @@ func (c *ApiController) Login() {
 			c.ResponseError(err.Error())
 			return
 		}
+		if provider == nil {
+			c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s does not exist"), authForm.Provider))
+		}
 
 		providerItem := application.GetProviderItem(provider.Name)
 		if !providerItem.IsProviderVisible() {
@@ -986,6 +1014,18 @@ func (c *ApiController) Login() {
 		}
 	}
 
+	if authForm.Language != "" {
+		user := c.getCurrentUser()
+		if user != nil {
+			user.Language = authForm.Language
+			_, err = object.UpdateUser(user.GetId(), user, []string{"language"}, user.IsAdmin)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
+		}
+	}
+
 	c.Data["json"] = resp
 	c.ServeJSON()
 }

controllers/token.go

@@ -340,7 +340,7 @@ func (c *ApiController) IntrospectToken() {
 
 	if application.TokenFormat == "JWT-Standard" {
 		jwtToken, err := object.ParseStandardJwtTokenByApplication(tokenValue, application)
-		if err != nil || jwtToken.Valid() != nil {
+		if err != nil {
 			// and token revoked case. but we not implement
 			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
 			// refs: https://tools.ietf.org/html/rfc7009
@@ -365,7 +365,7 @@ func (c *ApiController) IntrospectToken() {
 		}
 	} else {
 		jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
-		if err != nil || jwtToken.Valid() != nil {
+		if err != nil {
 			// and token revoked case. but we not implement
 			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
 			// refs: https://tools.ietf.org/html/rfc7009

controllers/user.go

@@ -457,10 +457,10 @@ func (c *ApiController) SetPassword() {
 	newPassword := c.Ctx.Request.Form.Get("newPassword")
 	code := c.Ctx.Request.Form.Get("code")
 
-	//if userOwner == "built-in" && userName == "admin" {
+	// if userOwner == "built-in" && userName == "admin" {
 	//	c.ResponseError(c.T("auth:Unauthorized operation"))
 	//	return
-	//}
+	// }
 
 	if strings.Contains(newPassword, " ") {
 		c.ResponseError(c.T("user:New password cannot contain blank space."))
@@ -602,7 +602,11 @@ func (c *ApiController) CheckUserPassword() {
 		return
 	}
 
-	_, err = object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
+	/*
+	 * Verified password with user as subject, if field ldap not empty,
+	 * then `isPasswordWithLdapEnabled` is true
+	 */
+	_, err = object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage(), false, false, user.Ldap != "")
 	if err != nil {
 		c.ResponseError(err.Error())
 	} else {

controllers/verification.go

@@ -242,7 +242,7 @@ func (c *ApiController) SendVerificationCode() {
 		} else if vform.Method == ResetVerification {
 			user = c.getCurrentUser()
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
+			mfaProps := user.GetMfaProps(object.EmailType, false)
 			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
@@ -281,7 +281,7 @@ func (c *ApiController) SendVerificationCode() {
 				}
 			}
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
+			mfaProps := user.GetMfaProps(object.SmsType, false)
 			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
@@ -436,7 +436,8 @@ func (c *ApiController) ResetEmailOrPhone() {
 	switch destType {
 	case object.VerifyTypeEmail:
 		user.Email = dest
-		_, err = object.SetUserField(user, "email", user.Email)
+		user.EmailVerified = true
+		_, err = object.UpdateUser(user.GetId(), user, []string{"email", "email_verified"}, false)
 	case object.VerifyTypePhone:
 		user.Phone = dest
 		_, err = object.SetUserField(user, "phone", user.Phone)

controllers/webauthn.go

@@ -16,7 +16,7 @@ package controllers
 
 import (
 	"bytes"
-	"fmt"
+	"encoding/base64"
 	"io"
 
 	"github.com/casdoor/casdoor/form"
@@ -118,24 +118,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 		return
 	}
 
-	userOwner := c.Input().Get("owner")
-	userName := c.Input().Get("name")
-	user, err := object.GetUserByFields(userOwner, userName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-		return
-	}
-	if len(user.WebauthnCredentials) == 0 {
-		c.ResponseError(c.T("webauthn:Found no credentials for this user"))
-		return
-	}
-
-	options, sessionData, err := webauthnObj.BeginLogin(user)
+	options, sessionData, err := webauthnObj.BeginDiscoverableLogin()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -168,20 +151,23 @@ func (c *ApiController) WebAuthnSigninFinish() {
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
-	userId := string(sessionData.UserID)
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+
+	var user *object.User
+	handler := func(rawID, userHandle []byte) (webauthn.User, error) {
+		user, err = object.GetUserByWebauthID(base64.StdEncoding.EncodeToString(rawID))
+		if err != nil {
+			return nil, err
+		}
+		return user, nil
 	}
 
-	_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
+	_, err = webauthnObj.FinishDiscoverableLogin(handler, sessionData, c.Ctx.Request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	c.SetSessionUsername(userId)
-	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
+	c.SetSessionUsername(user.GetId())
+	util.LogInfo(c.Ctx, "API: [%s] signed in", user.GetId())
 
 	var application *object.Application
 

faceId/aliyun.go

@@ -0,0 +1,81 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package faceId
+
+import (
+	"strings"
+
+	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	facebody20191230 "github.com/alibabacloud-go/facebody-20191230/v5/client"
+	util "github.com/alibabacloud-go/tea-utils/v2/service"
+	"github.com/alibabacloud-go/tea/tea"
+)
+
+type AliyunFaceIdProvider struct {
+	AccessKey    string
+	AccessSecret string
+
+	Endpoint              string
+	QualityScoreThreshold float32
+}
+
+func NewAliyunFaceIdProvider(accessKey string, accessSecret string, endPoint string) *AliyunFaceIdProvider {
+	return &AliyunFaceIdProvider{
+		AccessKey:             accessKey,
+		AccessSecret:          accessSecret,
+		Endpoint:              endPoint,
+		QualityScoreThreshold: 0.65,
+	}
+}
+
+func (provider *AliyunFaceIdProvider) Check(base64ImageA string, base64ImageB string) (bool, error) {
+	config := openapi.Config{
+		AccessKeyId:     tea.String(provider.AccessKey),
+		AccessKeySecret: tea.String(provider.AccessSecret),
+	}
+	config.Endpoint = tea.String(provider.Endpoint)
+	client, err := facebody20191230.NewClient(&config)
+	if err != nil {
+		return false, err
+	}
+
+	compareFaceRequest := &facebody20191230.CompareFaceRequest{
+		QualityScoreThreshold: tea.Float32(provider.QualityScoreThreshold),
+		ImageDataA:            tea.String(strings.Replace(base64ImageA, "data:image/png;base64,", "", -1)),
+		ImageDataB:            tea.String(strings.Replace(base64ImageB, "data:image/png;base64,", "", -1)),
+	}
+
+	runtime := &util.RuntimeOptions{}
+
+	defer func() {
+		if r := tea.Recover(recover()); r != nil {
+			err = r
+		}
+	}()
+	result, err := client.CompareFaceWithOptions(compareFaceRequest, runtime)
+	if err != nil {
+		return false, err
+	}
+
+	if result == nil {
+		return false, nil
+	}
+
+	if *result.Body.Data.Thresholds[0] < *result.Body.Data.Confidence {
+		return true, nil
+	}
+
+	return false, nil
+}

faceId/provider.go

@@ -0,0 +1,23 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package faceId
+
+type FaceIdProvider interface {
+	Check(base64ImageA string, base64ImageB string) (bool, error)
+}
+
+func GetFaceIdProvider(typ string, clientId string, clientSecret string, endPoint string) FaceIdProvider {
+	return NewAliyunFaceIdProvider(clientId, clientSecret, endPoint)
+}

form/auth.go

@@ -34,6 +34,7 @@ type AuthForm struct {
 	Phone          string `json:"phone"`
 	Affiliation    string `json:"affiliation"`
 	IdCard         string `json:"idCard"`
+	Language       string `json:"language"`
 	Region         string `json:"region"`
 	InvitationCode string `json:"invitationCode"`
 
@@ -67,7 +68,8 @@ type AuthForm struct {
 	Plan    string `json:"plan"`
 	Pricing string `json:"pricing"`
 
-	FaceId []float64 `json:"faceId"`
+	FaceId      []float64 `json:"faceId"`
+	FaceIdImage []string  `json:"faceIdImage"`
 }
 
 func GetAuthFormFieldValue(form *AuthForm, fieldName string) (bool, string) {

go.mod

@@ -1,10 +1,14 @@
 module github.com/casdoor/casdoor
 
-go 1.16
+go 1.21
 
 require (
 	github.com/Masterminds/squirrel v1.5.3
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
+	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4
+	github.com/alibabacloud-go/facebody-20191230/v5 v5.1.2
+	github.com/alibabacloud-go/tea v1.3.2
+	github.com/alibabacloud-go/tea-utils/v2 v2.0.7
 	github.com/aws/aws-sdk-go v1.45.5
 	github.com/beego/beego v1.12.12
 	github.com/beevik/etree v1.1.0
@@ -18,7 +22,6 @@ require (
 	github.com/casvisor/casvisor-go-sdk v1.4.0
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.9.0
-	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
 	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
 	github.com/fogleman/gg v1.3.0
 	github.com/go-asn1-ber/asn1-ber v1.5.5
@@ -28,8 +31,8 @@ require (
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
-	github.com/go-webauthn/webauthn v0.6.0
-	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/go-webauthn/webauthn v0.10.2
+	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/google/uuid v1.6.0
 	github.com/json-iterator/go v1.1.12
 	github.com/lestrrat-go/jwx v1.2.29
@@ -46,7 +49,6 @@ require (
 	github.com/russellhaering/gosaml2 v0.9.0
 	github.com/russellhaering/goxmldsig v1.2.0
 	github.com/sendgrid/sendgrid-go v3.14.0+incompatible
-	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
@@ -54,20 +56,194 @@ require (
 	github.com/stripe/stripe-go/v74 v74.29.0
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
-	github.com/tidwall/pretty v1.2.1 // indirect
-	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/xorm-io/builder v0.3.13
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
-	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	golang.org/x/crypto v0.32.0
 	golang.org/x/net v0.34.0
 	golang.org/x/oauth2 v0.17.0
 	golang.org/x/text v0.21.0
 	google.golang.org/api v0.150.0
-	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
 	layeh.com/radius v0.0.0-20221205141417-e7fbddd11d68
 	maunium.net/go/mautrix v0.16.0
 	modernc.org/sqlite v1.18.2
 )
+
+require (
+	cloud.google.com/go v0.110.8 // indirect
+	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v1.1.3 // indirect
+	cloud.google.com/go/storage v1.35.1 // indirect
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
+	github.com/Azure/azure-storage-blob-go v0.15.0 // indirect
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
+	github.com/BurntSushi/toml v0.3.1 // indirect
+	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20221121042443-a3fd332d56d9 // indirect
+	github.com/SherClockHolmes/webpush-go v1.2.0 // indirect
+	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
+	github.com/alibabacloud-go/darabonba-number v1.0.4 // indirect
+	github.com/alibabacloud-go/debug v1.0.1 // indirect
+	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
+	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
+	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
+	github.com/alibabacloud-go/tea-oss-utils v1.1.0 // indirect
+	github.com/alibabacloud-go/tea-utils v1.3.6 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.62.545 // indirect
+	github.com/aliyun/aliyun-oss-go-sdk v2.2.2+incompatible // indirect
+	github.com/aliyun/credentials-go v1.3.10 // indirect
+	github.com/apistd/uni-go-sdk v0.0.2 // indirect
+	github.com/atc0005/go-teams-notify/v2 v2.6.1 // indirect
+	github.com/baidubce/bce-sdk-go v0.9.156 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blinkbean/dingtalk v0.0.0-20210905093040-7d935c0f7e19 // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/bwmarrin/discordgo v0.27.1 // indirect
+	github.com/casdoor/casdoor-go-sdk v0.50.0 // indirect
+	github.com/casdoor/go-reddit/v2 v2.1.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
+	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/dghubble/oauth1 v0.7.2 // indirect
+	github.com/dghubble/sling v1.4.0 // indirect
+	github.com/di-wu/parser v0.2.2 // indirect
+	github.com/di-wu/xsd-datetime v1.0.0 // indirect
+	github.com/drswork/go-twitter v0.0.0-20221107160839-dea1b6ed53d7 // indirect
+	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-lark/lark v1.9.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-webauthn/x v0.1.9 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/mock v1.6.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/gomodule/redigo v2.0.0+incompatible // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/go-tpm v0.9.0 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gregdel/pushover v1.2.1 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/jonboulle/clockwork v0.2.2 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
+	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
+	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
+	github.com/line/line-bot-sdk-go v7.8.0+incompatible // indirect
+	github.com/markbates/going v1.0.0 // indirect
+	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-ieproxy v0.0.1 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mileusna/viber v1.0.1 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c // indirect
+	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
+	github.com/pingcap/errors v0.11.5-0.20210425183316-da1aaba5fb63 // indirect
+	github.com/pingcap/log v0.0.0-20210625125904-98ed8e2eb1c7 // indirect
+	github.com/pingcap/tidb/parser v0.0.0-20221126021158-6b02a5d8ba7d // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/common v0.30.0 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/qiniu/go-sdk/v7 v7.12.1 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
+	github.com/rs/zerolog v1.30.0 // indirect
+	github.com/scim2/filter-parser/v2 v2.2.0 // indirect
+	github.com/sendgrid/rest v2.6.9+incompatible // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
+	github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 // indirect
+	github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/skeema/knownhosts v1.2.1 // indirect
+	github.com/slack-go/slack v0.12.3 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/syndtr/goleveldb v1.0.0 // indirect
+	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.744 // indirect
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sms v1.0.744 // indirect
+	github.com/tidwall/gjson v1.16.0 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/tidwall/sjson v1.2.5 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
+	github.com/tklauser/go-sysconf v0.3.10 // indirect
+	github.com/tklauser/numcpus v0.4.0 // indirect
+	github.com/twilio/twilio-go v1.13.0 // indirect
+	github.com/ucloud/ucloud-sdk-go v0.22.5 // indirect
+	github.com/utahta/go-linenotify v0.5.0 // indirect
+	github.com/volcengine/volc-sdk-golang v1.0.117 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	github.com/yusufpapurcu/wmi v1.2.2 // indirect
+	go.mau.fi/util v0.0.0-20230805171708-199bf3eec776 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.7.0 // indirect
+	go.uber.org/zap v1.19.1 // indirect
+	golang.org/x/exp v0.0.0-20230810033253-352e893a4cad // indirect
+	golang.org/x/image v0.0.0-20190802002840-cff245a6509b // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
+	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	lukechampine.com/uint128 v1.1.1 // indirect
+	maunium.net/go/maulogger/v2 v2.4.1 // indirect
+	modernc.org/cc/v3 v3.37.0 // indirect
+	modernc.org/ccgo/v3 v3.16.9 // indirect
+	modernc.org/libc v1.18.0 // indirect
+	modernc.org/mathutil v1.5.0 // indirect
+	modernc.org/memory v1.3.0 // indirect
+	modernc.org/opt v0.1.1 // indirect
+	modernc.org/strutil v1.1.3 // indirect
+	modernc.org/token v1.0.1 // indirect
+)

i18n/locales/ar/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/cs/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Uživatelské jméno nemůže být emailová adresa",
     "Username cannot contain white spaces": "Uživatelské jméno nemůže obsahovat mezery",
     "Username cannot start with a digit": "Uživatelské jméno nemůže začínat číslicí",
-    "Username is too long (maximum is 39 characters).": "Uživatelské jméno je příliš dlouhé (maximálně 39 znaků).",
+    "Username is too long (maximum is 255 characters).": "Uživatelské jméno je příliš dlouhé (maximálně 255 znaků).",
     "Username must have at least 2 characters": "Uživatelské jméno musí mít alespoň 2 znaky",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali jste špatné heslo nebo kód příliš mnohokrát, prosím počkejte %d minut a zkuste to znovu",
     "Your region is not allow to signup by phone": "Vaše oblast neumožňuje registraci pomocí telefonu",

i18n/locales/de/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Benutzername kann keine E-Mail-Adresse sein",
     "Username cannot contain white spaces": "Benutzername darf keine Leerzeichen enthalten",
     "Username cannot start with a digit": "Benutzername darf nicht mit einer Ziffer beginnen",
-    "Username is too long (maximum is 39 characters).": "Benutzername ist zu lang (das Maximum beträgt 39 Zeichen).",
+    "Username is too long (maximum is 255 characters).": "Benutzername ist zu lang (das Maximum beträgt 255 Zeichen).",
     "Username must have at least 2 characters": "Benutzername muss mindestens 2 Zeichen lang sein",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Sie haben zu oft das falsche Passwort oder den falschen Code eingegeben. Bitte warten Sie %d Minuten und versuchen Sie es erneut",
     "Your region is not allow to signup by phone": "Ihre Region ist nicht berechtigt, sich telefonisch anzumelden",

i18n/locales/en/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/es/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Nombre de usuario no puede ser una dirección de correo electrónico",
     "Username cannot contain white spaces": "Nombre de usuario no puede contener espacios en blanco",
     "Username cannot start with a digit": "El nombre de usuario no puede empezar con un dígito",
-    "Username is too long (maximum is 39 characters).": "El nombre de usuario es demasiado largo (el máximo es de 39 caracteres).",
+    "Username is too long (maximum is 255 characters).": "El nombre de usuario es demasiado largo (el máximo es de 255 caracteres).",
     "Username must have at least 2 characters": "Nombre de usuario debe tener al menos 2 caracteres",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Has ingresado la contraseña o código incorrecto demasiadas veces, por favor espera %d minutos e intenta de nuevo",
     "Your region is not allow to signup by phone": "Tu región no está permitida para registrarse por teléfono",

i18n/locales/fa/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "نام کاربری نمی‌تواند یک آدرس ایمیل باشد",
     "Username cannot contain white spaces": "نام کاربری نمی‌تواند حاوی فاصله باشد",
     "Username cannot start with a digit": "نام کاربری نمی‌تواند با یک رقم شروع شود",
-    "Username is too long (maximum is 39 characters).": "نام کاربری بیش از حد طولانی است (حداکثر ۳۹ کاراکتر).",
+    "Username is too long (maximum is 255 characters).": "نام کاربری بیش از حد طولانی است (حداکثر ۳۹ کاراکتر).",
     "Username must have at least 2 characters": "نام کاربری باید حداقل ۲ کاراکتر داشته باشد",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "شما رمز عبور یا کد اشتباه را بیش از حد وارد کرده‌اید، لطفاً %d دقیقه صبر کنید و دوباره تلاش کنید",
     "Your region is not allow to signup by phone": "منطقه شما اجازه ثبت‌نام با تلفن را ندارد",

i18n/locales/fi/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/fr/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Nom d'utilisateur ne peut pas être une adresse e-mail",
     "Username cannot contain white spaces": "Nom d'utilisateur ne peut pas contenir d'espaces blancs",
     "Username cannot start with a digit": "Nom d'utilisateur ne peut pas commencer par un chiffre",
-    "Username is too long (maximum is 39 characters).": "Nom d'utilisateur est trop long (maximum de 39 caractères).",
+    "Username is too long (maximum is 255 characters).": "Nom d'utilisateur est trop long (maximum de 255 caractères).",
     "Username must have at least 2 characters": "Le nom d'utilisateur doit comporter au moins 2 caractères",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Vous avez entré le mauvais mot de passe ou code plusieurs fois, veuillez attendre %d minutes et réessayer",
     "Your region is not allow to signup by phone": "Votre région n'est pas autorisée à s'inscrire par téléphone",

i18n/locales/he/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/id/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username tidak bisa menjadi alamat email",
     "Username cannot contain white spaces": "Username tidak boleh mengandung spasi",
     "Username cannot start with a digit": "Username tidak dapat dimulai dengan angka",
-    "Username is too long (maximum is 39 characters).": "Nama pengguna terlalu panjang (maksimum 39 karakter).",
+    "Username is too long (maximum is 255 characters).": "Nama pengguna terlalu panjang (maksimum 255 karakter).",
     "Username must have at least 2 characters": "Nama pengguna harus memiliki setidaknya 2 karakter",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan kata sandi atau kode yang salah terlalu banyak kali, mohon tunggu selama %d menit dan coba lagi",
     "Your region is not allow to signup by phone": "Wilayah Anda tidak diizinkan untuk mendaftar melalui telepon",

i18n/locales/it/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/ja/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "ユーザー名には電子メールアドレスを使用できません",
     "Username cannot contain white spaces": "ユーザ名にはスペースを含めることはできません",
     "Username cannot start with a digit": "ユーザー名は数字で始めることはできません",
-    "Username is too long (maximum is 39 characters).": "ユーザー名が長すぎます（最大39文字）。",
+    "Username is too long (maximum is 255 characters).": "ユーザー名が長すぎます（最大255文字）。",
     "Username must have at least 2 characters": "ユーザー名は少なくとも2文字必要です",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "あなたは間違ったパスワードまたはコードを何度も入力しました。%d 分間待ってから再度お試しください",
     "Your region is not allow to signup by phone": "あなたの地域は電話でサインアップすることができません",

i18n/locales/kk/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/ko/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "사용자 이름은 이메일 주소가 될 수 없습니다",
     "Username cannot contain white spaces": "사용자 이름에는 공백이 포함될 수 없습니다",
     "Username cannot start with a digit": "사용자 이름은 숫자로 시작할 수 없습니다",
-    "Username is too long (maximum is 39 characters).": "사용자 이름이 너무 깁니다 (최대 39자).",
+    "Username is too long (maximum is 255 characters).": "사용자 이름이 너무 깁니다 (최대 255자).",
     "Username must have at least 2 characters": "사용자 이름은 적어도 2개의 문자가 있어야 합니다",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "올바르지 않은 비밀번호나 코드를 여러 번 입력했습니다. %d분 동안 기다리신 후 다시 시도해주세요",
     "Your region is not allow to signup by phone": "당신의 지역은 전화로 가입할 수 없습니다",

i18n/locales/ms/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/nl/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/pl/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/pt/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "O nome de usuário não pode começar com um dígito",
-    "Username is too long (maximum is 39 characters).": "Nome de usuário é muito longo (máximo é 39 caracteres).",
+    "Username is too long (maximum is 255 characters).": "Nome de usuário é muito longo (máximo é 255 caracteres).",
     "Username must have at least 2 characters": "Nome de usuário deve ter pelo menos 2 caracteres",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/ru/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Имя пользователя не может быть адресом электронной почты",
     "Username cannot contain white spaces": "Имя пользователя не может содержать пробелы",
     "Username cannot start with a digit": "Имя пользователя не может начинаться с цифры",
-    "Username is too long (maximum is 39 characters).": "Имя пользователя слишком длинное (максимальная длина - 39 символов).",
+    "Username is too long (maximum is 255 characters).": "Имя пользователя слишком длинное (максимальная длина - 255 символов).",
     "Username must have at least 2 characters": "Имя пользователя должно содержать не менее 2 символов",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Вы ввели неправильный пароль или код слишком много раз, пожалуйста, подождите %d минут и попробуйте снова",
     "Your region is not allow to signup by phone": "Ваш регион не разрешает регистрацию по телефону",

i18n/locales/sk/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Používateľské meno nemôže byť e-mailová adresa",
     "Username cannot contain white spaces": "Používateľské meno nemôže obsahovať medzery",
     "Username cannot start with a digit": "Používateľské meno nemôže začínať číslicou",
-    "Username is too long (maximum is 39 characters).": "Používateľské meno je príliš dlhé (maximum je 39 znakov).",
+    "Username is too long (maximum is 255 characters).": "Používateľské meno je príliš dlhé (maximum je 255 znakov).",
     "Username must have at least 2 characters": "Používateľské meno musí mať aspoň 2 znaky",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali ste nesprávne heslo alebo kód príliš veľa krát, prosím, počkajte %d minút a skúste to znova",
     "Your region is not allow to signup by phone": "Váš región neumožňuje registráciu cez telefón",

i18n/locales/sv/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/tr/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Kullanıcı adı bir e-mail adresi olamaz",
     "Username cannot contain white spaces": "Kullanıcı adı boşluk karakteri içeremez",
     "Username cannot start with a digit": "Kullanıcı adı rakamla başlayamaz",
-    "Username is too long (maximum is 39 characters).": "Kullanıcı adı çok uzun (en fazla 39 karakter olmalı).",
+    "Username is too long (maximum is 255 characters).": "Kullanıcı adı çok uzun (en fazla 255 karakter olmalı).",
     "Username must have at least 2 characters": "Kullanıcı adı en az iki karakterden oluşmalı",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Çok fazla hatalı şifre denemesi yaptınız.  %d dakika kadar bekleyip yeniden giriş yapmayı deneyebilirsiniz.",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/uk/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Username cannot be an email address",
     "Username cannot contain white spaces": "Username cannot contain white spaces",
     "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",

i18n/locales/vi/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "Tên người dùng không thể là địa chỉ email",
     "Username cannot contain white spaces": "Tên người dùng không thể chứa khoảng trắng",
     "Username cannot start with a digit": "Tên người dùng không thể bắt đầu bằng chữ số",
-    "Username is too long (maximum is 39 characters).": "Tên đăng nhập quá dài (tối đa là 39 ký tự).",
+    "Username is too long (maximum is 255 characters).": "Tên đăng nhập quá dài (tối đa là 255 ký tự).",
     "Username must have at least 2 characters": "Tên đăng nhập phải có ít nhất 2 ký tự",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Bạn đã nhập sai mật khẩu hoặc mã quá nhiều lần, vui lòng đợi %d phút và thử lại",
     "Your region is not allow to signup by phone": "Vùng của bạn không được phép đăng ký bằng điện thoại",

i18n/locales/zh/data.json

@@ -67,7 +67,7 @@
     "Username cannot be an email address": "用户名不可以是邮箱地址",
     "Username cannot contain white spaces": "用户名禁止包含空格",
     "Username cannot start with a digit": "用户名禁止使用数字开头",
-    "Username is too long (maximum is 39 characters).": "用户名过长（最大允许长度为39个字符）",
+    "Username is too long (maximum is 255 characters).": "用户名过长（最大允许长度为255个字符）",
     "Username must have at least 2 characters": "用户名至少要有2个字符",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "密码错误次数已达上限，请在 %d 分后重试",
     "Your region is not allow to signup by phone": "所在地区不支持手机号注册",

init_data.json.template

@@ -434,7 +434,7 @@
       "isTopGroup": true,
       "title": "",
       "key": "",
-      "children": "",
+      "children": [],
       "isEnabled": true
     }
   ],

ldap/util.go

@@ -185,12 +185,9 @@ func buildUserFilterCondition(filter interface{}) (builder.Cond, error) {
 		attr := string(f.AttributeDesc())
 
 		if attr == ldapMemberOfAttr {
-			groupId := string(f.AssertionValue())
-			users, err := object.GetGroupUsers(groupId)
-			if err != nil {
-				return nil, err
-			}
 			var names []string
+			groupId := string(f.AssertionValue())
+			users := object.GetGroupUsersWithoutError(groupId)
 			for _, user := range users {
 				names = append(names, user.Name)
 			}
@@ -249,7 +246,7 @@ func buildSafeCondition(filter interface{}) builder.Cond {
 	condition, err := buildUserFilterCondition(filter)
 	if err != nil {
 		log.Printf("err = %v", err.Error())
-		return nil
+		return builder.And(builder.Expr("1 != 1"))
 	}
 	return condition
 }

object/adapter.go

@@ -191,12 +191,7 @@ func (adapter *Adapter) InitAdapter() error {
 		}
 	}
 
-	var tableName string
-	if driverName == "mssql" {
-		tableName = fmt.Sprintf("[%s]", adapter.Table)
-	} else {
-		tableName = adapter.Table
-	}
+	tableName := adapter.Table
 
 	adapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(engine, tableName, "")
 	if err != nil {

object/application.go

@@ -71,6 +71,7 @@ type Application struct {
 	Description           string          `xorm:"varchar(100)" json:"description"`
 	Organization          string          `xorm:"varchar(100)" json:"organization"`
 	Cert                  string          `xorm:"varchar(100)" json:"cert"`
+	DefaultGroup          string          `xorm:"varchar(100)" json:"defaultGroup"`
 	HeaderHtml            string          `xorm:"mediumtext" json:"headerHtml"`
 	EnablePassword        bool            `json:"enablePassword"`
 	EnableSignUp          bool            `json:"enableSignUp"`
@@ -97,29 +98,31 @@ type Application struct {
 	IsShared              bool            `json:"isShared"`
 	IpRestriction         string          `json:"ipRestriction"`
 
-	ClientId             string     `xorm:"varchar(100)" json:"clientId"`
-	ClientSecret         string     `xorm:"varchar(100)" json:"clientSecret"`
-	RedirectUris         []string   `xorm:"varchar(1000)" json:"redirectUris"`
-	TokenFormat          string     `xorm:"varchar(100)" json:"tokenFormat"`
-	TokenSigningMethod   string     `xorm:"varchar(100)" json:"tokenSigningMethod"`
-	TokenFields          []string   `xorm:"varchar(1000)" json:"tokenFields"`
-	ExpireInHours        int        `json:"expireInHours"`
-	RefreshExpireInHours int        `json:"refreshExpireInHours"`
-	SignupUrl            string     `xorm:"varchar(200)" json:"signupUrl"`
-	SigninUrl            string     `xorm:"varchar(200)" json:"signinUrl"`
-	ForgetUrl            string     `xorm:"varchar(200)" json:"forgetUrl"`
-	AffiliationUrl       string     `xorm:"varchar(100)" json:"affiliationUrl"`
-	IpWhitelist          string     `xorm:"varchar(200)" json:"ipWhitelist"`
-	TermsOfUse           string     `xorm:"varchar(100)" json:"termsOfUse"`
-	SignupHtml           string     `xorm:"mediumtext" json:"signupHtml"`
-	SigninHtml           string     `xorm:"mediumtext" json:"signinHtml"`
-	ThemeData            *ThemeData `xorm:"json" json:"themeData"`
-	FooterHtml           string     `xorm:"mediumtext" json:"footerHtml"`
-	FormCss              string     `xorm:"text" json:"formCss"`
-	FormCssMobile        string     `xorm:"text" json:"formCssMobile"`
-	FormOffset           int        `json:"formOffset"`
-	FormSideHtml         string     `xorm:"mediumtext" json:"formSideHtml"`
-	FormBackgroundUrl    string     `xorm:"varchar(200)" json:"formBackgroundUrl"`
+	ClientId                string     `xorm:"varchar(100)" json:"clientId"`
+	ClientSecret            string     `xorm:"varchar(100)" json:"clientSecret"`
+	RedirectUris            []string   `xorm:"varchar(1000)" json:"redirectUris"`
+	ForcedRedirectOrigin    string     `xorm:"varchar(100)" json:"forcedRedirectOrigin"`
+	TokenFormat             string     `xorm:"varchar(100)" json:"tokenFormat"`
+	TokenSigningMethod      string     `xorm:"varchar(100)" json:"tokenSigningMethod"`
+	TokenFields             []string   `xorm:"varchar(1000)" json:"tokenFields"`
+	ExpireInHours           int        `json:"expireInHours"`
+	RefreshExpireInHours    int        `json:"refreshExpireInHours"`
+	SignupUrl               string     `xorm:"varchar(200)" json:"signupUrl"`
+	SigninUrl               string     `xorm:"varchar(200)" json:"signinUrl"`
+	ForgetUrl               string     `xorm:"varchar(200)" json:"forgetUrl"`
+	AffiliationUrl          string     `xorm:"varchar(100)" json:"affiliationUrl"`
+	IpWhitelist             string     `xorm:"varchar(200)" json:"ipWhitelist"`
+	TermsOfUse              string     `xorm:"varchar(100)" json:"termsOfUse"`
+	SignupHtml              string     `xorm:"mediumtext" json:"signupHtml"`
+	SigninHtml              string     `xorm:"mediumtext" json:"signinHtml"`
+	ThemeData               *ThemeData `xorm:"json" json:"themeData"`
+	FooterHtml              string     `xorm:"mediumtext" json:"footerHtml"`
+	FormCss                 string     `xorm:"text" json:"formCss"`
+	FormCssMobile           string     `xorm:"text" json:"formCssMobile"`
+	FormOffset              int        `json:"formOffset"`
+	FormSideHtml            string     `xorm:"mediumtext" json:"formSideHtml"`
+	FormBackgroundUrl       string     `xorm:"varchar(200)" json:"formBackgroundUrl"`
+	FormBackgroundUrlMobile string     `xorm:"varchar(200)" json:"formBackgroundUrlMobile"`
 
 	FailedSigninLimit      int `json:"failedSigninLimit"`
 	FailedSigninFrozenTime int `json:"failedSigninFrozenTime"`
@@ -539,7 +542,7 @@ func GetMaskedApplication(application *Application, userId string) *Application
 
 	providerItems := []*ProviderItem{}
 	for _, providerItem := range application.Providers {
-		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha" || providerItem.Provider.Category == "SAML") {
+		if providerItem.Provider != nil && (providerItem.Provider.Category == "OAuth" || providerItem.Provider.Category == "Web3" || providerItem.Provider.Category == "Captcha" || providerItem.Provider.Category == "SAML" || providerItem.Provider.Category == "Face ID") {
 			providerItems = append(providerItems, providerItem)
 		}
 	}

object/cert.go

@@ -146,7 +146,12 @@ func getCertByName(name string) (*Cert, error) {
 
 func GetCert(id string) (*Cert, error) {
 	owner, name := util.GetOwnerAndNameFromId(id)
-	return getCert(owner, name)
+	cert, err := getCert(owner, name)
+	if cert == nil && owner != "admin" {
+		return getCert("admin", name)
+	} else {
+		return cert, err
+	}
 }
 
 func UpdateCert(id string, cert *Cert) (bool, error) {

object/check.go

@@ -252,7 +252,7 @@ func CheckPassword(user *User, password string, lang string, options ...bool) er
 	credManager := cred.GetCredManager(passwordType)
 	if credManager != nil {
 		if organization.MasterPassword != "" {
-			if credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
+			if password == organization.MasterPassword || credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
 				return resetUserSigninErrorTimes(user)
 			}
 		}
@@ -517,8 +517,8 @@ func CheckLoginPermission(userId string, application *Application) (bool, error)
 func CheckUsername(username string, lang string) string {
 	if username == "" {
 		return i18n.Translate(lang, "check:Empty username.")
-	} else if len(username) > 39 {
-		return i18n.Translate(lang, "check:Username is too long (maximum is 39 characters).")
+	} else if len(username) > 255 {
+		return i18n.Translate(lang, "check:Username is too long (maximum is 255 characters).")
 	}
 
 	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
@@ -533,8 +533,8 @@ func CheckUsername(username string, lang string) string {
 func CheckUsernameWithEmail(username string, lang string) string {
 	if username == "" {
 		return i18n.Translate(lang, "check:Empty username.")
-	} else if len(username) > 39 {
-		return i18n.Translate(lang, "check:Username is too long (maximum is 39 characters).")
+	} else if len(username) > 255 {
+		return i18n.Translate(lang, "check:Username is too long (maximum is 255 characters).")
 	}
 
 	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex

object/group.go

@@ -83,19 +83,23 @@ func GetPaginationGroups(owner string, offset, limit int, field, value, sortFiel
 func GetGroupsHaveChildrenMap(groups []*Group) (map[string]*Group, error) {
 	groupsHaveChildren := []*Group{}
 	resultMap := make(map[string]*Group)
+	groupMap := map[string]*Group{}
 
 	groupIds := []string{}
 	for _, group := range groups {
+		groupMap[group.Name] = group
 		groupIds = append(groupIds, group.Name)
-		groupIds = append(groupIds, group.ParentId)
+		if !group.IsTopGroup {
+			groupIds = append(groupIds, group.ParentId)
+		}
 	}
 
 	err := ormer.Engine.Cols("owner", "name", "parent_id", "display_name").Distinct("parent_id").In("parent_id", groupIds).Find(&groupsHaveChildren)
 	if err != nil {
 		return nil, err
 	}
-	for _, group := range groups {
-		resultMap[group.Name] = group
+	for _, group := range groupsHaveChildren {
+		resultMap[group.ParentId] = groupMap[group.ParentId]
 	}
 	return resultMap, nil
 }
@@ -302,7 +306,10 @@ func GetPaginationGroupUsers(groupId string, offset, limit int, field, value, so
 
 func GetGroupUsers(groupId string) ([]*User, error) {
 	users := []*User{}
-	owner, _ := util.GetOwnerAndNameFromId(groupId)
+	owner, _, err := util.GetOwnerAndNameFromIdWithError(groupId)
+	if err != nil {
+		return nil, err
+	}
 	names, err := userEnforcer.GetUserNamesByGroupName(groupId)
 	if err != nil {
 		return nil, err
@@ -314,6 +321,11 @@ func GetGroupUsers(groupId string) ([]*User, error) {
 	return users, nil
 }
 
+func GetGroupUsersWithoutError(groupId string) []*User {
+	users, _ := GetGroupUsers(groupId)
+	return users
+}
+
 func ExtendGroupWithUsers(group *Group) error {
 	if group == nil {
 		return nil

object/mfa_sms.go

@@ -60,7 +60,8 @@ func (mfa *SmsMfa) Enable(user *User) error {
 		columns = append(columns, "mfa_phone_enabled", "phone", "country_code")
 	} else if mfa.MfaType == EmailType {
 		user.MfaEmailEnabled = true
-		columns = append(columns, "mfa_email_enabled", "email")
+		user.EmailVerified = true
+		columns = append(columns, "mfa_email_enabled", "email", "email_verified")
 	}
 
 	_, err := UpdateUser(user.GetId(), user, columns, false)

object/oidc_discovery.go

@@ -77,6 +77,7 @@ func getOriginFromHostInternal(host string) (string, string) {
 		return origin, origin
 	}
 
+	isDev := conf.GetConfigString("runmode") == "dev"
 	// "door.casdoor.com"
 	protocol := "https://"
 	if !strings.Contains(host, ".") {
@@ -87,7 +88,7 @@ func getOriginFromHostInternal(host string) (string, string) {
 		protocol = "http://"
 	}
 
-	if host == "localhost:8000" {
+	if host == "localhost:8000" && isDev {
 		return fmt.Sprintf("%s%s", protocol, "localhost:7001"), fmt.Sprintf("%s%s", protocol, "localhost:8000")
 	} else {
 		return fmt.Sprintf("%s%s", protocol, host), fmt.Sprintf("%s%s", protocol, host)

object/organization.go

@@ -63,7 +63,7 @@ type Organization struct {
 	PasswordObfuscatorType string     `xorm:"varchar(100)" json:"passwordObfuscatorType"`
 	PasswordObfuscatorKey  string     `xorm:"varchar(100)" json:"passwordObfuscatorKey"`
 	PasswordExpireDays     int        `json:"passwordExpireDays"`
-	CountryCodes           []string   `xorm:"varchar(200)"  json:"countryCodes"`
+	CountryCodes           []string   `xorm:"mediumtext"  json:"countryCodes"`
 	DefaultAvatar          string     `xorm:"varchar(200)" json:"defaultAvatar"`
 	DefaultApplication     string     `xorm:"varchar(100)" json:"defaultApplication"`
 	UserTypes              []string   `xorm:"mediumtext" json:"userTypes"`
@@ -80,7 +80,8 @@ type Organization struct {
 	UseEmailAsUsername     bool       `json:"useEmailAsUsername"`
 	EnableTour             bool       `json:"enableTour"`
 	IpRestriction          string     `json:"ipRestriction"`
-	NavItems               []string   `xorm:"varchar(500)" json:"navItems"`
+	NavItems               []string   `xorm:"varchar(1000)" json:"navItems"`
+	WidgetItems            []string   `xorm:"varchar(1000)" json:"widgetItems"`
 
 	MfaItems     []*MfaItem     `xorm:"varchar(300)" json:"mfaItems"`
 	AccountItems []*AccountItem `xorm:"varchar(5000)" json:"accountItems"`
@@ -227,6 +228,7 @@ func UpdateOrganization(id string, organization *Organization, isGlobalAdmin boo
 
 	if !isGlobalAdmin {
 		organization.NavItems = org.NavItems
+		organization.WidgetItems = org.WidgetItems
 	}
 
 	session := ormer.Engine.ID(core.PK{owner, name}).AllCols()

object/permission.go

@@ -148,7 +148,7 @@ func UpdatePermission(id string, permission *Permission) (bool, error) {
 	}
 
 	if permission.ResourceType == "Application" && permission.Model != "" {
-		model, err := GetModelEx(util.GetId(owner, permission.Model))
+		model, err := GetModelEx(util.GetId(permission.Owner, permission.Model))
 		if err != nil {
 			return false, err
 		} else if model == nil {

object/provider.go

@@ -384,6 +384,44 @@ func GetCaptchaProviderByApplication(applicationId, isCurrentProvider, lang stri
 	return nil, nil
 }
 
+func GetFaceIdProviderByOwnerName(applicationId, lang string) (*Provider, error) {
+	owner, name := util.GetOwnerAndNameFromId(applicationId)
+	provider := Provider{Owner: owner, Name: name, Category: "Face ID"}
+	existed, err := ormer.Engine.Get(&provider)
+	if err != nil {
+		return nil, err
+	}
+
+	if !existed {
+		return nil, fmt.Errorf(i18n.Translate(lang, "provider:the provider: %s does not exist"), applicationId)
+	}
+
+	return &provider, nil
+}
+
+func GetFaceIdProviderByApplication(applicationId, isCurrentProvider, lang string) (*Provider, error) {
+	if isCurrentProvider == "true" {
+		return GetFaceIdProviderByOwnerName(applicationId, lang)
+	}
+	application, err := GetApplication(applicationId)
+	if err != nil {
+		return nil, err
+	}
+
+	if application == nil || len(application.Providers) == 0 {
+		return nil, fmt.Errorf(i18n.Translate(lang, "provider:Invalid application id"))
+	}
+	for _, provider := range application.Providers {
+		if provider.Provider == nil {
+			continue
+		}
+		if provider.Provider.Category == "Face ID" {
+			return GetFaceIdProviderByOwnerName(util.GetId(provider.Provider.Owner, provider.Provider.Name), lang)
+		}
+	}
+	return nil, nil
+}
+
 func providerChangeTrigger(oldName string, newName string) error {
 	session := ormer.Engine.NewSession()
 	defer session.Close()

object/saml_idp.go

@@ -30,7 +30,7 @@ import (
 	"time"
 
 	"github.com/beevik/etree"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
 	saml "github.com/russellhaering/gosaml2"
 	dsig "github.com/russellhaering/goxmldsig"

object/token_jwt.go

@@ -21,7 +21,7 @@ import (
 	"time"
 
 	"github.com/casdoor/casdoor/util"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 type Claims struct {

object/token_standard_jwt.go

@@ -19,7 +19,7 @@ import (
 	"strings"
 
 	"github.com/casdoor/casdoor/util"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 type ClaimsStandard struct {

object/user.go

@@ -15,13 +15,17 @@
 package object
 
 import (
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"io"
 	"reflect"
 	"strconv"
 	"strings"
 
 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/faceId"
+	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/util"
 	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/xorm-io/builder"
@@ -48,7 +52,7 @@ func InitUserManager() {
 
 type User struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	Name        string `xorm:"varchar(255) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100) index" json:"createdTime"`
 	UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
 	DeletedTime string `xorm:"varchar(100)" json:"deletedTime"`
@@ -244,6 +248,7 @@ type MfaAccount struct {
 type FaceId struct {
 	Name       string    `xorm:"varchar(100) notnull pk" json:"name"`
 	FaceIdData []float64 `json:"faceIdData"`
+	ImageUrl   string    `json:"ImageUrl"`
 }
 
 func GetUserFieldStringValue(user *User, fieldName string) (bool, string, error) {
@@ -454,6 +459,20 @@ func GetUserByEmail(owner string, email string) (*User, error) {
 	}
 }
 
+func GetUserByWebauthID(webauthId string) (*User, error) {
+	user := User{}
+	existed, err := ormer.Engine.Where("webauthnCredentials LIKE ?", "%"+webauthId+"%").Get(&user)
+	if err != nil {
+		return nil, err
+	}
+
+	if !existed {
+		return nil, fmt.Errorf("user not exist")
+	}
+
+	return &user, err
+}
+
 func GetUserByEmailOnly(email string) (*User, error) {
 	if email == "" {
 		return nil, nil
@@ -1179,6 +1198,40 @@ func (user *User) IsGlobalAdmin() bool {
 	return user.Owner == "built-in"
 }
 
+func (user *User) CheckUserFace(faceIdImage []string, provider *Provider) (bool, error) {
+	faceIdChecker := faceId.GetFaceIdProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Endpoint)
+	httpClient := proxy.DefaultHttpClient
+	errList := []error{}
+	for _, userFaceId := range user.FaceIds {
+		if userFaceId.ImageUrl != "" {
+			imgResp, err := httpClient.Get(userFaceId.ImageUrl)
+			if err != nil {
+				continue
+			}
+			imgByte, err := io.ReadAll(imgResp.Body)
+			if err != nil {
+				continue
+			}
+
+			base64Img := base64.StdEncoding.EncodeToString(imgByte)
+			for _, imgBase64 := range faceIdImage {
+				isSuccess, err := faceIdChecker.Check(imgBase64, base64Img)
+				if err != nil {
+					errList = append(errList, err)
+					continue
+				}
+				if isSuccess {
+					return true, nil
+				}
+			}
+		}
+	}
+	if len(errList) > 0 {
+		return false, errList[0]
+	}
+	return false, nil
+}
+
 func GenerateIdForNewUser(application *Application) (string, error) {
 	if application == nil || application.GetSignupItemRule("ID") != "Incremental" {
 		return util.GenerateId(), nil

object/verification.go

@@ -86,9 +86,9 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 	title := provider.Title
 
 	code := getRandomCode(6)
-	if organization.MasterVerificationCode != "" {
-		code = organization.MasterVerificationCode
-	}
+	// if organization.MasterVerificationCode != "" {
+	//	code = organization.MasterVerificationCode
+	// }
 
 	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
 	content := strings.Replace(provider.Content, "%s", code, 1)
@@ -124,9 +124,9 @@ func SendVerificationCodeToPhone(organization *Organization, user *User, provide
 	}
 
 	code := getRandomCode(6)
-	if organization.MasterVerificationCode != "" {
-		code = organization.MasterVerificationCode
-	}
+	// if organization.MasterVerificationCode != "" {
+	//	code = organization.MasterVerificationCode
+	// }
 
 	err = SendSms(provider, code, dest)
 	if err != nil {

object/webhook.go

@@ -38,6 +38,7 @@ type Webhook struct {
 	ContentType    string    `xorm:"varchar(100)" json:"contentType"`
 	Headers        []*Header `xorm:"mediumtext" json:"headers"`
 	Events         []string  `xorm:"varchar(1000)" json:"events"`
+	TokenFields    []string  `xorm:"varchar(1000)" json:"tokenFields"`
 	IsUserExtended bool      `json:"isUserExtended"`
 	SingleOrgOnly  bool      `json:"singleOrgOnly"`
 	IsEnabled      bool      `json:"isEnabled"`

object/webhook_util.go

@@ -17,6 +17,7 @@ package object
 import (
 	"io"
 	"net/http"
+	"reflect"
 	"strings"
 
 	"github.com/casdoor/casdoor/util"
@@ -25,17 +26,43 @@ import (
 
 func sendWebhook(webhook *Webhook, record *casvisorsdk.Record, extendedUser *User) (int, string, error) {
 	client := &http.Client{}
+	userMap := make(map[string]interface{})
+	var body io.Reader
 
-	type RecordEx struct {
-		casvisorsdk.Record
-		ExtendedUser *User `xorm:"-" json:"extendedUser"`
-	}
-	recordEx := &RecordEx{
-		Record:       *record,
-		ExtendedUser: extendedUser,
-	}
+	if webhook.TokenFields != nil && len(webhook.TokenFields) > 0 && extendedUser != nil {
+		userValue := reflect.ValueOf(extendedUser).Elem()
 
-	body := strings.NewReader(util.StructToJson(recordEx))
+		for _, field := range webhook.TokenFields {
+			userField := userValue.FieldByName(field)
+			if userField.IsValid() {
+				newfield := util.SnakeToCamel(util.CamelToSnakeCase(field))
+				userMap[newfield] = userField.Interface()
+			}
+		}
+
+		type RecordEx struct {
+			casvisorsdk.Record
+			ExtendedUser map[string]interface{} `json:"extendedUser"`
+		}
+
+		recordEx := &RecordEx{
+			Record:       *record,
+			ExtendedUser: userMap,
+		}
+
+		body = strings.NewReader(util.StructToJson(recordEx))
+	} else {
+		type RecordEx struct {
+			casvisorsdk.Record
+			ExtendedUser *User `xorm:"-" json:"extendedUser"`
+		}
+		recordEx := &RecordEx{
+			Record:       *record,
+			ExtendedUser: extendedUser,
+		}
+
+		body = strings.NewReader(util.StructToJson(recordEx))
+	}
 
 	req, err := http.NewRequest(webhook.Method, webhook.Url, body)
 	if err != nil {

pp/airwallex.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -180,7 +181,11 @@ func (c *AirwallexClient) authRequest(method, url string, body interface{}) (map
 		return nil, err
 	}
 	b, _ := json.Marshal(body)
-	req, _ := http.NewRequest(method, url, bytes.NewBuffer(b))
+	var reqBody io.Reader
+	if method != "GET" {
+		reqBody = bytes.NewBuffer(b)
+	}
+	req, _ := http.NewRequest(method, url, reqBody)
 	req.Header.Set("Authorization", "Bearer "+token)
 	req.Header.Set("Content-Type", "application/json")
 	resp, err := c.client.Do(req)

routers/theme_filter.go

@@ -106,11 +106,14 @@ func getOrganizationThemeCookieFromUrlPath(ctx *context.Context, urlPath string)
 	}
 
 	organizationThemeCookie := &OrganizationThemeCookie{
-		application.ThemeData,
-		application.Logo,
-		application.FooterHtml,
-		organization.Favicon,
-		organization.DisplayName,
+		ThemeData:  application.ThemeData,
+		LogoUrl:    application.Logo,
+		FooterHtml: application.FooterHtml,
+	}
+
+	if organization != nil {
+		organizationThemeCookie.Favicon = organization.Favicon
+		organizationThemeCookie.DisplayName = organization.DisplayName
 	}
 
 	return organizationThemeCookie, nil

web/package.json

@@ -3,13 +3,16 @@
   "version": "0.1.0",
   "private": true,
   "dependencies": {
-    "@ant-design/cssinjs": "^1.10.1",
-    "@ant-design/icons": "^4.7.0",
+    "@ant-design/cssinjs": "^1.23.0",
+    "@ant-design/icons": "^5.6.1",
     "@craco/craco": "^6.4.5",
     "@crowdin/cli": "^3.7.10",
     "@ctrl/tinycolor": "^3.5.0",
     "@emotion/react": "^11.10.5",
     "@metamask/eth-sig-util": "^6.0.0",
+    "@uiw/codemirror-extensions-langs": "^4.23.8",
+    "@uiw/codemirror-theme-material": "^4.23.8",
+    "@uiw/react-codemirror": "^4.23.8",
     "@web3-onboard/coinbase": "^2.2.5",
     "@web3-onboard/core": "^2.20.5",
     "@web3-onboard/frontier": "^2.0.4",
@@ -20,10 +23,10 @@
     "@web3-onboard/sequence": "^2.0.8",
     "@web3-onboard/taho": "^2.0.5",
     "@web3-onboard/trust": "^2.0.4",
-    "antd": "5.2.3",
-    "antd-token-previewer": "^1.1.0-22",
+    "antd": "5.24.1",
+    "antd-token-previewer": "^2.0.8",
     "buffer": "^6.0.3",
-    "codemirror": "^5.61.1",
+    "codemirror": "^6.0.1",
     "copy-to-clipboard": "^3.3.1",
     "core-js": "^3.25.0",
     "craco-less": "^2.0.0",
@@ -40,7 +43,6 @@
     "qrcode.react": "^3.1.0",
     "react": "^18.2.0",
     "react-app-polyfill": "^3.0.0",
-    "react-codemirror2": "^7.2.1",
     "react-cropper": "^2.1.7",
     "react-device-detect": "^2.2.2",
     "react-dom": "^18.2.0",

web/src/App.js

@@ -327,7 +327,7 @@ class App extends Component {
             isAiAssistantOpen: false,
           });
         }}
-        visible={this.state.isAiAssistantOpen}
+        open={this.state.isAiAssistantOpen}
       >
         <iframe id="iframeHelper" title={"iframeHelper"} src={`${Conf.AiAssistantUrl}/?isRaw=1`} width="100%" height="100%" scrolling="no" frameBorder="no" />
       </Drawer>

web/src/App.less

@@ -58,6 +58,16 @@ img {
   }
 }
 
+.org-select {
+  display: flex;
+  position: relative;
+  transform: translateY(50%);
+  margin: 0 10px !important;
+  float: right;
+  min-width: 120px;
+  max-width: 180px;
+}
+
 .rightDropDown {
   display: flex;
   align-items: center;

web/src/ApplicationEditPage.js

@@ -13,8 +13,8 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, ConfigProvider, Input, InputNumber, Popover, Radio, Result, Row, Select, Switch, Upload} from "antd";
-import {CopyOutlined, LinkOutlined, UploadOutlined} from "@ant-design/icons";
+import {Button, Card, Col, ConfigProvider, Input, InputNumber, Popover, Radio, Result, Row, Select, Space, Switch, Upload} from "antd";
+import {CopyOutlined, HolderOutlined, LinkOutlined, UploadOutlined, UsergroupAddOutlined} from "@ant-design/icons";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as CertBackend from "./backend/CertBackend";
 import * as Setting from "./Setting";
@@ -34,14 +34,9 @@ import PromptPage from "./auth/PromptPage";
 import copy from "copy-to-clipboard";
 import ThemeEditor from "./common/theme/ThemeEditor";
 
-import {Controlled as CodeMirror} from "react-codemirror2";
-import "codemirror/lib/codemirror.css";
 import SigninTable from "./table/SigninTable";
-
-require("codemirror/theme/material-darker.css");
-require("codemirror/mode/htmlmixed/htmlmixed");
-require("codemirror/mode/xml/xml");
-require("codemirror/mode/css/css");
+import Editor from "./common/Editor";
+import * as GroupBackend from "./backend/GroupBackend";
 
 const {Option} = Select;
 
@@ -91,11 +86,11 @@ const sideTemplate = `<style>
   }
 </style>
 <div class="left-model">
-  <span class="side-logo"> <img src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png" alt="Casdoor" style="width: 120px"> 
+  <span class="side-logo"> <img src="${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png" alt="Casdoor" style="width: 120px"> 
     <span>SSO</span> 
   </span>
   <div class="img">
-    <img src="https://cdn.casbin.org/img/casbin.svg" alt="Casdoor"/>
+    <img src="${Setting.StaticBaseUrl}/img/casbin.svg" alt="Casdoor"/>
   </div>
 </div>
 `;
@@ -122,6 +117,7 @@ class ApplicationEditPage extends React.Component {
   UNSAFE_componentWillMount() {
     this.getApplication();
     this.getOrganizations();
+    this.getGroups();
   }
 
   getApplication() {
@@ -173,6 +169,17 @@ class ApplicationEditPage extends React.Component {
       });
   }
 
+  getGroups() {
+    GroupBackend.getGroups(this.state.organizationName)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            groups: res.data,
+          });
+        }
+      });
+  }
+
   getCerts(application) {
     let owner = application.organization;
     if (application.isShared) {
@@ -403,6 +410,16 @@ class ApplicationEditPage extends React.Component {
             />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Forced redirect origin"), i18next.t("general:Forced redirect origin - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={this.state.application.forcedRedirectOrigin} onChange={e => {
+              this.updateApplicationField("forcedRedirectOrigin", e.target.value);
+            }} />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("application:Token format"), i18next.t("application:Token format - Tooltip"))} :
@@ -475,6 +492,31 @@ class ApplicationEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("ldap:Default group"), i18next.t("ldap:Default group - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <Select virtual={false} style={{width: "100%"}} value={this.state.application.defaultGroup ?? []} onChange={(value => {
+              this.updateApplicationField("defaultGroup", value);
+            })}
+            >
+              <Option key={""} value={""}>
+                <Space>
+                  {i18next.t("general:Default")}
+                </Space>
+              </Option>
+              {
+                this.state.groups?.map((group) => <Option key={group.name} value={`${group.owner}/${group.name}`}>
+                  <Space>
+                    {group.type === "Physical" ? <UsergroupAddOutlined /> : <HolderOutlined />}
+                    {group.displayName}
+                  </Space>
+                </Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
             {Setting.getLabel(i18next.t("application:Enable signup"), i18next.t("application:Enable signup - Tooltip"))} :
@@ -629,13 +671,9 @@ class ApplicationEditPage extends React.Component {
           <Col span={22} >
             <Popover placement="right" content={
               <div style={{width: "900px", height: "300px"}} >
-                <CodeMirror
-                  value={this.state.application.signupHtml}
-                  options={{mode: "htmlmixed", theme: "material-darker"}}
-                  onBeforeChange={(editor, data, value) => {
-                    this.updateApplicationField("signupHtml", value);
-                  }}
-                />
+                <Editor value={this.state.application.signupHtml} lang="html" fillHeight dark onChange={value => {
+                  this.updateApplicationField("signupHtml", value);
+                }} />
               </div>
             } title={i18next.t("provider:Signup HTML - Edit")} trigger="click">
               <Input value={this.state.application.signupHtml} style={{marginBottom: "10px"}} onChange={e => {
@@ -651,13 +689,9 @@ class ApplicationEditPage extends React.Component {
           <Col span={22} >
             <Popover placement="right" content={
               <div style={{width: "900px", height: "300px"}} >
-                <CodeMirror
-                  value={this.state.application.signinHtml}
-                  options={{mode: "htmlmixed", theme: "material-darker"}}
-                  onBeforeChange={(editor, data, value) => {
-                    this.updateApplicationField("signinHtml", value);
-                  }}
-                />
+                <Editor value={this.state.application.signinHtml} lang="html" fillHeight dark onChange={value => {
+                  this.updateApplicationField("signinHtml", value);
+                }} />
               </div>
             } title={i18next.t("provider:Signin HTML - Edit")} trigger="click">
               <Input value={this.state.application.signinHtml} style={{marginBottom: "10px"}} onChange={e => {
@@ -758,11 +792,7 @@ class ApplicationEditPage extends React.Component {
             {Setting.getLabel(i18next.t("application:SAML metadata"), i18next.t("application:SAML metadata - Tooltip"))} :
           </Col>
           <Col span={22}>
-            <CodeMirror
-              value={this.state.samlMetadata}
-              options={{mode: "xml", theme: "default"}}
-              onBeforeChange={(editor, data, value) => {}}
-            />
+            <Editor value={this.state.samlMetadata?.toString() ?? ""} lang="xml" readOnly />
             <br />
             <Button style={{marginBottom: "10px"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={() => {
               copy(`${window.location.origin}/api/saml/metadata?application=admin/${encodeURIComponent(this.state.applicationName)}&enablePostBinding=${this.state.application.enableSamlPostBinding}`);
@@ -822,6 +852,33 @@ class ApplicationEditPage extends React.Component {
             </Row>
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Background URL Mobile"), i18next.t("application:Background URL Mobile - Tooltip"))} :
+          </Col>
+          <Col span={22} style={(Setting.isMobile()) ? {maxWidth: "100%"} : {}}>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("general:URL"), i18next.t("general:URL - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Input prefix={<LinkOutlined />} value={this.state.application.formBackgroundUrlMobile} onChange={e => {
+                  this.updateApplicationField("formBackgroundUrlMobile", e.target.value);
+                }} />
+              </Col>
+            </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {i18next.t("general:Preview")}:
+              </Col>
+              <Col span={22} >
+                <a target="_blank" rel="noreferrer" href={this.state.application.formBackgroundUrlMobile}>
+                  <img src={this.state.application.formBackgroundUrlMobile} alt={this.state.application.formBackgroundUrlMobile} height={90} style={{marginBottom: "20px"}} />
+                </a>
+              </Col>
+            </Row>
+          </Col>
+        </Row>
         <Row>
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("application:Custom CSS"), i18next.t("application:Custom CSS - Tooltip"))} :
@@ -829,9 +886,12 @@ class ApplicationEditPage extends React.Component {
           <Col span={22}>
             <Popover placement="right" content={
               <div style={{width: "900px", height: "300px"}} >
-                <CodeMirror value={this.state.application.formCss === "" ? template : this.state.application.formCss}
-                  options={{mode: "css", theme: "material-darker"}}
-                  onBeforeChange={(editor, data, value) => {
+                <Editor
+                  value={this.state.application.formCss === "" ? template : this.state.application.formCss}
+                  lang="css"
+                  fillHeight
+                  dark
+                  onChange={value => {
                     this.updateApplicationField("formCss", value);
                   }}
                 />
@@ -850,9 +910,12 @@ class ApplicationEditPage extends React.Component {
           <Col span={22}>
             <Popover placement="right" content={
               <div style={{width: "900px", height: "300px"}} >
-                <CodeMirror value={this.state.application.formCssMobile === "" ? template : this.state.application.formCssMobile}
-                  options={{mode: "css", theme: "material-darker"}}
-                  onBeforeChange={(editor, data, value) => {
+                <Editor
+                  value={this.state.application.formCssMobile === "" ? template : this.state.application.formCssMobile}
+                  lang="css"
+                  fillHeight
+                  dark
+                  onChange={value => {
                     this.updateApplicationField("formCssMobile", value);
                   }}
                 />
@@ -887,9 +950,12 @@ class ApplicationEditPage extends React.Component {
                 <Col span={21} >
                   <Popover placement="right" content={
                     <div style={{width: "900px", height: "300px"}} >
-                      <CodeMirror value={this.state.application.formSideHtml === "" ? sideTemplate : this.state.application.formSideHtml}
-                        options={{mode: "htmlmixed", theme: "material-darker"}}
-                        onBeforeChange={(editor, data, value) => {
+                      <Editor
+                        value={this.state.application.formSideHtml === "" ? sideTemplate : this.state.application.formSideHtml}
+                        lang="html"
+                        fillHeight
+                        dark
+                        onChange={value => {
                           this.updateApplicationField("formSideHtml", value);
                         }}
                       />
@@ -936,10 +1002,12 @@ class ApplicationEditPage extends React.Component {
           <Col span={22} >
             <Popover placement="right" content={
               <div style={{width: "900px", height: "300px"}} >
-                <CodeMirror
+                <Editor
                   value={this.state.application.headerHtml}
-                  options={{mode: "htmlmixed", theme: "material-darker"}}
-                  onBeforeChange={(editor, data, value) => {
+                  lang="html"
+                  fillHeight
+                  dark
+                  onChange={value => {
                     this.updateApplicationField("headerHtml", value);
                   }}
                 />
@@ -958,10 +1026,12 @@ class ApplicationEditPage extends React.Component {
           <Col span={22} >
             <Popover placement="right" content={
               <div style={{width: "900px", height: "300px"}} >
-                <CodeMirror
+                <Editor
                   value={this.state.application.footerHtml}
-                  options={{mode: "htmlmixed", theme: "material-darker"}}
-                  onBeforeChange={(editor, data, value) => {
+                  lang="html"
+                  fillHeight
+                  dark
+                  onChange={value => {
                     this.updateApplicationField("footerHtml", value);
                   }}
                 />

web/src/BaseListPage.js

@@ -73,7 +73,7 @@ class BaseListPage extends React.Component {
     this.fetch({pagination});
   }
 
-  getColumnSearchProps = dataIndex => ({
+  getColumnSearchProps = (dataIndex, customRender = null) => ({
     filterDropdown: ({setSelectedKeys, selectedKeys, confirm, clearFilters}) => (
       <div style={{padding: 8}}>
         <Input
@@ -121,13 +121,15 @@ class BaseListPage extends React.Component {
       record[dataIndex]
         ? record[dataIndex].toString().toLowerCase().includes(value.toLowerCase())
         : "",
-    onFilterDropdownOpenChange: visible => {
-      if (visible) {
-        setTimeout(() => this.searchInput.select(), 100);
-      }
+    filterDropdownProps: {
+      onOpenChange: visible => {
+        if (visible) {
+          setTimeout(() => this.searchInput.select(), 100);
+        }
+      },
     },
-    render: text =>
-      this.state.searchedColumn === dataIndex ? (
+    render: (text, record, index) => {
+      const highlightContent = this.state.searchedColumn === dataIndex ? (
         <Highlighter
           highlightStyle={{backgroundColor: "#ffc069", padding: 0}}
           searchWords={[this.state.searchText]}
@@ -136,7 +138,10 @@ class BaseListPage extends React.Component {
         />
       ) : (
         text
-      ),
+      );
+
+      return customRender ? customRender({text, record, index}, highlightContent) : highlightContent;
+    },
   });
 
   handleSearch = (selectedKeys, confirm, dataIndex) => {
@@ -170,7 +175,7 @@ class BaseListPage extends React.Component {
     const steps = TourConfig.getSteps();
     steps.map((item, index) => {
       if (!index) {
-        item.target = () => document.querySelector("table");
+        item.target = () => document.querySelector(".ant-table");
       } else {
         item.target = () => document.getElementById(item.id) || null;
       }

web/src/CasbinEditor.js

@@ -13,15 +13,11 @@
 // limitations under the License.
 
 import React, {useCallback, useEffect, useRef, useState} from "react";
-import {Controlled as CodeMirror} from "react-codemirror2";
-import "codemirror/lib/codemirror.css";
-import "codemirror/mode/properties/properties";
 import * as Setting from "./Setting";
 import IframeEditor from "./IframeEditor";
 import {Tabs} from "antd";
 import i18next from "i18next";
-
-const {TabPane} = Tabs;
+import Editor from "./common/Editor";
 
 const CasbinEditor = ({model, onModelTextChange}) => {
   const [activeKey, setActiveKey] = useState("advanced");
@@ -68,10 +64,15 @@ const CasbinEditor = ({model, onModelTextChange}) => {
 
   return (
     <div style={{height: "100%", width: "100%", display: "flex", flexDirection: "column"}}>
-      <Tabs activeKey={activeKey} onChange={handleTabChange} style={{flex: "0 0 auto", marginTop: "-10px"}}>
-        <TabPane tab={i18next.t("model:Basic Editor")} key="basic" />
-        <TabPane tab={i18next.t("model:Advanced Editor")} key="advanced" />
-      </Tabs>
+      <Tabs
+        activeKey={activeKey}
+        onChange={handleTabChange}
+        style={{flex: "0 0 auto", marginTop: "-10px"}}
+        items={[
+          {key: "basic", label: i18next.t("model:Basic Editor")},
+          {key: "advanced", label: i18next.t("model:Advanced Editor")},
+        ]}
+      />
       <div style={{flex: "1 1 auto", overflow: "hidden"}}>
         {activeKey === "advanced" ? (
           <IframeEditor
@@ -81,11 +82,10 @@ const CasbinEditor = ({model, onModelTextChange}) => {
             style={{width: "100%", height: "100%"}}
           />
         ) : (
-          <CodeMirror
+          <Editor
             value={localModelText}
-            className="full-height-editor no-horizontal-scroll-editor"
-            options={{mode: "properties", theme: "default"}}
-            onBeforeChange={(editor, data, value) => {
+            readOnly={Setting.builtInObject(model)}
+            onChange={value => {
               handleModelTextChange(value);
             }}
           />

web/src/EntryPage.js

@@ -109,7 +109,7 @@ class EntryPage extends React.Component {
       <React.Fragment>
         <CustomHead headerHtml={this.state.application?.headerHtml} />
         <div className={`${isDarkMode ? "loginBackgroundDark" : "loginBackground"}`}
-          style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${this.state.application?.formBackgroundUrl})`}}>
+          style={{backgroundImage: Setting.inIframe() ? null : (Setting.isMobile() ? `url(${this.state.application?.formBackgroundUrlMobile})` : `url(${this.state.application?.formBackgroundUrl})`)}}>
           <Spin size="large" spinning={this.state.application === undefined && this.state.pricing === undefined} tip={i18next.t("login:Loading")}
             style={{width: "100%", margin: "0 auto", position: "absolute"}} />
           <Switch>

web/src/GroupListPage.js

@@ -14,7 +14,7 @@
 
 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Table} from "antd";
+import {Button, Table, Tooltip} from "antd";
 import moment from "moment";
 import * as Setting from "./Setting";
 import * as GroupBackend from "./backend/GroupBackend";
@@ -202,12 +202,16 @@ class GroupListPage extends BaseListPage {
           return (
             <div>
               <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/groups/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
-              <PopconfirmModal
-                disabled={record.haveChildren}
-                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
-                onConfirm={() => this.deleteGroup(index)}
-              >
-              </PopconfirmModal>
+              {
+                record.haveChildren ? <Tooltip placement="topLeft" title={i18next.t("group:You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -> [Groups] page")}>
+                  <Button disabled type="primary" danger>{i18next.t("general:Delete")}</Button>
+                </Tooltip> :
+                  <PopconfirmModal
+                    title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
+                    onConfirm={() => this.deleteGroup(index)}
+                  >
+                  </PopconfirmModal>
+              }
             </div>
           );
         },

web/src/InvitationEditPage.js

@@ -114,7 +114,7 @@ class InvitationEditPage extends React.Component {
       const selectedOrganization = Setting.getArrayItem(this.state.organizations, "name", this.state.invitation.owner);
       defaultApplication = selectedOrganization.defaultApplication;
       if (!defaultApplication) {
-        Setting.showMessage("error", i18next.t("invitation:You need to specify a default application for ") + selectedOrganization.name);
+        Setting.showMessage("error", i18next.t("invitation:You need to first specify a default application for organization: ") + selectedOrganization.name);
         return;
       }
     }

web/src/ManagementPage.js

@@ -95,8 +95,9 @@ import TransactionEditPage from "./TransactionEditPage";
 import VerificationListPage from "./VerificationListPage";
 
 function ManagementPage(props) {
-
   const [menuVisible, setMenuVisible] = useState(false);
+  const navItems = props.account?.organization?.navItems;
+  const widgetItems = props.account?.organization?.widgetItems;
 
   function logout() {
     AuthBackend.logout()
@@ -175,6 +176,35 @@ function ManagementPage(props) {
     );
   }
 
+  function navItemsIsAll() {
+    return !Array.isArray(navItems) || !!navItems?.includes("all");
+  }
+
+  function widgetItemsIsAll() {
+    return !Array.isArray(widgetItems) || !!widgetItems?.includes("all");
+  }
+
+  function renderWidgets() {
+    const widgets = [
+      Setting.getItem(<ThemeSelect themeAlgorithm={props.themeAlgorithm} onChange={props.setLogoAndThemeAlgorithm} />, "theme"),
+      Setting.getItem(<LanguageSelect languages={props.account.organization.languages} />, "language"),
+      Setting.getItem(Conf.AiAssistantUrl?.trim() && (
+        <Tooltip title="Click to open AI assistant">
+          <div className="select-box" onClick={props.openAiAssistant}>
+            <DeploymentUnitOutlined style={{fontSize: "24px"}} />
+          </div>
+        </Tooltip>
+      ), "ai-assistant"),
+      Setting.getItem(<OpenTour />, "tour"),
+    ];
+
+    if (widgetItemsIsAll()) {
+      return widgets.map(item => item.label);
+    }
+
+    return widgets.filter(item => widgetItems.includes(item.key)).map(item => item.label);
+  }
+
   function renderAccountMenu() {
     if (props.account === undefined) {
       return null;
@@ -188,29 +218,16 @@ function ManagementPage(props) {
       return (
         <React.Fragment>
           {renderRightDropdown()}
-          <ThemeSelect
-            themeAlgorithm={props.themeAlgorithm}
-            onChange={props.setLogoAndThemeAlgorithm} />
-          <LanguageSelect languages={props.account.organization.languages} />
-          {
-            Conf.AiAssistantUrl?.trim() && (
-              <Tooltip title="Click to open AI assistant">
-                <div className="select-box" onClick={props.openAiAssistant}>
-                  <DeploymentUnitOutlined style={{fontSize: "24px"}} />
-                </div>
-              </Tooltip>
-            )
-          }
-          <OpenTour />
+          {renderWidgets()}
           {Setting.isAdminUser(props.account) && (props.uri.indexOf("/trees") === -1) &&
                         <OrganizationSelect
                           initValue={Setting.getOrganization()}
                           withAll={true}
-                          style={{marginRight: "20px", width: "180px", display: !Setting.isMobile() ? "flex" : "none"}}
+                          className="org-select"
+                          style={{display: Setting.isMobile() ? "none" : "flex"}}
                           onChange={(value) => {
                             Setting.setOrganization(value);
                           }}
-                          className="select-box"
                         />
           }
         </React.Fragment>
@@ -323,13 +340,7 @@ function ManagementPage(props) {
       }
     }
 
-    const navItems = props.account.organization.navItems;
-
-    if (!Array.isArray(navItems)) {
-      return res;
-    }
-
-    if (navItems.includes("all")) {
+    if (navItemsIsAll()) {
       return res;
     }
 
@@ -443,8 +454,6 @@ function ManagementPage(props) {
     return Setting.isMobile() || window.location.pathname.startsWith("/trees");
   }
 
-  const menuStyleRight = Setting.isAdminUser(props.account) && !Setting.isMobile() ? "calc(180px + 280px)" : "320px";
-
   const onClose = () => {
     setMenuVisible(false);
   };
@@ -456,34 +465,40 @@ function ManagementPage(props) {
   return (
     <React.Fragment>
       <EnableMfaNotification account={props.account} />
-      <Header style={{padding: "0", marginBottom: "3px", backgroundColor: props.themeAlgorithm.includes("dark") ? "black" : "white"}} >
-        {props.requiredEnableMfa || (Setting.isMobile() ?
-          <React.Fragment>
-            <Drawer title={i18next.t("general:Close")} placement="left" visible={menuVisible} onClose={onClose}>
-              <Menu
-                items={getMenuItems()}
-                mode={"inline"}
-                selectedKeys={[props.selectedMenuKey]}
-                style={{lineHeight: "64px"}}
-                onClick={onClose}
-              >
-              </Menu>
-            </Drawer>
-            <Button icon={<BarsOutlined />} onClick={showMenu} type="text">
-              {i18next.t("general:Menu")}
-            </Button>
-          </React.Fragment> :
-          <Menu
-            onClick={onClose}
-            items={getMenuItems()}
-            mode={"horizontal"}
-            selectedKeys={[props.selectedMenuKey]}
-            style={{position: "absolute", left: 0, right: menuStyleRight, backgroundColor: props.themeAlgorithm.includes("dark") ? "black" : "white"}}
-          />
-        )}
+      <Header style={{display: "flex", justifyContent: "space-between", alignItems: "center", padding: "0", marginBottom: "4px", backgroundColor: props.themeAlgorithm.includes("dark") ? "black" : "white"}} >
         {
-          renderAccountMenu()
+          props.requiredEnableMfa || (Setting.isMobile() ? (
+            <React.Fragment>
+              <Drawer title={i18next.t("general:Close")} placement="left" open={menuVisible} onClose={onClose}>
+                <Menu
+                  items={getMenuItems()}
+                  mode={"inline"}
+                  selectedKeys={[props.selectedMenuKey]}
+                  style={{lineHeight: "64px"}}
+                  onClick={onClose}
+                >
+                </Menu>
+              </Drawer>
+              <Button icon={<BarsOutlined />} onClick={showMenu} type="text">
+                {i18next.t("general:Menu")}
+              </Button>
+            </React.Fragment>
+          ) : (
+            // Padding 1px for Menu Item Highlight border
+            <div style={{flex: 1, overflow: "hidden", paddingBottom: "1px"}}>
+              <Menu
+                onClick={onClose}
+                items={getMenuItems()}
+                mode={"horizontal"}
+                selectedKeys={[props.selectedMenuKey]}
+                style={{backgroundColor: props.themeAlgorithm.includes("dark") ? "black" : "white"}}
+              />
+            </div>
+          ))
         }
+        <div style={{flexShrink: 0}}>
+          {renderAccountMenu()}
+        </div>
       </Header>
       <Content style={{display: "flex", flexDirection: "column"}} >
         {isWithoutCard() ?

web/src/ModelListPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Controlled as CodeMirror} from "react-codemirror2";
+
 import {Link} from "react-router-dom";
 import {Button, Popover, Table} from "antd";
 import moment from "moment";
@@ -22,6 +22,7 @@ import * as ModelBackend from "./backend/ModelBackend";
 import i18next from "i18next";
 import BaseListPage from "./BaseListPage";
 import PopconfirmModal from "./common/modal/PopconfirmModal";
+import Editor from "./common/Editor";
 
 const rbacModel = `[request_definition]
 r = sub, obj, act
@@ -148,11 +149,7 @@ class ModelListPage extends BaseListPage {
           return (
             <Popover placement="topRight" content={() => {
               return (
-                <CodeMirror
-                  value={text}
-                  options={{mode: "properties", theme: "default"}}
-                  onBeforeChange={(editor, data, value) => {}}
-                />
+                <Editor value={text} />
               );
             }} title="" trigger="hover">
               {

web/src/OrganizationEditPage.js

@@ -27,6 +27,7 @@ import AccountTable from "./table/AccountTable";
 import ThemeEditor from "./common/theme/ThemeEditor";
 import MfaTable from "./table/MfaTable";
 import {NavItemTree} from "./common/NavItemTree";
+import {WidgetItemTree} from "./common/WidgetItemTree";
 
 const {Option} = Select;
 
@@ -537,7 +538,7 @@ class OrganizationEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Navbar items"), i18next.t("general:Navbar items - Tooltip"))} :
+            {Setting.getLabel(i18next.t("organization:Navbar items"), i18next.t("organization:Navbar items - Tooltip"))} :
           </Col>
           <Col span={22} >
             <NavItemTree
@@ -550,6 +551,21 @@ class OrganizationEditPage extends React.Component {
             />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("organization:Widget items"), i18next.t("organization:Widget items - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <WidgetItemTree
+              disabled={!Setting.isAdminUser(this.props.account)}
+              checkedKeys={this.state.organization.widgetItems ?? ["all"]}
+              defaultExpandedKeys={["all"]}
+              onCheck={(checked, _) => {
+                this.updateOrganizationField("widgetItems", checked);
+              }}
+            />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("organization:Account items"), i18next.t("organization:Account items - Tooltip"))} :

web/src/PermissionListPage.js

@@ -113,8 +113,8 @@ class PermissionListPage extends BaseListPage {
 
     return (
       <Upload {...props}>
-        <Button id="upload-button" type="primary" size="small">
-          <UploadOutlined /> {i18next.t("user:Upload (.xlsx)")}
+        <Button icon={<UploadOutlined />} id="upload-button" type="primary" size="small">
+          {i18next.t("user:Upload (.xlsx)")}
         </Button></Upload>
     );
   }

web/src/ProviderEditPage.js

@@ -28,14 +28,7 @@ import copy from "copy-to-clipboard";
 import {CaptchaPreview} from "./common/CaptchaPreview";
 import {CountryCodeSelect} from "./common/select/CountryCodeSelect";
 import * as Web3Auth from "./auth/Web3Auth";
-
-import {Controlled as CodeMirror} from "react-codemirror2";
-import "codemirror/lib/codemirror.css";
-
-require("codemirror/theme/material-darker.css");
-require("codemirror/mode/htmlmixed/htmlmixed");
-require("codemirror/mode/xml/xml");
-require("codemirror/mode/css/css");
+import Editor from "./common/Editor";
 
 const {Option} = Select;
 const {TextArea} = Input;
@@ -295,10 +288,8 @@ class ProviderEditPage extends React.Component {
     default:
       if (provider.type === "Aliyun Captcha") {
         return Setting.getLabel(i18next.t("provider:Scene"), i18next.t("provider:Scene - Tooltip"));
-      } else if (provider.type === "WeChat Pay") {
+      } else if (provider.type === "WeChat Pay" || provider.type === "CUCloud") {
         return Setting.getLabel(i18next.t("provider:App ID"), i18next.t("provider:App ID - Tooltip"));
-      } else if (provider.type === "CUCloud") {
-        return Setting.getLabel(i18next.t("provider:Account ID"), i18next.t("provider:Account ID - Tooltip"));
       } else {
         return Setting.getLabel(i18next.t("provider:Client ID 2"), i18next.t("provider:Client ID 2 - Tooltip"));
       }
@@ -396,8 +387,8 @@ class ProviderEditPage extends React.Component {
         text = i18next.t("provider:App Key");
         tooltip = i18next.t("provider:App Key - Tooltip");
       } else if (provider.type === "CUCloud") {
-        text = i18next.t("provider:Topic name");
-        tooltip = i18next.t("provider:Topic name - Tooltip");
+        text = "Topic name";
+        tooltip = "Topic name - Tooltip";
       }
     }
 
@@ -574,6 +565,8 @@ class ProviderEditPage extends React.Component {
                 this.updateProviderField("type", "MetaMask");
               } else if (value === "Notification") {
                 this.updateProviderField("type", "Telegram");
+              } else if (value === "Face ID") {
+                this.updateProviderField("type", "Alibaba Cloud Facebody");
               }
             })}>
               {
@@ -587,6 +580,7 @@ class ProviderEditPage extends React.Component {
                   {id: "SMS", name: "SMS"},
                   {id: "Storage", name: "Storage"},
                   {id: "Web3", name: "Web3"},
+                  {id: "Face ID", name: "Face ID"},
                 ]
                   .sort((a, b) => a.name.localeCompare(b.name))
                   .map((providerCategory, index) => <Option key={index} value={providerCategory.id}>{providerCategory.name}</Option>)
@@ -908,7 +902,7 @@ class ProviderEditPage extends React.Component {
             </Row>
           )
         }
-        {this.state.provider.category === "Storage" || ["Custom HTTP SMS", "Custom HTTP Email", "SendGrid", "CUCloud"].includes(this.state.provider.type) ? (
+        {["Face ID", "Storage"].includes(this.state.provider.category) || ["Custom HTTP SMS", "Custom HTTP Email", "SendGrid", "CUCloud"].includes(this.state.provider.type) ? (
           <div>
             {["Local File System", "CUCloud"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
@@ -922,7 +916,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "SendGrid", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology", "Casdoor", "CUCloud"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "SendGrid", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology", "Casdoor", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
@@ -934,7 +928,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "SendGrid", "Local File System", "CUCloud"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "SendGrid", "Local File System", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {["Casdoor"].includes(this.state.provider.type) ?
@@ -948,7 +942,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "SendGrid", "CUCloud"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "SendGrid", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Path prefix"), i18next.t("provider:Path prefix - Tooltip"))} :
@@ -960,7 +954,7 @@ class ProviderEditPage extends React.Component {
                 </Col>
               </Row>
             )}
-            {["Custom HTTP SMS", "SendGrid", "Synology", "Casdoor", "CUCloud"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "SendGrid", "Synology", "Casdoor", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={2}>
                   {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@@ -1127,10 +1121,12 @@ class ProviderEditPage extends React.Component {
                   <Row>
                     <Col span={Setting.isMobile() ? 22 : 11}>
                       <div style={{height: "300px", margin: "10px"}}>
-                        <CodeMirror
+                        <Editor
                           value={this.state.provider.content}
-                          options={{mode: "htmlmixed", theme: "material-darker"}}
-                          onBeforeChange={(editor, data, value) => {
+                          fillHeight
+                          dark
+                          lang="html"
+                          onChange={value => {
                             this.updateProviderField("content", value);
                           }}
                         />
@@ -1285,7 +1281,7 @@ class ProviderEditPage extends React.Component {
                   }} />
                 </Col>
                 <Col span={16} >
-                  <Button type="primary" loading={this.state.metadataLoading} onClick={() => {this.fetchSamlMetadata();}}>{i18next.t("general:Request")}</Button>
+                  <Button style={{marginLeft: "10px"}} type="primary" loading={this.state.metadataLoading} onClick={() => {this.fetchSamlMetadata();}}>{i18next.t("general:Request")}</Button>
                 </Col>
               </Row>
               <Row style={{marginTop: "20px"}} >

web/src/RecordListPage.js

@@ -14,12 +14,12 @@
 
 import React from "react";
 import {Link} from "react-router-dom";
-import {Switch, Table} from "antd";
+import {Button, Descriptions, Drawer, Switch, Table, Tooltip} from "antd";
 import * as Setting from "./Setting";
 import * as RecordBackend from "./backend/RecordBackend";
 import i18next from "i18next";
-import moment from "moment";
 import BaseListPage from "./BaseListPage";
+import Editor from "./common/Editor";
 
 class RecordListPage extends BaseListPage {
   UNSAFE_componentWillMount() {
@@ -28,21 +28,6 @@ class RecordListPage extends BaseListPage {
     this.fetch({pagination});
   }
 
-  newRecord() {
-    return {
-      owner: "built-in",
-      name: "1234",
-      id: "1234",
-      clientIp: "::1",
-      timestamp: moment().format(),
-      organization: "built-in",
-      username: "admin",
-      requestUri: "/api/get-account",
-      action: "login",
-      isTriggered: false,
-    };
-  }
-
   renderTable(records) {
     let columns = [
       {
@@ -65,16 +50,13 @@ class RecordListPage extends BaseListPage {
         title: i18next.t("general:Client IP"),
         dataIndex: "clientIp",
         key: "clientIp",
-        width: "100px",
+        width: "120px",
         sorter: true,
-        ...this.getColumnSearchProps("clientIp"),
-        render: (text, record, index) => {
-          return (
-            <a target="_blank" rel="noreferrer" href={`https://db-ip.com/${text}`}>
-              {text}
-            </a>
-          );
-        },
+        ...this.getColumnSearchProps("clientIp", (row, highlightContent) => (
+          <a target="_blank" rel="noreferrer" href={`https://db-ip.com/${row.text}`}>
+            {highlightContent}
+          </a>
+        )),
       },
       {
         title: i18next.t("general:Timestamp"),
@@ -120,28 +102,28 @@ class RecordListPage extends BaseListPage {
         title: i18next.t("general:Method"),
         dataIndex: "method",
         key: "method",
-        width: "110px",
+        width: "100px",
         sorter: true,
         filterMultiple: false,
         filters: [
-          {text: "GET", value: "GET"},
-          {text: "HEAD", value: "HEAD"},
-          {text: "POST", value: "POST"},
-          {text: "PUT", value: "PUT"},
-          {text: "DELETE", value: "DELETE"},
-          {text: "CONNECT", value: "CONNECT"},
-          {text: "OPTIONS", value: "OPTIONS"},
-          {text: "TRACE", value: "TRACE"},
-          {text: "PATCH", value: "PATCH"},
-        ],
+          "GET", "HEAD", "POST", "PUT", "DELETE",
+          "CONNECT", "OPTIONS", "TRACE", "PATCH",
+        ].map(el => ({text: el, value: el})),
       },
       {
         title: i18next.t("general:Request URI"),
         dataIndex: "requestUri",
         key: "requestUri",
-        // width: "300px",
+        width: "200px",
         sorter: true,
-        ...this.getColumnSearchProps("requestUri"),
+        ellipsis: {
+          showTitle: false,
+        },
+        ...this.getColumnSearchProps("requestUri", (row, highlightContent) => (
+          <Tooltip placement="topLeft" title={row.text}>
+            {highlightContent}
+          </Tooltip>
+        )),
       },
       {
         title: i18next.t("user:Language"),
@@ -155,7 +137,7 @@ class RecordListPage extends BaseListPage {
         title: i18next.t("record:Status code"),
         dataIndex: "statusCode",
         key: "statusCode",
-        width: "90px",
+        width: "120px",
         sorter: true,
         ...this.getColumnSearchProps("statusCode"),
       },
@@ -163,16 +145,26 @@ class RecordListPage extends BaseListPage {
         title: i18next.t("record:Response"),
         dataIndex: "response",
         key: "response",
-        width: "90px",
+        width: "220px",
         sorter: true,
-        ...this.getColumnSearchProps("response"),
+        ellipsis: {
+          showTitle: false,
+        },
+        ...this.getColumnSearchProps("response", (row, highlightContent) => (
+          <Tooltip placement="topLeft" title={row.text}>
+            {highlightContent}
+          </Tooltip>
+        )),
       },
       {
         title: i18next.t("record:Object"),
         dataIndex: "object",
         key: "object",
-        width: "90px",
+        width: "200px",
         sorter: true,
+        ellipsis: {
+          showTitle: false,
+        },
         ...this.getColumnSearchProps("object"),
       },
       {
@@ -191,7 +183,7 @@ class RecordListPage extends BaseListPage {
         title: i18next.t("record:Is triggered"),
         dataIndex: "isTriggered",
         key: "isTriggered",
-        width: "140px",
+        width: "120px",
         sorter: true,
         fixed: (Setting.isMobile()) ? "false" : "right",
         render: (text, record, index) => {
@@ -204,6 +196,24 @@ class RecordListPage extends BaseListPage {
           );
         },
       },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: "action",
+        key: "action",
+        width: "80px",
+        sorter: true,
+        fixed: "right",
+        render: (text, record, index) => (
+          <Button type="link" onClick={() => {
+            this.setState({
+              detailRecord: record,
+              detailShow: true,
+            });
+          }}>
+            {i18next.t("general:Detail")}
+          </Button>
+        ),
+      },
     ];
 
     if (Setting.isLocalAdminUser(this.props.account)) {
@@ -220,7 +230,7 @@ class RecordListPage extends BaseListPage {
 
     return (
       <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={records} rowKey="id" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "100%"}} columns={columns} dataSource={records} rowKey="id" size="middle" bordered pagination={paginationProps}
           title={() => (
             <div>
               {i18next.t("general:Records")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -229,10 +239,79 @@ class RecordListPage extends BaseListPage {
           loading={this.state.loading}
           onChange={this.handleTableChange}
         />
+        {/* TODO: Should be packaged as a component after confirm it run correctly.*/}
+        <Drawer
+          title={i18next.t("general:Detail")}
+          width={Setting.isMobile() ? "100%" : 640}
+          placement="right"
+          destroyOnClose
+          onClose={() => this.setState({detailShow: false})}
+          open={this.state.detailShow}
+        >
+          <Descriptions bordered size="small" column={1} layout={Setting.isMobile() ? "vertical" : "horizontal"} style={{padding: "12px", height: "100%", overflowY: "auto"}}>
+            <Descriptions.Item label={i18next.t("general:ID")}>{this.getDetailField("id")}</Descriptions.Item>
+            <Descriptions.Item label={i18next.t("general:Client IP")}>{this.getDetailField("clientIp")}</Descriptions.Item>
+            <Descriptions.Item label={i18next.t("general:Timestamp")}>{this.getDetailField("createdTime")}</Descriptions.Item>
+            <Descriptions.Item label={i18next.t("general:Organization")}>
+              <Link to={`/organizations/${this.getDetailField("organization")}`}>
+                {this.getDetailField("organization")}
+              </Link>
+            </Descriptions.Item>
+            <Descriptions.Item label={i18next.t("general:User")}>
+              <Link to={`/users/${this.getDetailField("organization")}/${this.getDetailField("user")}`}>
+                {this.getDetailField("user")}
+              </Link>
+            </Descriptions.Item>
+            <Descriptions.Item label={i18next.t("general:Method")}>{this.getDetailField("method")}</Descriptions.Item>
+            <Descriptions.Item label={i18next.t("general:Request URI")}>{this.getDetailField("requestUri")}</Descriptions.Item>
+            <Descriptions.Item label={i18next.t("user:Language")}>{this.getDetailField("language")}</Descriptions.Item>
+            <Descriptions.Item label={i18next.t("record:Status code")}>{this.getDetailField("statusCode")}</Descriptions.Item>
+            <Descriptions.Item label={i18next.t("general:Action")}>{this.getDetailField("action")}</Descriptions.Item>
+            <Descriptions.Item label={i18next.t("record:Response")}>
+              <Editor
+                value={this.getDetailField("response")}
+                fillHeight
+                fillWidth
+                maxWidth={this.getEditorMaxWidth()}
+                dark
+                readOnly
+              />
+            </Descriptions.Item>
+            <Descriptions.Item label={i18next.t("record:Object")}>
+              <Editor
+                value={this.jsonStrFormatter(this.getDetailField("object"))}
+                lang="json"
+                fillHeight
+                fillWidth
+                maxWidth={this.getEditorMaxWidth()}
+                dark
+                readOnly
+              />
+            </Descriptions.Item>
+          </Descriptions>
+        </Drawer>
       </div>
     );
   }
 
+  getEditorMaxWidth = () => {
+    return Setting.isMobile() ? window.innerWidth - 60 : 475;
+  };
+
+  jsonStrFormatter = str => {
+    try {
+      return JSON.stringify(JSON.parse(str), null, 2);
+    } catch (e) {
+      // eslint-disable-next-line no-console
+      console.error(e);
+      return str;
+    }
+  };
+
+  getDetailField = dataIndex => {
+    return this.state.detailRecord ? this.state.detailRecord?.[dataIndex] ?? "" : "";
+  };
+
   fetch = (params = {}) => {
     let field = params.searchedColumn, value = params.searchText;
     const sortField = params.sortField, sortOrder = params.sortOrder;
@@ -255,6 +334,8 @@ class RecordListPage extends BaseListPage {
             },
             searchText: params.searchText,
             searchedColumn: params.searchedColumn,
+            detailShow: false,
+            detailRecord: null,
           });
         } else {
           if (res.data.includes("Please login first")) {

web/src/RoleListPage.js

@@ -106,8 +106,8 @@ class RoleListPage extends BaseListPage {
 
     return (
       <Upload {...props}>
-        <Button type="primary" size="small">
-          <UploadOutlined /> {i18next.t("user:Upload (.xlsx)")}
+        <Button icon={<UploadOutlined />} type="primary" size="small">
+          {i18next.t("user:Upload (.xlsx)")}
         </Button>
       </Upload>
     );

web/src/Setting.js

@@ -416,6 +416,12 @@ export const OtherProviderInfo = {
       url: "https://www.cucloud.cn/",
     },
   },
+  "Face ID": {
+    "Alibaba Cloud Facebody": {
+      logo: `${StaticBaseUrl}/img/social_aliyun.png`,
+      url: "https://vision.aliyun.com/facebody",
+    },
+  },
 };
 
 export function initCountries() {
@@ -1150,6 +1156,10 @@ export function getProviderTypeOptions(category) {
       {id: "Viber", name: "Viber"},
       {id: "CUCloud", name: "CUCloud"},
     ]);
+  } else if (category === "Face ID") {
+    return ([
+      {id: "Alibaba Cloud Facebody", name: "Alibaba Cloud Facebody"},
+    ]);
   } else {
     return [];
   }
@@ -1522,7 +1532,7 @@ export function getUserCommonFields() {
 }
 
 export function getDefaultFooterContent() {
-  return "Powered by <a target=\"_blank\" href=\"https://casdoor.org\" rel=\"noreferrer\"><img style=\"padding-bottom: 3px\" height=\"20\" alt=\"Casdoor\" src=\"https://cdn.casbin.org/img/casdoor-logo_1185x256.png\"/></a>";
+  return `Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style="padding-bottom: 3px" height="20" alt="Casdoor" src="${StaticBaseUrl}/img/casdoor-logo_1185x256.png"/></a>`;
 }
 
 export function getEmptyFooterContent() {
@@ -1554,7 +1564,7 @@ export function getDefaultHtmlEmailContent() {
 <div class="email-container">
   <div class="header">
         <h3>Casbin Organization</h3>
-        <img src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png" alt="Casdoor Logo" width="300">
+        <img src="${StaticBaseUrl}/img/casdoor-logo_1185x256.png" alt="Casdoor Logo" width="300">
     </div>
     <p><strong>%{user.friendlyName}</strong>, here is your verification code</p>
     <p>Use this code for your transaction. It's valid for 5 minutes</p>

web/src/SyncerEditPage.js

@@ -21,11 +21,8 @@ import * as Setting from "./Setting";
 import i18next from "i18next";
 import SyncerTableColumnTable from "./table/SyncerTableColumnTable";
 
-import {Controlled as CodeMirror} from "react-codemirror2";
-import "codemirror/lib/codemirror.css";
 import * as CertBackend from "./backend/CertBackend";
-require("codemirror/theme/material-darker.css");
-require("codemirror/mode/javascript/javascript");
+import Editor from "./common/Editor";
 
 const {Option} = Select;
 
@@ -512,10 +509,13 @@ class SyncerEditPage extends React.Component {
           </Col>
           <Col span={22} >
             <div style={{width: "100%", height: "300px"}} >
-              <CodeMirror
+              <Editor
                 value={this.state.syncer.errorText}
-                options={{mode: "javascript", theme: "material-darker"}}
-                onBeforeChange={(editor, data, value) => {
+                fillHeight
+                readOnly
+                dark
+                lang="js"
+                onChange={value => {
                   this.updateSyncerField("errorText", value);
                 }}
               />

web/src/TokenListPage.js

@@ -153,7 +153,7 @@ class TokenListPage extends BaseListPage {
         title: i18next.t("token:Authorization code"),
         dataIndex: "code",
         key: "code",
-        // width: '150px',
+        width: "180px",
         sorter: true,
         ...this.getColumnSearchProps("code"),
         render: (text, record, index) => {
@@ -164,7 +164,7 @@ class TokenListPage extends BaseListPage {
         title: i18next.t("token:Access token"),
         dataIndex: "accessToken",
         key: "accessToken",
-        // width: '150px',
+        width: "220px",
         sorter: true,
         ellipsis: true,
         ...this.getColumnSearchProps("accessToken"),
@@ -225,7 +225,7 @@ class TokenListPage extends BaseListPage {
 
     return (
       <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={tokens} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "100%"}} columns={columns} dataSource={tokens} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
           title={() => (
             <div>
               {i18next.t("general:Tokens")}&nbsp;&nbsp;&nbsp;&nbsp;

web/src/TourConfig.js

@@ -1,4 +1,5 @@
 import React from "react";
+import * as Setting from "./Setting";
 
 export const TourObj = {
   home: [
@@ -8,7 +9,7 @@ export const TourObj = {
       cover: (
         <img
           alt="casdoor.png"
-          src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png"
+          src={`${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`}
         />
       ),
     },

web/src/UserEditPage.js

@@ -1054,6 +1054,7 @@ class UserEditPage extends React.Component {
             <FaceIdTable
               title={i18next.t("user:Face IDs")}
               table={this.state.user.faceIds}
+              {...this.props}
               onUpdateTable={(table) => {this.updateUserField("faceIds", table);}}
             />
           </Col>

web/src/UserListPage.js

@@ -188,8 +188,8 @@ class UserListPage extends BaseListPage {
 
     return (
       <Upload {...props}>
-        <Button id="upload-button" type="primary" size="small">
-          <UploadOutlined /> {i18next.t("user:Upload (.xlsx)")}
+        <Button icon={<UploadOutlined />} id="upload-button" type="primary" size="small">
+          {i18next.t("user:Upload (.xlsx)")}
         </Button>
       </Upload>
     );

web/src/WebhookEditPage.js

@@ -21,10 +21,7 @@ import * as Setting from "./Setting";
 import i18next from "i18next";
 import WebhookHeaderTable from "./table/WebhookHeaderTable";
 
-import {Controlled as CodeMirror} from "react-codemirror2";
-import "codemirror/lib/codemirror.css";
-require("codemirror/theme/material-darker.css");
-require("codemirror/mode/javascript/javascript");
+import Editor from "./common/Editor";
 
 const {Option} = Select;
 
@@ -177,7 +174,16 @@ class WebhookEditPage extends React.Component {
   renderWebhook() {
     const preview = Setting.deepCopy(previewTemplate);
     if (this.state.webhook.isUserExtended) {
-      preview["extendedUser"] = userTemplate;
+      if (this.state.webhook.tokenFields && this.state.webhook.tokenFields.length !== 0) {
+        const extendedUser = {};
+        this.state.webhook.tokenFields.forEach(field => {
+          const fieldTrans = field.replace(field[0], field[0].toLowerCase());
+          extendedUser[fieldTrans] = userTemplate[fieldTrans];
+        });
+        preview["extendedUser"] = extendedUser;
+      } else {
+        preview["extendedUser"] = userTemplate;
+      }
     }
     const previewText = JSON.stringify(preview, null, 2);
 
@@ -298,17 +304,25 @@ class WebhookEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("webhook:Extended user fields"), i18next.t("webhook:Extended user fields - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" showSearch style={{width: "100%"}} value={this.state.webhook.tokenFields} onChange={(value => {this.updateWebhookField("tokenFields", value);})}>
+              {
+                Setting.getUserCommonFields().map((item, index) => <Option key={index} value={item}>{item}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("general:Preview"), i18next.t("general:Preview - Tooltip"))} :
           </Col>
           <Col span={22} >
             <div style={{width: "900px", height: "300px"}} >
-              <CodeMirror
-                value={previewText}
-                options={{mode: "javascript", theme: "material-darker"}}
-                onBeforeChange={(editor, data, value) => {}}
-              />
+              <Editor value={previewText} lang="js" fillHeight readOnly dark />
             </div>
           </Col>
         </Row>

web/src/auth/ForgetPage.js

@@ -471,9 +471,12 @@ class ForgetPage extends React.Component {
       <React.Fragment>
         <CustomGithubCorner />
         <div className="forget-content" style={{padding: Setting.isMobile() ? "0" : null, boxShadow: Setting.isMobile() ? "none" : null}}>
-          <Button type="text" style={{position: "relative", left: Setting.isMobile() ? "10px" : "-90px", top: 0}} size={"large"} onClick={() => {this.stepBack();}}>
-            <ArrowLeftOutlined style={{fontSize: "24px"}} />
-          </Button>
+          <Button type="text"
+            style={{position: "relative", left: Setting.isMobile() ? "10px" : "-90px", top: 0}}
+            icon={<ArrowLeftOutlined style={{fontSize: "24px"}} />}
+            size={"large"}
+            onClick={() => {this.stepBack();}}
+          />
           <Row>
             <Col span={24} style={{justifyContent: "center"}}>
               <Row>

web/src/auth/LoginPage.js

@@ -37,6 +37,8 @@ import RedirectForm from "../common/RedirectForm";
 import {RequiredMfa} from "./mfa/MfaAuthVerifyForm";
 import {GoogleOneTapLoginVirtualButton} from "./GoogleLoginButton";
 import * as ProviderButton from "./ProviderButton";
+import {goToLink} from "../Setting";
+const FaceRecognitionCommonModal = lazy(() => import("../common/modal/FaceRecognitionCommonModal"));
 const FaceRecognitionModal = lazy(() => import("../common/modal/FaceRecognitionModal"));
 
 class LoginPage extends React.Component {
@@ -61,6 +63,8 @@ class LoginPage extends React.Component {
       isTermsOfUseVisible: false,
       termsOfUseContent: "",
       orgChoiceMode: new URLSearchParams(props.location?.search).get("orgChoiceMode") ?? null,
+      userLang: null,
+      loginLoading: false,
     };
 
     if (this.state.type === "cas" && props.match?.params.casApplicationName !== undefined) {
@@ -68,7 +72,7 @@ class LoginPage extends React.Component {
       this.state.applicationName = props.match?.params?.casApplicationName;
     }
 
-    localStorage.setItem("signinUrl", window.location.href);
+    localStorage.setItem("signinUrl", window.location.pathname + window.location.search);
 
     this.form = React.createRef();
   }
@@ -262,6 +266,13 @@ class LoginPage extends React.Component {
 
   onUpdateApplication(application) {
     this.props.onUpdateApplication(application);
+    for (const idx in application.providers) {
+      const provider = application.providers[idx];
+      if (provider.provider?.category === "Face ID") {
+        this.setState({haveFaceIdProvider: true});
+        break;
+      }
+    }
   }
 
   parseOffset(offset) {
@@ -314,7 +325,7 @@ class LoginPage extends React.Component {
     }
 
     if (resp.data2) {
-      sessionStorage.setItem("signinUrl", window.location.href);
+      sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
       Setting.goToLinkSoft(ths, `/forget/${application.name}`);
       return;
     }
@@ -355,6 +366,7 @@ class LoginPage extends React.Component {
   }
 
   onFinish(values) {
+    this.setState({loginLoading: true});
     if (this.state.loginMethod === "webAuthn") {
       let username = this.state.username;
       if (username === null || username === "") {
@@ -415,6 +427,7 @@ class LoginPage extends React.Component {
 
   login(values) {
     // here we are supposed to determine whether Casdoor is working as an OAuth server or CAS server
+    values["language"] = this.state.userLang ?? "";
     if (this.state.type === "cas") {
       // CAS
       const casParams = Util.getCasParameters();
@@ -442,6 +455,7 @@ class LoginPage extends React.Component {
         } else {
           Setting.showMessage("error", `${i18next.t("application:Failed to sign in")}: ${res.msg}`);
         }
+        this.setState({loginLoading: false});
       });
     } else {
       // OAuth
@@ -454,7 +468,7 @@ class LoginPage extends React.Component {
 
             if (responseType === "login") {
               if (res.data2) {
-                sessionStorage.setItem("signinUrl", window.location.href);
+                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
                 Setting.goToLink(this, `/forget/${this.state.applicationName}`);
               }
               Setting.showMessage("success", i18next.t("application:Logged in successfully"));
@@ -463,7 +477,7 @@ class LoginPage extends React.Component {
               this.postCodeLoginAction(res);
             } else if (responseType === "token" || responseType === "id_token") {
               if (res.data2) {
-                sessionStorage.setItem("signinUrl", window.location.href);
+                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
                 Setting.goToLink(this, `/forget/${this.state.applicationName}`);
               }
               const amendatoryResponseType = responseType === "token" ? "access_token" : responseType;
@@ -475,7 +489,7 @@ class LoginPage extends React.Component {
                 return;
               }
               if (res.data2.needUpdatePassword) {
-                sessionStorage.setItem("signinUrl", window.location.href);
+                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
                 Setting.goToLink(this, `/forget/${this.state.applicationName}`);
               }
               if (res.data2.method === "POST") {
@@ -497,6 +511,7 @@ class LoginPage extends React.Component {
           } else {
             Setting.showMessage("error", `${i18next.t("application:Failed to sign in")}: ${res.msg}`);
           }
+          this.setState({loginLoading: false});
         });
     }
   }
@@ -530,9 +545,11 @@ class LoginPage extends React.Component {
       return null;
     }
 
+    const resultItemKey = `${application.organization}_${application.name}_${signinItem.name}`;
+
     if (signinItem.name === "Logo") {
       return (
-        <div className="login-logo-box">
+        <div key={resultItemKey} className="login-logo-box">
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           {
             Setting.renderHelmet(application)
@@ -544,7 +561,7 @@ class LoginPage extends React.Component {
       );
     } else if (signinItem.name === "Back button") {
       return (
-        <div className="back-button">
+        <div key={resultItemKey} className="back-button">
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           {
             this.renderBackButton()
@@ -562,22 +579,25 @@ class LoginPage extends React.Component {
       }
 
       return (
-        <div className="login-languages">
+        <div key={resultItemKey} className="login-languages">
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
-          <LanguageSelect languages={application.organizationObj.languages} />
+          <LanguageSelect languages={application.organizationObj.languages} onClick={key => {this.setState({userLang: key});}} />
         </div>
       );
     } else if (signinItem.name === "Signin methods") {
       return (
-        <div>
+        <div key={resultItemKey}>
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           {this.renderMethodChoiceBox()}
         </div>
       )
       ;
     } else if (signinItem.name === "Username") {
+      if (this.state.loginMethod === "webAuthn") {
+        return null;
+      }
       return (
-        <div>
+        <div key={resultItemKey}>
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           <Form.Item
             name="username"
@@ -654,14 +674,14 @@ class LoginPage extends React.Component {
       );
     } else if (signinItem.name === "Password") {
       return (
-        <div>
+        <div key={resultItemKey}>
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           {this.renderPasswordOrCodeInput(signinItem)}
         </div>
       );
     } else if (signinItem.name === "Forgot password?") {
       return (
-        <div>
+        <div key={resultItemKey}>
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           <div className="login-forget-password">
             <Form.Item name="autoSignin" valuePropName="checked" noStyle>
@@ -679,9 +699,10 @@ class LoginPage extends React.Component {
       return AgreementModal.isAgreementRequired(application) ? AgreementModal.renderAgreementFormItem(application, true, {}, this) : null;
     } else if (signinItem.name === "Login button") {
       return (
-        <Form.Item className="login-button-box">
+        <Form.Item key={resultItemKey} className="login-button-box">
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           <Button
+            loading={this.state.loginLoading}
             type="primary"
             htmlType="submit"
             className="login-button"
@@ -694,19 +715,25 @@ class LoginPage extends React.Component {
           </Button>
           {
             this.state.loginMethod === "faceId" ?
-              <Suspense fallback={null}>
-                <FaceRecognitionModal
-                  visible={this.state.openFaceRecognitionModal}
-                  onOk={(faceId) => {
-                    const values = this.state.values;
-                    values["faceId"] = faceId;
+              this.state.haveFaceIdProvider ? <Suspense fallback={null}><FaceRecognitionCommonModal visible={this.state.openFaceRecognitionModal} onOk={(FaceIdImage) => {
+                const values = this.state.values;
+                values["FaceIdImage"] = FaceIdImage;
+                this.login(values);
+                this.setState({openFaceRecognitionModal: false});
+              }} onCancel={() => this.setState({openFaceRecognitionModal: false})} /></Suspense> :
+                <Suspense fallback={null}>
+                  <FaceRecognitionModal
+                    visible={this.state.openFaceRecognitionModal}
+                    onOk={(faceId) => {
+                      const values = this.state.values;
+                      values["faceId"] = faceId;
 
-                    this.login(values);
-                    this.setState({openFaceRecognitionModal: false});
-                  }}
-                  onCancel={() => this.setState({openFaceRecognitionModal: false})}
-                />
-              </Suspense>
+                      this.login(values);
+                      this.setState({openFaceRecognitionModal: false});
+                    }}
+                    onCancel={() => this.setState({openFaceRecognitionModal: false})}
+                  />
+                </Suspense>
               :
               <>
               </>
@@ -721,15 +748,21 @@ class LoginPage extends React.Component {
       if (signinItem.rule === "None" || signinItem.rule === "") {
         signinItem.rule = showForm ? "small" : "big";
       }
+      const searchParams = new URLSearchParams(window.location.search);
+      const providerHint = searchParams.get("provider_hint");
 
       return (
-        <div>
+        <div key={resultItemKey}>
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           <Form.Item>
             {
               application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map((providerItem, id) => {
+                if (providerHint === providerItem.provider.name) {
+                  goToLink(Provider.getAuthUrl(application, providerItem.provider, "signup"));
+                  return;
+                }
                 return (
-                  <span key ={id} onClick={(e) => {
+                  <span key={id} onClick={(e) => {
                     const agreementChecked = this.form.current.getFieldValue("agreement");
 
                     if (agreementChecked !== undefined && typeof agreementChecked === "boolean" && !agreementChecked) {
@@ -752,11 +785,11 @@ class LoginPage extends React.Component {
       );
     } else if (signinItem.name.startsWith("Text ") || signinItem?.isCustom) {
       return (
-        <div dangerouslySetInnerHTML={{__html: signinItem.customCss}} />
+        <div key={resultItemKey} dangerouslySetInnerHTML={{__html: signinItem.customCss}} />
       );
     } else if (signinItem.name === "Signup link") {
       return (
-        <div style={{width: "100%"}} className="login-signup-link">
+        <div key={resultItemKey} style={{width: "100%"}} className="login-signup-link">
           <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
           {this.renderFooter(application, signinItem)}
         </div>
@@ -803,7 +836,6 @@ class LoginPage extends React.Component {
         <Form
           name="normal_login"
           initialValues={{
-
             organization: application.organization,
             application: application.name,
             autoSignin: true,
@@ -906,7 +938,7 @@ class LoginPage extends React.Component {
         this.login(values);
         this.setState({openCaptchaModal: false});
       }}
-      onCancel={() => this.setState({openCaptchaModal: false})}
+      onCancel={() => this.setState({openCaptchaModal: false, loginLoading: false})}
       isCurrentProvider={true}
     />;
   }
@@ -973,7 +1005,7 @@ class LoginPage extends React.Component {
     const oAuthParams = Util.getOAuthGetParameters();
     this.populateOauthValues(values);
     const application = this.getApplicationObj();
-    return fetch(`${Setting.ServerUrl}/api/webauthn/signin/begin?owner=${application.organization}&name=${username}`, {
+    return fetch(`${Setting.ServerUrl}/api/webauthn/signin/begin?owner=${application.organization}`, {
       method: "GET",
       credentials: "include",
     })
@@ -983,11 +1015,7 @@ class LoginPage extends React.Component {
           Setting.showMessage("error", credentialRequestOptions.msg);
           throw credentialRequestOptions.status.msg;
         }
-
         credentialRequestOptions.publicKey.challenge = UserWebauthnBackend.webAuthnBufferDecode(credentialRequestOptions.publicKey.challenge);
-        credentialRequestOptions.publicKey.allowCredentials.forEach(function(listItem) {
-          listItem.id = UserWebauthnBackend.webAuthnBufferDecode(listItem.id);
-        });
 
         return navigator.credentials.get({
           publicKey: credentialRequestOptions.publicKey,

web/src/auth/Provider.js

@@ -387,7 +387,8 @@ export function getAuthUrl(application, provider, method, code) {
   }
 
   let endpoint = authInfo[provider.type].endpoint;
-  let redirectUri = `${window.location.origin}/callback`;
+  const redirectOrigin = application.forcedRedirectOrigin ? application.forcedRedirectOrigin : window.location.origin;
+  let redirectUri = `${redirectOrigin}/callback`;
   let scope = authInfo[provider.type].scope;
   const isShortState = (provider.type === "WeChat" && navigator.userAgent.includes("MicroMessenger")) || (provider.type === "Twitter");
   const state = Util.getStateFromQueryParams(application.name, provider.name, method, isShortState);
@@ -398,7 +399,7 @@ export function getAuthUrl(application, provider, method, code) {
       endpoint = endpoint.replace("common", provider.domain);
     }
   } else if (provider.type === "Apple") {
-    redirectUri = `${window.location.origin}/api/callback`;
+    redirectUri = `${redirectOrigin}/api/callback`;
   } else if (provider.type === "Google" && provider.disableSsl) {
     scope += "+https://www.googleapis.com/auth/user.phonenumbers.read";
   }
@@ -420,13 +421,13 @@ export function getAuthUrl(application, provider, method, code) {
   } else if (provider.type === "AzureADB2C") {
     return `https://${provider.domain}.b2clogin.com/${provider.domain}.onmicrosoft.com/${provider.appId}/oauth2/v2.0/authorize?client_id=${provider.clientId}&nonce=defaultNonce&redirect_uri=${encodeURIComponent(redirectUri)}&scope=${scope}&response_type=code&state=${state}&prompt=login`;
   } else if (provider.type === "DingTalk") {
-    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&prompt=consent&state=${state}`;
+    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&prompt=login%20consent&state=${state}`;
   } else if (provider.type === "WeChat") {
     if (navigator.userAgent.includes("MicroMessenger")) {
       return `${authInfo[provider.type].mpEndpoint}?appid=${provider.clientId2}&redirect_uri=${redirectUri}&state=${state}&scope=${authInfo[provider.type].mpScope}&response_type=code#wechat_redirect`;
     } else {
       if (provider.clientId2 && provider?.disableSsl && provider?.signName === "media") {
-        return `${window.location.origin}/callback?state=${state}&code=${"wechat_oa:" + code}`;
+        return `${redirectOrigin}/callback?state=${state}&code=${"wechat_oa:" + code}`;
       }
       return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}#wechat_redirect`;
     }
@@ -469,7 +470,7 @@ export function getAuthUrl(application, provider, method, code) {
   } else if (provider.type === "Apple") {
     return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code%20id_token&scope=${scope}&response_mode=form_post`;
   } else if (provider.type === "Steam") {
-    return `${endpoint}?openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.realm=${window.location.origin}&openid.return_to=${redirectUri}?state=${state}`;
+    return `${endpoint}?openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.realm=${redirectOrigin}&openid.return_to=${redirectUri}?state=${state}`;
   } else if (provider.type === "Okta") {
     return `${provider.domain}/v1/authorize?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}`;
   } else if (provider.type === "Douyin" || provider.type === "TikTok") {

web/src/basic/Dashboard.js

@@ -167,25 +167,35 @@ const Dashboard = (props) => {
     };
     myChart.setOption(option);
 
+    const cardStyles = {
+      body: {
+        width: Setting.isMobile() ? "340px" : "100%",
+        height: Setting.isMobile() ? "100px" : "150px",
+        display: "flex",
+        alignItems: "center",
+        justifyContent: "center",
+      },
+    };
+
     return (
       <Row id="statistic" gutter={80} justify={"center"}>
         <Col span={50} style={{marginBottom: "10px"}}>
-          <Card bordered={false} bodyStyle={{width: Setting.isMobile() ? "340px" : "100%", height: Setting.isMobile() ? "100px" : "150px", display: "flex", alignItems: "center", justifyContent: "center"}}>
+          <Card variant="borderless" styles={cardStyles}>
             <Statistic title={i18next.t("home:Total users")} fontSize="100px" value={dashboardData.userCounts[30]} valueStyle={{fontSize: "30px"}} style={{width: "200px", paddingLeft: "10px"}} />
           </Card>
         </Col>
         <Col span={50} style={{marginBottom: "10px"}}>
-          <Card bordered={false} bodyStyle={{width: Setting.isMobile() ? "340px" : "100%", height: Setting.isMobile() ? "100px" : "150px", display: "flex", alignItems: "center", justifyContent: "center"}}>
+          <Card variant="borderless" styles={cardStyles}>
             <Statistic title={i18next.t("home:New users today")} fontSize="100px" value={dashboardData.userCounts[30] - dashboardData.userCounts[30 - 1]} valueStyle={{fontSize: "30px"}} prefix={<ArrowUpOutlined />} style={{width: "200px", paddingLeft: "10px"}} />
           </Card>
         </Col>
         <Col span={50} style={{marginBottom: "10px"}}>
-          <Card bordered={false} bodyStyle={{width: Setting.isMobile() ? "340px" : "100%", height: Setting.isMobile() ? "100px" : "150px", display: "flex", alignItems: "center", justifyContent: "center"}}>
+          <Card variant="borderless" styles={cardStyles}>
             <Statistic title={i18next.t("home:New users past 7 days")} value={dashboardData.userCounts[30] - dashboardData.userCounts[30 - 7]} valueStyle={{fontSize: "30px"}} prefix={<ArrowUpOutlined />} style={{width: "200px", paddingLeft: "10px"}} />
           </Card>
         </Col>
         <Col span={50} style={{marginBottom: "10px"}}>
-          <Card bordered={false} bodyStyle={{width: Setting.isMobile() ? "340px" : "100%", height: Setting.isMobile() ? "100px" : "150px", display: "flex", alignItems: "center", justifyContent: "center"}}>
+          <Card variant="borderless" styles={cardStyles}>
             <Statistic title={i18next.t("home:New users past 30 days")} value={dashboardData.userCounts[30] - dashboardData.userCounts[30 - 30]} valueStyle={{fontSize: "30px"}} prefix={<ArrowUpOutlined />} style={{width: "200px", paddingLeft: "10px"}} />
           </Card>
         </Col>

web/src/basic/GridCards.js

@@ -31,12 +31,12 @@ const GridCards = (props) => {
 
   return (
     Setting.isMobile() ? (
-      <Card bodyStyle={{padding: 0}}>
+      <Card styles={{body: {padding: 0}}}>
         {items.map(item => <SingleCard key={item.link} logo={item.logo} link={item.link} title={item.name} desc={item.description} isSingle={items.length === 1} />)}
       </Card>
     ) : (
-      <div style={{margin: "0 15px"}}>
-        <Row>
+      <div style={{width: "100%", padding: "0 100px"}}>
+        <Row style={{justifyContent: "center"}}>
           {items.map(item => <SingleCard logo={item.logo} link={item.link} title={item.name} desc={item.description} time={item.createdTime} isSingle={items.length === 1} key={item.name} />)}
         </Row>
       </div>

web/src/common/Editor.js

@@ -0,0 +1,83 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import CodeMirror from "@uiw/react-codemirror";
+import {materialDark} from "@uiw/codemirror-theme-material";
+import {langs} from "@uiw/codemirror-extensions-langs";
+
+export const Editor = (props) => {
+  let style = {};
+  let height = props.height;
+  let width = props.width;
+  const copy2StyleProps = [
+    "width", "maxWidth", "minWidth",
+    "height", "maxHeight", "minHeight",
+  ];
+  if (props.fillHeight) {
+    height = "100%";
+    style = {...style, height: "100%"};
+  }
+  if (props.fillWidth) {
+    width = "100%";
+    style = {...style, width: "100%"};
+  }
+  /**
+   * @uiw/react-codemirror style props sucha as "height" "width"
+   * may need to be configured with "style" in some scenarios to take effect
+   */
+  copy2StyleProps.forEach(el => {
+    if (["number", "string"].includes(typeof props[el])) {
+      style = {...style, [el]: props[el]};
+    }
+  });
+  if (props.style) {
+    style = {...style, ...props.style};
+  }
+  let extensions = [];
+  switch (props.lang) {
+  case "javascript":
+  case "js":
+    extensions = [langs.javascript()];
+    break;
+  case "html":
+    extensions = [langs.html()];
+    break;
+  case "css":
+    extensions = [langs.css()];
+    break;
+  case "xml":
+    extensions = [langs.xml()];
+    break;
+  case "json":
+    extensions = [langs.json()];
+    break;
+  }
+
+  return (
+    <CodeMirror
+      value={props.value}
+      {...props}
+      width={width}
+      height={height}
+      style={style}
+      readOnly={props.readOnly}
+      theme={props.dark ? materialDark : "light"}
+      extensions={extensions}
+      onChange={props.onChange}
+    />
+  );
+};
+
+export default Editor;

web/src/common/NavItemTree.js

@@ -2,7 +2,7 @@ import i18next from "i18next";
 import {Tree} from "antd";
 import React from "react";
 
-export const NavItemTree = ({disable, checkedKeys, defaultExpandedKeys, onCheck}) => {
+export const NavItemTree = ({disabled, checkedKeys, defaultExpandedKeys, onCheck}) => {
   const NavItemNodes = [
     {
       title: i18next.t("organization:All"),
@@ -86,7 +86,7 @@ export const NavItemTree = ({disable, checkedKeys, defaultExpandedKeys, onCheck}
 
   return (
     <Tree
-      disabled={disable}
+      disabled={disabled}
       checkable
       checkedKeys={checkedKeys}
       defaultExpandedKeys={defaultExpandedKeys}

web/src/common/TestEmailWidget.js

@@ -51,6 +51,8 @@ function testEmailProvider(provider, email = "") {
     receivers: email === "" ? ["TestSmtpServer"] : [email],
     provider: provider.name,
     providerObject: provider,
+    owner: provider.owner,
+    name: provider.name,
   };
 
   return fetch(`${Setting.ServerUrl}/api/send-email`, {

web/src/common/TestNotificationWidget.js

@@ -16,7 +16,7 @@ import * as Setting from "../Setting";
 import i18next from "i18next";
 
 export function sendTestNotification(provider) {
-  testNotificationProvider(provider.content, provider.name)
+  testNotificationProvider(provider)
     .then((res) => {
       if (res.status === "ok") {
         Setting.showMessage("success", i18next.t("general:Successfully sent"));
@@ -29,12 +29,14 @@ export function sendTestNotification(provider) {
     });
 }
 
-function testNotificationProvider(content, name) {
+function testNotificationProvider(provider) {
   const notificationForm = {
-    content: content,
+    content: provider.content,
+    owner: provider.owner,
+    name: provider.name,
   };
 
-  return fetch(`${Setting.ServerUrl}/api/send-notification?provider=${name}`, {
+  return fetch(`${Setting.ServerUrl}/api/send-notification?provider=${provider.name}`, {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(notificationForm),

web/src/common/TestSmsWidget.js

@@ -33,6 +33,8 @@ function testSmsProvider(provider, phone = "") {
   const SmsForm = {
     content: "123456",
     receivers: [phone],
+    owner: provider.owner,
+    name: provider.name,
   };
 
   return fetch(`${Setting.ServerUrl}/api/send-sms?provider=` + provider.name, {

web/src/common/WidgetItemTree.js

@@ -0,0 +1,29 @@
+import i18next from "i18next";
+import {Tree} from "antd";
+import React from "react";
+
+export const WidgetItemTree = ({disabled, checkedKeys, defaultExpandedKeys, onCheck}) => {
+  const WidgetItemNodes = [
+    {
+      title: i18next.t("organization:All"),
+      key: "all",
+      children: [
+        {title: i18next.t("general:Tour"), key: "tour"},
+        {title: i18next.t("general:AI Assistant"), key: "ai-assistant"},
+        {title: i18next.t("user:Language"), key: "language"},
+        {title: i18next.t("theme:Theme"), key: "theme"},
+      ],
+    },
+  ];
+
+  return (
+    <Tree
+      disabled={disabled}
+      checkable
+      checkedKeys={checkedKeys}
+      defaultExpandedKeys={defaultExpandedKeys}
+      onCheck={onCheck}
+      treeData={WidgetItemNodes}
+    />
+  );
+};

web/src/common/modal/FaceRecognitionCommonModal.js

@@ -0,0 +1,177 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import {Button, Modal, Progress, message} from "antd";
+import React, {useState} from "react";
+import i18next from "i18next";
+
+const FaceRecognitionCommonModal = (props) => {
+  const {visible, onOk, onCancel} = props;
+
+  const videoRef = React.useRef();
+  const canvasRef = React.useRef();
+  const [percent, setPercent] = useState(0);
+  const mediaStreamRef = React.useRef(null);
+  const [isCameraCaptured, setIsCameraCaptured] = useState(false);
+  const [capturedImageArray, setCapturedImageArray] = useState([]);
+
+  React.useEffect(() => {
+    if (isCameraCaptured) {
+      let count = 0;
+      let count2 = 0;
+      const interval = setInterval(() => {
+        count++;
+        if (videoRef.current) {
+          videoRef.current.srcObject = mediaStreamRef.current;
+          videoRef.current.play();
+          const interval2 = setInterval(() => {
+            if (!visible) {
+              clearInterval(interval);
+              setPercent(0);
+            }
+            count2++;
+            if (count2 >= 8) {
+              clearInterval(interval2);
+              setPercent(0);
+              onOk(capturedImageArray);
+            } else if (count2 > 3) {
+              setPercent((count2 - 4) * 20);
+              const canvas = document.createElement("canvas");
+              canvas.width = videoRef.current.videoWidth;
+              canvas.height = videoRef.current.videoHeight;
+              const context = canvas.getContext("2d");
+              context.drawImage(videoRef.current, 0, 0, canvas.width, canvas.height);
+              const b64 = canvas.toDataURL("image/png");
+              capturedImageArray.push(b64);
+              setCapturedImageArray(capturedImageArray);
+            }
+          }, 1000);
+
+          clearInterval(interval);
+        }
+        if (count >= 30) {
+          clearInterval(interval);
+        }
+      }, 100);
+    } else {
+      mediaStreamRef.current?.getTracks().forEach(track => track.stop());
+      if (videoRef.current) {
+        videoRef.current.srcObject = null;
+      }
+    }
+  }, [isCameraCaptured]);
+
+  React.useEffect(() => {
+    if (visible) {
+      navigator.mediaDevices
+        .getUserMedia({video: {facingMode: "user"}})
+        .then((stream) => {
+          mediaStreamRef.current = stream;
+          setIsCameraCaptured(true);
+        }).catch((error) => {
+          handleCameraError(error);
+        });
+    } else {
+      setIsCameraCaptured(false);
+      setCapturedImageArray([]);
+    }
+  }, [visible]);
+
+  const handleCameraError = (error) => {
+    if (error instanceof DOMException) {
+      if (error.name === "NotFoundError" || error.name === "DevicesNotFoundError") {
+        message.error(i18next.t("login:Please ensure that you have a camera device for facial recognition"));
+      } else if (error.name === "NotAllowedError" || error.name === "PermissionDeniedError") {
+        message.error(i18next.t("login:Please provide permission to access the camera"));
+      } else if (error.name === "NotReadableError" || error.name === "TrackStartError") {
+        message.error(i18next.t("login:The camera is currently in use by another webpage"));
+      } else if (error.name === "TypeError") {
+        message.error(i18next.t("login:Please load the webpage using HTTPS, otherwise the camera cannot be accessed"));
+      } else {
+        message.error(error.message);
+      }
+    }
+  };
+
+  return <div>
+    <Modal
+      closable={false}
+      maskClosable={false}
+      title={i18next.t("login:Face Recognition")}
+      width={350}
+      footer={[
+        <Button key="ok" type={"primary"} disabled={capturedImageArray.length === 0} onClick={() => {
+          onOk(capturedImageArray);
+        }}>
+        Ok
+        </Button>,
+        <Button key="back" onClick={onCancel}>
+        Cancel
+        </Button>,
+      ]}
+      destroyOnClose={true}
+      open={visible}>
+      <Progress percent={percent} />
+      <div style={{
+        marginTop: "20px",
+        marginBottom: "50px",
+        justifyContent: "center",
+        alignContent: "center",
+        position: "relative",
+        flexDirection: "column",
+      }}>
+        {
+          <div style={{display: "flex", justifyContent: "center", alignContent: "center"}}>
+            <video
+              ref={videoRef}
+              style={{
+                borderRadius: "50%",
+                height: "220px",
+                verticalAlign: "middle",
+                width: "220px",
+                objectFit: "cover",
+              }}
+            ></video>
+            <div style={{
+              position: "absolute",
+              width: "240px",
+              height: "240px",
+              top: "50%",
+              left: "50%",
+              transform: "translate(-50%, -50%)",
+            }}>
+              <svg width="240" height="240" fill="none">
+                <circle
+                  strokeDasharray="700"
+                  strokeDashoffset={700 - 6.9115 * percent}
+                  strokeWidth="4"
+                  cx="120"
+                  cy="120"
+                  r="110"
+                  stroke="#5734d3"
+                  transform="rotate(-90, 120, 120)"
+                  strokeLinecap="round"
+                  style={{transition: "all .2s linear"}}
+                ></circle>
+              </svg>
+            </div>
+            <canvas ref={canvasRef} style={{position: "absolute"}} />
+          </div>
+        }
+      </div>
+    </Modal>
+  </div>;
+};
+
+export default FaceRecognitionCommonModal;

web/src/common/modal/FaceRecognitionModal.js

@@ -14,11 +14,12 @@
 
 import * as faceapi from "face-api.js";
 import React, {useState} from "react";
-import {Button, Modal, Progress, Spin, message} from "antd";
+import {Button, Modal, Progress, Space, Spin, message} from "antd";
 import i18next from "i18next";
+import Dragger from "antd/es/upload/Dragger";
 
 const FaceRecognitionModal = (props) => {
-  const {visible, onOk, onCancel} = props;
+  const {visible, onOk, onCancel, withImage} = props;
   const [modelsLoaded, setModelsLoaded] = React.useState(false);
   const [isCameraCaptured, setIsCameraCaptured] = useState(false);
 
@@ -28,11 +29,14 @@ const FaceRecognitionModal = (props) => {
   const mediaStreamRef = React.useRef(null);
   const [percent, setPercent] = useState(0);
 
+  const [files, setFiles] = useState([]);
+  const [currentFaceId, setCurrentFaceId] = React.useState();
+  const [currentFaceIndex, setCurrentFaceIndex] = React.useState();
+
   React.useEffect(() => {
     const loadModels = async() => {
       // const MODEL_URL = process.env.PUBLIC_URL + "/models";
       // const MODEL_URL = "https://justadudewhohacks.github.io/face-api.js/models";
-      // const MODEL_URL = "https://cdn.casbin.org/site/casdoor/models";
       const MODEL_URL = "https://cdn.casdoor.com/casdoor/models";
 
       Promise.all([
@@ -50,6 +54,9 @@ const FaceRecognitionModal = (props) => {
   }, []);
 
   React.useEffect(() => {
+    if (withImage) {
+      return;
+    }
     if (visible) {
       setPercent(0);
       if (modelsLoaded) {
@@ -75,6 +82,9 @@ const FaceRecognitionModal = (props) => {
   }, [visible, modelsLoaded]);
 
   React.useEffect(() => {
+    if (withImage) {
+      return;
+    }
     if (isCameraCaptured) {
       let count = 0;
       const interval = setInterval(() => {
@@ -98,6 +108,9 @@ const FaceRecognitionModal = (props) => {
   }, [isCameraCaptured]);
 
   const handleStreamVideo = () => {
+    if (withImage) {
+      return;
+    }
     let count = 0;
     let goodCount = 0;
     if (!detection.current) {
@@ -148,73 +161,163 @@ const FaceRecognitionModal = (props) => {
     }
   };
 
-  return (
-    <div>
-      <Modal
-        closable={false}
+  const getBase64 = (file) => {
+    return new Promise((resolve, reject) => {
+      const reader = new FileReader();
+      reader.readAsDataURL(file);
+      reader.onload = () => resolve(reader.result);
+      reader.onerror = (error) => reject(error);
+    });
+  };
+
+  if (!withImage) {
+    return (
+      <div>
+        <Modal
+          closable={false}
+          maskClosable={false}
+          destroyOnClose={true}
+          open={visible && isCameraCaptured}
+          title={i18next.t("login:Face Recognition")}
+          width={350}
+          footer={[
+            <Button key="back" onClick={onCancel}>
+                  Cancel
+            </Button>,
+          ]}
+        >
+          <Progress percent={percent} />
+          <div style={{
+            marginTop: "20px",
+            marginBottom: "50px",
+            justifyContent: "center",
+            alignContent: "center",
+            position: "relative",
+            flexDirection: "column",
+          }}>
+            {
+              modelsLoaded ?
+                <div style={{display: "flex", justifyContent: "center", alignContent: "center"}}>
+                  <video
+                    ref={videoRef}
+                    onPlay={handleStreamVideo}
+                    style={{
+                      borderRadius: "50%",
+                      height: "220px",
+                      verticalAlign: "middle",
+                      width: "220px",
+                      objectFit: "cover",
+                    }}
+                  ></video>
+                  <div style={{
+                    position: "absolute",
+                    width: "240px",
+                    height: "240px",
+                    top: "50%",
+                    left: "50%",
+                    transform: "translate(-50%, -50%)",
+                  }}>
+                    <svg width="240" height="240" fill="none">
+                      <circle
+                        strokeDasharray="700"
+                        strokeDashoffset={700 - 6.9115 * percent}
+                        strokeWidth="4"
+                        cx="120"
+                        cy="120"
+                        r="110"
+                        stroke="#5734d3"
+                        transform="rotate(-90, 120, 120)"
+                        strokeLinecap="round"
+                        style={{transition: "all .2s linear"}}
+                      ></circle>
+                    </svg>
+                  </div>
+                  <canvas ref={canvasRef} style={{position: "absolute"}} />
+                </div>
+                :
+                <div>
+                  <Spin tip={i18next.t("login:Loading")} size="large"
+                    style={{display: "flex", justifyContent: "center", alignContent: "center"}}>
+                    <div className="content" />
+                  </Spin>
+                </div>
+            }
+          </div>
+        </Modal>
+      </div>
+    );
+  } else {
+    return <div>
+      <Modal closable={false}
         maskClosable={false}
         destroyOnClose={true}
-        open={visible && isCameraCaptured}
+        open={visible}
         title={i18next.t("login:Face Recognition")}
         width={350}
         footer={[
-          <Button key="back" onClick={onCancel}>
-            Cancel
+          <Button key="ok" type={"primary"} disabled={!currentFaceId || currentFaceId?.length === 0} onClick={() => {
+            onOk(Array.from(currentFaceId.descriptor));
+          }}>
+            Ok
           </Button>,
-        ]}
-      >
-        <Progress percent={percent} />
-        <div style={{marginTop: "20px", marginBottom: "50px", justifyContent: "center", alignContent: "center", position: "relative", flexDirection: "column"}}>
+          <Button key="back" onClick={onCancel}>
+                  Cancel
+          </Button>,
+        ]}>
+        <Space direction={"vertical"} style={{width: "100%"}}>
+          <Dragger
+            multiple={true}
+            defaultFileList={files}
+            style={{width: "100%"}}
+            beforeUpload={(file) => {
+              getBase64(file).then(res => {
+                file.base64 = res;
+                files.push(file);
+              });
+              setCurrentFaceId([]);
+              return false;
+            }}
+            onRemove={(file) => {
+              const index = files.indexOf(file);
+              const newFileList = files.slice();
+              newFileList.splice(index, 1);
+              setFiles(newFileList);
+              setCurrentFaceId([]);
+            }}
+          >
+            <p>{i18next.t("general:Click to Upload")}</p>
+          </Dragger >
           {
-            modelsLoaded ?
-              <div style={{display: "flex", justifyContent: "center", alignContent: "center"}}>
-                <video
-                  ref={videoRef}
-                  onPlay={handleStreamVideo}
-                  style={{
-                    borderRadius: "50%",
-                    height: "220px",
-                    verticalAlign: "middle",
-                    width: "220px",
-                    objectFit: "cover",
-                  }}
-                ></video>
-                <div style={{
-                  position: "absolute",
-                  width: "240px",
-                  height: "240px",
-                  top: "50%",
-                  left: "50%",
-                  transform: "translate(-50%, -50%)",
-                }}>
-                  <svg width="240" height="240" fill="none">
-                    <circle
-                      strokeDasharray="700"
-                      strokeDashoffset={700 - 6.9115 * percent}
-                      strokeWidth="4"
-                      cx="120"
-                      cy="120"
-                      r="110"
-                      stroke="#5734d3"
-                      transform="rotate(-90, 120, 120)"
-                      strokeLinecap="round"
-                      style={{transition: "all .2s linear"}}
-                    ></circle>
-                  </svg>
-                </div>
-                <canvas ref={canvasRef} style={{position: "absolute"}} />
-              </div>
-              :
-              <div>
-                <Spin tip={i18next.t("login:Loading")} size="large" style={{display: "flex", justifyContent: "center", alignContent: "center"}}>
-                  <div className="content" />
-                </Spin>
-              </div>
+            modelsLoaded ? <Button style={{width: "100%"}} onClick={async() => {
+              let maxScore = 0;
+              for (const file of files) {
+                const fileIndex = files.indexOf(file);
+                const img = new Image();
+                img.src = file.base64;
+                const faceIds = await faceapi.detectAllFaces(img, new faceapi.TinyFaceDetectorOptions()).withFaceLandmarks().withFaceDescriptors();
+                if (faceIds[0]?.detection.score > 0.9 && faceIds[0]?.detection.score > maxScore) {
+                  maxScore = faceIds[0]?.detection.score;
+                  setCurrentFaceId(faceIds[0]);
+                  setCurrentFaceIndex(fileIndex);
+                }
+              }
+              if (maxScore < 0.9) {
+                message.error(i18next.t("login:Face recognition failed"));
+              }
+            }}> {i18next.t("application:Generate Face ID")}</Button> : null
           }
-        </div>
+        </Space>
+        {
+          currentFaceId && currentFaceId.length !== 0 ? (
+            <React.Fragment>
+              <div>{i18next.t("application:Select")}:{files[currentFaceIndex]?.name}</div>
+              <div><img src={files[currentFaceIndex]?.base64} alt="selected" style={{width: "100%"}} /></div>
+            </React.Fragment>
+          ) : null
+        }
       </Modal>
-    </div>
-  );
+    </div>;
+  }
 };
 
 export default FaceRecognitionModal;

web/src/common/select/LanguageSelect.js

@@ -30,6 +30,7 @@ class LanguageSelect extends React.Component {
     this.state = {
       classes: props,
       languages: props.languages ?? Setting.Countries.map(item => item.key),
+      onClick: props.onClick,
     };
 
     Setting.Countries.forEach((country) => {
@@ -50,6 +51,9 @@ class LanguageSelect extends React.Component {
   render() {
     const languageItems = this.getOrganizationLanguages(this.state.languages);
     const onClick = (e) => {
+      if (typeof this.state.onClick === "function") {
+        this.state.onClick(e.key);
+      }
       Setting.setLanguage(e.key);
     };
 

web/src/common/select/OrganizationSelect.js

@@ -70,6 +70,7 @@ function OrganizationSelect(props) {
     <Select
       options={getOrganizationItems()}
       virtual={false}
+      popupMatchSelectWidth={false}
       placeholder={i18next.t("login:Please select an organization")}
       value={value}
       onChange={handleOnChange}

web/src/locales/ar/data.json

@@ -17,11 +17,15 @@
     "Use same DB - Tooltip": "Use same DB - Tooltip"
   },
   "application": {
+    "Add Face ID": "Add Face ID",
+    "Add Face ID with Image": "Add Face ID with Image",
     "Always": "Always",
     "Auto signin": "Auto signin",
     "Auto signin - Tooltip": "When a logged-in session exists in Casdoor, it is automatically used for application-side login",
     "Background URL": "Background URL",
     "Background URL - Tooltip": "URL of the background image used in the login page",
+    "Background URL Mobile": "Background URL Mobile",
+    "Background URL Mobile - Tooltip": "Background URL Mobile - Tooltip",
     "Big icon": "Big icon",
     "Binding providers": "Binding providers",
     "CSS style": "CSS style",
@@ -63,6 +67,7 @@
     "Footer HTML - Tooltip": "Custom the footer of your application",
     "Form position": "Form position",
     "Form position - Tooltip": "Location of the signup, signin and forget password forms",
+    "Generate Face ID": "Generate Face ID",
     "Grant types": "Grant types",
     "Grant types - Tooltip": "Select which grant types are allowed in the OAuth protocol",
     "Header HTML": "Header HTML",
@@ -189,6 +194,7 @@
     "Verify": "Verify"
   },
   "general": {
+    "AI Assistant": "AI Assistant",
     "API key": "API key",
     "API key - Tooltip": "API key - Tooltip",
     "Access key": "Access key",
@@ -201,7 +207,6 @@
     "Adapter - Tooltip": "Table name of the policy store",
     "Adapters": "Adapters",
     "Add": "Add",
-    "Add Face Id": "Add Face Id",
     "Add custom item": "Add custom item",
     "Admin": "Admin",
     "Affiliation URL": "Affiliation URL",
@@ -231,6 +236,7 @@
     "Created time": "Created time",
     "Custom": "Custom",
     "Dashboard": "Dashboard",
+    "Data": "Data",
     "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application for users registered directly from the organization page",
@@ -241,6 +247,7 @@
     "Delete": "Delete",
     "Description": "Description",
     "Description - Tooltip": "Detailed description information for reference, Casdoor itself will not use it",
+    "Detail": "详情",
     "Disable": "Disable",
     "Display name": "Display name",
     "Display name - Tooltip": "A user-friendly, easily readable name displayed publicly in the UI",
@@ -258,7 +265,6 @@
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
-    "FaceIdData": "FaceIdData",
     "Failed to add": "Failed to add",
     "Failed to connect to server": "Failed to connect to server",
     "Failed to delete": "Failed to delete",
@@ -344,6 +350,7 @@
     "Phone - Tooltip": "Phone number",
     "Phone only": "Phone only",
     "Phone or Email": "Phone or Email",
+    "Plain": "Plain",
     "Plan": "Plan",
     "Plan - Tooltip": "Plan - Tooltip",
     "Plans": "Plans",
@@ -362,6 +369,7 @@
     "QR code is too large": "QR code is too large",
     "Real name": "Real name",
     "Records": "Records",
+    "Request": "Request",
     "Request URI": "Request URI",
     "Resources": "Resources",
     "Role": "Role",
@@ -412,6 +420,7 @@
     "This is a read-only demo site!": "This is a read-only demo site!",
     "Timestamp": "Timestamp",
     "Tokens": "Tokens",
+    "Tour": "Tour",
     "Transactions": "Transactions",
     "Type": "Type",
     "Type - Tooltip": "Type - Tooltip",
@@ -442,7 +451,8 @@
     "Parent group - Tooltip": "Parent group - Tooltip",
     "Physical": "Physical",
     "Show all": "Show all",
-    "Virtual": "Virtual"
+    "Virtual": "Virtual",
+    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
   },
   "home": {
     "New users past 30 days": "New users past 30 days",
@@ -461,7 +471,8 @@
     "Quota": "Quota",
     "Quota - Tooltip": "Quota - Tooltip",
     "Used count": "Used count",
-    "Used count - Tooltip": "Used count - Tooltip"
+    "Used count - Tooltip": "Used count - Tooltip",
+    "You need to first specify a default application for organization: ": "You need to first specify a default application for organization: "
   },
   "ldap": {
     "Admin": "Admin",
@@ -586,11 +597,6 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
-  "mfaAccount": {
-    "Account Name": "Account Name",
-    "Issuer": "Issuer",
-    "Secret Key": "Secret Key"
-  },
   "model": {
     "Advanced Editor": "Advanced Editor",
     "Basic Editor": "Basic Editor",
@@ -610,6 +616,8 @@
     "Is profile public": "Is profile public",
     "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
     "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
     "New Organization": "New Organization",
     "Optional": "Optional",
     "Password expire days": "Password expire days",
@@ -622,10 +630,14 @@
     "Tags - Tooltip": "Collection of tags available for users to choose from",
     "Use Email as username": "Use Email as username",
     "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
+    "User types": "User types",
+    "User types - Tooltip": "User types - Tooltip",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
   },
   "payment": {
     "Confirm your invoice information": "Confirm your invoice information",
@@ -728,6 +740,7 @@
     "paid-user do not have active subscription or pending subscription, please select a plan to buy": "paid-user do not have active subscription or pending subscription, please select a plan to buy"
   },
   "product": {
+    "AirWallex": "AirWallex",
     "Alipay": "Alipay",
     "Buy": "Buy",
     "Buy Product": "Buy Product",
@@ -757,7 +770,6 @@
     "Sold": "Sold",
     "Sold - Tooltip": "Quantity sold",
     "Stripe": "Stripe",
-    "AirWallex": "AirWallex",
     "Tag - Tooltip": "Tag of product",
     "Test buy page..": "Test buy page..",
     "There is no payment channel for this product.": "There is no payment channel for this product.",
@@ -817,6 +829,8 @@
     "Edit Provider": "Edit Provider",
     "Email content": "Email content",
     "Email content - Tooltip": "Content of the Email",
+    "Email regex": "Email regex",
+    "Email regex - Tooltip": "Email regex - Tooltip",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
     "Endpoint": "Endpoint",
@@ -844,6 +858,8 @@
     "Key text - Tooltip": "Key text - Tooltip",
     "Metadata": "Metadata",
     "Metadata - Tooltip": "SAML metadata",
+    "Metadata url": "Metadata url",
+    "Metadata url - Tooltip": "Metadata url - Tooltip",
     "Method - Tooltip": "Login method, QR code or silent login",
     "New Provider": "New Provider",
     "Normal": "Normal",
@@ -1244,6 +1260,8 @@
     "Edit Webhook": "Edit Webhook",
     "Events": "Events",
     "Events - Tooltip": "Events",
+    "Extended user fields": "Extended user fields",
+    "Extended user fields - Tooltip": "Extended user fields - Tooltip",
     "Headers": "Headers",
     "Headers - Tooltip": "HTTP headers (key-value pairs)",
     "Is user extended": "Is user extended",

web/src/locales/cs/data.json

@@ -17,11 +17,15 @@
     "Use same DB - Tooltip": "Použít stejnou DB jako Casdoor"
   },
   "application": {
+    "Add Face ID": "Add Face ID",
+    "Add Face ID with Image": "Add Face ID with Image",
     "Always": "Vždy",
     "Auto signin": "Automatické přihlášení",
     "Auto signin - Tooltip": "Když existuje přihlášená relace v Casdoor, je automaticky použita pro přihlášení na straně aplikace",
     "Background URL": "URL pozadí",
     "Background URL - Tooltip": "URL obrázku pozadí použitého na přihlašovací stránce",
+    "Background URL Mobile": "Background URL Mobile",
+    "Background URL Mobile - Tooltip": "Background URL Mobile - Tooltip",
     "Big icon": "Velká ikona",
     "Binding providers": "Propojení poskytovatelé",
     "CSS style": "CSS styl",
@@ -63,6 +67,7 @@
     "Footer HTML - Tooltip": "Přizpůsobit patičku vaší aplikace",
     "Form position": "Pozice formuláře",
     "Form position - Tooltip": "Umístění formulářů pro registraci, přihlášení a zapomenuté heslo",
+    "Generate Face ID": "Generate Face ID",
     "Grant types": "Typy grantů",
     "Grant types - Tooltip": "Vyberte, které typy grantů jsou povoleny v OAuth protokolu",
     "Header HTML": "HTML hlavičky",
@@ -189,6 +194,7 @@
     "Verify": "Ověřit"
   },
   "general": {
+    "AI Assistant": "AI Assistant",
     "API key": "API klíč",
     "API key - Tooltip": "API klíč - Tooltip",
     "Access key": "Přístupový klíč",
@@ -201,7 +207,6 @@
     "Adapter - Tooltip": "Název tabulky úložiště politiky",
     "Adapters": "Adaptéry",
     "Add": "Přidat",
-    "Add Face Id": "Přidat Face Id",
     "Add custom item": "Přidat vlastní položku",
     "Admin": "Admin",
     "Affiliation URL": "URL přidružení",
@@ -231,6 +236,7 @@
     "Created time": "Čas vytvoření",
     "Custom": "Vlastní",
     "Dashboard": "Dashboard",
+    "Data": "Data",
     "Default": "Výchozí",
     "Default application": "Výchozí aplikace",
     "Default application - Tooltip": "Výchozí aplikace pro uživatele registrované přímo ze stránky organizace",
@@ -241,6 +247,7 @@
     "Delete": "Smazat",
     "Description": "Popis",
     "Description - Tooltip": "Podrobný popis pro referenci, Casdoor sám o sobě jej nepoužívá",
+    "Detail": "详情",
     "Disable": "Zakázat",
     "Display name": "Zobrazované jméno",
     "Display name - Tooltip": "Uživatelsky přívětivé, snadno čitelné jméno zobrazené veřejně v UI",
@@ -258,7 +265,6 @@
     "Enabled": "Povoleno",
     "Enabled successfully": "Úspěšně povoleno",
     "Enforcers": "Enforcers",
-    "FaceIdData": "FaceIdData",
     "Failed to add": "Nepodařilo se přidat",
     "Failed to connect to server": "Nepodařilo se připojit k serveru",
     "Failed to delete": "Nepodařilo se smazat",
@@ -344,6 +350,7 @@
     "Phone - Tooltip": "Telefonní číslo",
     "Phone only": "Pouze telefon",
     "Phone or Email": "Telefon nebo Email",
+    "Plain": "Plain",
     "Plan": "Plán",
     "Plan - Tooltip": "Plán - Tooltip",
     "Plans": "Plány",
@@ -362,6 +369,7 @@
     "QR code is too large": "QR code is too large",
     "Real name": "Skutečné jméno",
     "Records": "Záznamy",
+    "Request": "Request",
     "Request URI": "Požadavek URI",
     "Resources": "Zdroje",
     "Role": "Role",
@@ -412,6 +420,7 @@
     "This is a read-only demo site!": "Toto je demo stránka pouze pro čtení!",
     "Timestamp": "Časové razítko",
     "Tokens": "Tokeny",
+    "Tour": "Tour",
     "Transactions": "Transakce",
     "Type": "Typ",
     "Type - Tooltip": "Typ - Tooltip",
@@ -442,7 +451,8 @@
     "Parent group - Tooltip": "Nadřazená skupina - Tooltip",
     "Physical": "Fyzická",
     "Show all": "Zobrazit vše",
-    "Virtual": "Virtuální"
+    "Virtual": "Virtuální",
+    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
   },
   "home": {
     "New users past 30 days": "Noví uživatelé za posledních 30 dní",
@@ -461,7 +471,8 @@
     "Quota": "Kvóta",
     "Quota - Tooltip": "Maximální počet uživatelů, kteří se mohou zaregistrovat pomocí tohoto pozvánkového kódu",
     "Used count": "Počet použití",
-    "Used count - Tooltip": "Počet použití tohoto pozvánkového kódu"
+    "Used count - Tooltip": "Počet použití tohoto pozvánkového kódu",
+    "You need to first specify a default application for organization: ": "You need to first specify a default application for organization: "
   },
   "ldap": {
     "Admin": "Admin",
@@ -586,11 +597,6 @@
     "Your phone is": "Váš telefon je",
     "preferred": "preferované"
   },
-  "mfaAccount": {
-    "Account Name": "Account Name",
-    "Issuer": "Issuer",
-    "Secret Key": "Secret Key"
-  },
   "model": {
     "Advanced Editor": "Pokročilý editor",
     "Basic Editor": "Základní editor",
@@ -610,6 +616,8 @@
     "Is profile public": "Je profil veřejný",
     "Is profile public - Tooltip": "Po uzavření mohou profilovou stránku uživatele přistupovat pouze globální administrátoři nebo uživatelé ve stejné organizaci",
     "Modify rule": "Upravit pravidlo",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
     "New Organization": "Nová organizace",
     "Optional": "Volitelný",
     "Password expire days": "Password expire days",
@@ -622,10 +630,14 @@
     "Tags - Tooltip": "Kolekce štítků dostupných pro uživatele k výběru",
     "Use Email as username": "Použít email jako uživatelské jméno",
     "Use Email as username - Tooltip": "Použít email jako uživatelské jméno, pokud není při registraci viditelné pole uživatelského jména",
+    "User types": "User types",
+    "User types - Tooltip": "User types - Tooltip",
     "View rule": "Zobrazit pravidlo",
     "Visible": "Viditelné",
     "Website URL": "URL webových stránek",
-    "Website URL - Tooltip": "Domovská URL organizace. Toto pole se v Casdoor nepoužívá"
+    "Website URL - Tooltip": "Domovská URL organizace. Toto pole se v Casdoor nepoužívá",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
   },
   "payment": {
     "Confirm your invoice information": "Potvrďte informace na faktuře",
@@ -728,6 +740,7 @@
     "paid-user do not have active subscription or pending subscription, please select a plan to buy": "placený uživatel nemá aktivní předplatné nebo čekající předplatné, prosím vyberte plán k nákupu"
   },
   "product": {
+    "AirWallex": "AirWallex",
     "Alipay": "Alipay",
     "Buy": "Koupit",
     "Buy Product": "Koupit produkt",
@@ -757,7 +770,6 @@
     "Sold": "Prodáno",
     "Sold - Tooltip": "Prodávané množství",
     "Stripe": "Stripe",
-    "AirWallex": "AirWallex",
     "Tag - Tooltip": "Štítek produktu",
     "Test buy page..": "Testovací stránka nákupu..",
     "There is no payment channel for this product.": "Pro tento produkt neexistuje žádný platební kanál.",
@@ -817,6 +829,8 @@
     "Edit Provider": "Upravit poskytovatele",
     "Email content": "Obsah emailu",
     "Email content - Tooltip": "Obsah emailu",
+    "Email regex": "Email regex",
+    "Email regex - Tooltip": "Email regex - Tooltip",
     "Email title": "Název emailu",
     "Email title - Tooltip": "Název emailu",
     "Endpoint": "Koncový bod",
@@ -844,6 +858,8 @@
     "Key text - Tooltip": "Text klíče",
     "Metadata": "Metadata",
     "Metadata - Tooltip": "SAML metadata",
+    "Metadata url": "Metadata url",
+    "Metadata url - Tooltip": "Metadata url - Tooltip",
     "Method - Tooltip": "Metoda přihlášení, QR kód nebo tiché přihlášení",
     "New Provider": "Nový poskytovatel",
     "Normal": "Normální",
@@ -1244,6 +1260,8 @@
     "Edit Webhook": "Upravit Webhook",
     "Events": "Události",
     "Events - Tooltip": "Události",
+    "Extended user fields": "Extended user fields",
+    "Extended user fields - Tooltip": "Extended user fields - Tooltip",
     "Headers": "Hlavičky",
     "Headers - Tooltip": "HTTP hlavičky (klíč-hodnota)",
     "Is user extended": "Jsou rozšířená data uživatele",

web/src/locales/de/data.json

@@ -17,11 +17,15 @@
     "Use same DB - Tooltip": "Use same DB - Tooltip"
   },
   "application": {
+    "Add Face ID": "Add Face ID",
+    "Add Face ID with Image": "Add Face ID with Image",
     "Always": "Immer",
     "Auto signin": "Automatische Anmeldung",
     "Auto signin - Tooltip": "Wenn eine angemeldete Session in Casdoor vorhanden ist, wird diese automatisch für die Anmeldung auf Anwendungsebene verwendet",
     "Background URL": "Background-URL",
     "Background URL - Tooltip": "URL des Hintergrundbildes, das auf der Anmeldeseite angezeigt wird",
+    "Background URL Mobile": "Background URL Mobile",
+    "Background URL Mobile - Tooltip": "Background URL Mobile - Tooltip",
     "Big icon": "Big icon",
     "Binding providers": "Binding providers",
     "CSS style": "CSS style",
@@ -63,6 +67,7 @@
     "Footer HTML - Tooltip": "Custom the footer of your application",
     "Form position": "Formposition",
     "Form position - Tooltip": "Position der Anmelde-, Registrierungs- und Passwort-vergessen-Formulare",
+    "Generate Face ID": "Generate Face ID",
     "Grant types": "Grant-Typen",
     "Grant types - Tooltip": "Wählen Sie aus, welche Grant-Typen im OAuth-Protokoll zulässig sind",
     "Header HTML": "Header HTML",
@@ -189,6 +194,7 @@
     "Verify": "überprüfen"
   },
   "general": {
+    "AI Assistant": "AI Assistant",
     "API key": "API key",
     "API key - Tooltip": "API key - Tooltip",
     "Access key": "Access key",
@@ -201,7 +207,6 @@
     "Adapter - Tooltip": "Tabellenname des Policy Stores",
     "Adapters": "Adapter",
     "Add": "Hinzufügen",
-    "Add Face Id": "Add Face Id",
     "Add custom item": "Add custom item",
     "Admin": "Admin",
     "Affiliation URL": "Zugehörigkeits-URL",
@@ -231,6 +236,7 @@
     "Created time": "Erstellte Zeit",
     "Custom": "Custom",
     "Dashboard": "Dashboard",
+    "Data": "Data",
     "Default": "Default",
     "Default application": "Standard Anwendung",
     "Default application - Tooltip": "Standard-Anwendung für Benutzer, die direkt von der Organisationsseite registriert wurden",
@@ -241,6 +247,7 @@
     "Delete": "Löschen",
     "Description": "Beschreibung",
     "Description - Tooltip": "Detaillierte Beschreibungsinformationen zur Referenz, Casdoor selbst wird es nicht verwenden",
+    "Detail": "详情",
     "Disable": "Disable",
     "Display name": "Anzeigename",
     "Display name - Tooltip": "Ein benutzerfreundlicher, leicht lesbarer Name, der öffentlich in der Benutzeroberfläche angezeigt wird",
@@ -258,7 +265,6 @@
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
-    "FaceIdData": "FaceIdData",
     "Failed to add": "Fehler beim hinzufügen",
     "Failed to connect to server": "Die Verbindung zum Server konnte nicht hergestellt werden",
     "Failed to delete": "Konnte nicht gelöscht werden",
@@ -344,6 +350,7 @@
     "Phone - Tooltip": "Telefonnummer",
     "Phone only": "Phone only",
     "Phone or Email": "Phone or Email",
+    "Plain": "Plain",
     "Plan": "Plan",
     "Plan - Tooltip": "Plan - Tooltip",
     "Plans": "Pläne",
@@ -362,6 +369,7 @@
     "QR code is too large": "QR code is too large",
     "Real name": "Echter Name",
     "Records": "Datensätze",
+    "Request": "Request",
     "Request URI": "Request URI",
     "Resources": "Ressourcen",
     "Role": "Role",
@@ -412,6 +420,7 @@
     "This is a read-only demo site!": "Dies ist eine schreibgeschützte Demo-Seite!",
     "Timestamp": "Timestamp",
     "Tokens": "Token",
+    "Tour": "Tour",
     "Transactions": "Transactions",
     "Type": "Type",
     "Type - Tooltip": "Type - Tooltip",
@@ -442,7 +451,8 @@
     "Parent group - Tooltip": "Parent group - Tooltip",
     "Physical": "Physical",
     "Show all": "Show all",
-    "Virtual": "Virtual"
+    "Virtual": "Virtual",
+    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
   },
   "home": {
     "New users past 30 days": "New users past 30 days",
@@ -461,7 +471,8 @@
     "Quota": "Quota",
     "Quota - Tooltip": "Quota - Tooltip",
     "Used count": "Used count",
-    "Used count - Tooltip": "Used count - Tooltip"
+    "Used count - Tooltip": "Used count - Tooltip",
+    "You need to first specify a default application for organization: ": "You need to first specify a default application for organization: "
   },
   "ldap": {
     "Admin": "Admin",
@@ -586,11 +597,6 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
-  "mfaAccount": {
-    "Account Name": "Account Name",
-    "Issuer": "Issuer",
-    "Secret Key": "Secret Key"
-  },
   "model": {
     "Advanced Editor": "Erweiterter Editor",
     "Basic Editor": "Basis-Editor",
@@ -610,6 +616,8 @@
     "Is profile public": "Ist das Profil öffentlich?",
     "Is profile public - Tooltip": "Nach der Schließung können nur globale Administratoren oder Benutzer in der gleichen Organisation auf die Profilseite des Benutzers zugreifen",
     "Modify rule": "Regel ändern",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
     "New Organization": "Neue Organisation",
     "Optional": "Optional",
     "Password expire days": "Password expire days",
@@ -622,10 +630,14 @@
     "Tags - Tooltip": "Sammlung von Tags, die für Benutzer zur Auswahl zur Verfügung stehen",
     "Use Email as username": "Use Email as username",
     "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
+    "User types": "User types",
+    "User types - Tooltip": "User types - Tooltip",
     "View rule": "Ansichtsregel",
     "Visible": "Sichtbar",
     "Website URL": "Website-URL",
-    "Website URL - Tooltip": "Die Homepage-URL der Organisation. Dieses Feld wird in Casdoor nicht verwendet"
+    "Website URL - Tooltip": "Die Homepage-URL der Organisation. Dieses Feld wird in Casdoor nicht verwendet",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
   },
   "payment": {
     "Confirm your invoice information": "Bestätigen Sie Ihre Rechnungsinformationen",
@@ -728,6 +740,7 @@
     "paid-user do not have active subscription or pending subscription, please select a plan to buy": "paid-user do not have active subscription or pending subscription, please select a plan to buy"
   },
   "product": {
+    "AirWallex": "AirWallex",
     "Alipay": "Alipay",
     "Buy": "Kaufen",
     "Buy Product": "Produkt kaufen",
@@ -757,7 +770,6 @@
     "Sold": "Verkauft",
     "Sold - Tooltip": "Menge verkauft",
     "Stripe": "Stripe",
-    "AirWallex": "AirWallex",
     "Tag - Tooltip": "Tag des Produkts",
     "Test buy page..": "Testkaufseite.",
     "There is no payment channel for this product.": "Es gibt keinen Zahlungskanal für dieses Produkt.",
@@ -817,6 +829,8 @@
     "Edit Provider": "Provider bearbeiten",
     "Email content": "Email-Inhalt",
     "Email content - Tooltip": "Inhalt der E-Mail",
+    "Email regex": "Email regex",
+    "Email regex - Tooltip": "Email regex - Tooltip",
     "Email title": "Email-Titel",
     "Email title - Tooltip": "Betreff der E-Mail",
     "Endpoint": "Endpunkt",
@@ -844,6 +858,8 @@
     "Key text - Tooltip": "Key text - Tooltip",
     "Metadata": "Metadaten",
     "Metadata - Tooltip": "SAML-Metadaten",
+    "Metadata url": "Metadata url",
+    "Metadata url - Tooltip": "Metadata url - Tooltip",
     "Method - Tooltip": "Anmeldeverfahren, QR-Code oder Silent-Login",
     "New Provider": "Neuer Provider",
     "Normal": "Normal",
@@ -1244,6 +1260,8 @@
     "Edit Webhook": "Webhook bearbeiten",
     "Events": "Ereignisse",
     "Events - Tooltip": "Ereignisse",
+    "Extended user fields": "Extended user fields",
+    "Extended user fields - Tooltip": "Extended user fields - Tooltip",
     "Headers": "Überschriften",
     "Headers - Tooltip": "HTTP-Header (Schlüssel-Wert-Paare)",
     "Is user extended": "Wurde der Benutzer erweitert?",

web/src/locales/en/data.json

@@ -17,11 +17,15 @@
     "Use same DB - Tooltip": "Use the same DB as Casdoor"
   },
   "application": {
+    "Add Face ID": "Add Face ID",
+    "Add Face ID with Image": "Add Face ID with Image",
     "Always": "Always",
     "Auto signin": "Auto signin",
     "Auto signin - Tooltip": "When a logged-in session exists in Casdoor, it is automatically used for application-side login",
     "Background URL": "Background URL",
     "Background URL - Tooltip": "URL of the background image used in the login page",
+    "Background URL Mobile": "Background URL Mobile",
+    "Background URL Mobile - Tooltip": "Background URL Mobile - Tooltip",
     "Big icon": "Big icon",
     "Binding providers": "Binding providers",
     "CSS style": "CSS style",
@@ -63,6 +67,7 @@
     "Footer HTML - Tooltip": "Custom the footer of your application",
     "Form position": "Form position",
     "Form position - Tooltip": "Location of the signup, signin and forget password forms",
+    "Generate Face ID": "Generate Face ID",
     "Grant types": "Grant types",
     "Grant types - Tooltip": "Select which grant types are allowed in the OAuth protocol",
     "Header HTML": "Header HTML",
@@ -189,6 +194,7 @@
     "Verify": "Verify"
   },
   "general": {
+    "AI Assistant": "AI Assistant",
     "API key": "API key",
     "API key - Tooltip": "API key - Tooltip",
     "Access key": "Access key",
@@ -201,7 +207,6 @@
     "Adapter - Tooltip": "Table name of the policy store",
     "Adapters": "Adapters",
     "Add": "Add",
-    "Add Face Id": "Add Face Id",
     "Add custom item": "Add custom item",
     "Admin": "Admin",
     "Affiliation URL": "Affiliation URL",
@@ -231,6 +236,7 @@
     "Created time": "Created time",
     "Custom": "Custom",
     "Dashboard": "Dashboard",
+    "Data": "Data",
     "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application for users registered directly from the organization page",
@@ -241,6 +247,7 @@
     "Delete": "Delete",
     "Description": "Description",
     "Description - Tooltip": "Detailed description information for reference, Casdoor itself will not use it",
+    "Detail": "Detail",
     "Disable": "Disable",
     "Display name": "Display name",
     "Display name - Tooltip": "A user-friendly, easily readable name displayed publicly in the UI",
@@ -258,7 +265,6 @@
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
     "Enforcers": "Enforcers",
-    "FaceIdData": "FaceIdData",
     "Failed to add": "Failed to add",
     "Failed to connect to server": "Failed to connect to server",
     "Failed to delete": "Failed to delete",
@@ -344,6 +350,7 @@
     "Phone - Tooltip": "Phone number",
     "Phone only": "Phone only",
     "Phone or Email": "Phone or Email",
+    "Plain": "Plain",
     "Plan": "Plan",
     "Plan - Tooltip": "Plan - Tooltip",
     "Plans": "Plans",
@@ -362,6 +369,7 @@
     "QR code is too large": "QR code is too large",
     "Real name": "Real name",
     "Records": "Records",
+    "Request": "Request",
     "Request URI": "Request URI",
     "Resources": "Resources",
     "Role": "Role",
@@ -412,6 +420,7 @@
     "This is a read-only demo site!": "This is a read-only demo site!",
     "Timestamp": "Timestamp",
     "Tokens": "Tokens",
+    "Tour": "Tour",
     "Transactions": "Transactions",
     "Type": "Type",
     "Type - Tooltip": "Type - Tooltip",
@@ -442,7 +451,8 @@
     "Parent group - Tooltip": "Parent group - Tooltip",
     "Physical": "Physical",
     "Show all": "Show all",
-    "Virtual": "Virtual"
+    "Virtual": "Virtual",
+    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
   },
   "home": {
     "New users past 30 days": "New users past 30 days",
@@ -461,7 +471,8 @@
     "Quota": "Quota",
     "Quota - Tooltip": "The maximum number of users that can register using this invitation code",
     "Used count": "Used count",
-    "Used count - Tooltip": "The number of times this invitation code has been used"
+    "Used count - Tooltip": "The number of times this invitation code has been used",
+    "You need to first specify a default application for organization: ": "You need to first specify a default application for organization: "
   },
   "ldap": {
     "Admin": "Admin",
@@ -586,11 +597,6 @@
     "Your phone is": "Your phone is",
     "preferred": "preferred"
   },
-  "mfaAccount": {
-    "Account Name": "Account Name",
-    "Issuer": "Issuer",
-    "Secret Key": "Secret Key"
-  },
   "model": {
     "Advanced Editor": "Advanced Editor",
     "Basic Editor": "Basic Editor",
@@ -610,6 +616,8 @@
     "Is profile public": "Is profile public",
     "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
     "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
     "New Organization": "New Organization",
     "Optional": "Optional",
     "Password expire days": "Password expire days",
@@ -622,10 +630,14 @@
     "Tags - Tooltip": "Collection of tags available for users to choose from",
     "Use Email as username": "Use Email as username",
     "Use Email as username - Tooltip": "Use Email as username if the username field is not visible at signup",
+    "User types": "User types",
+    "User types - Tooltip": "User types - Tooltip",
     "View rule": "View rule",
     "Visible": "Visible",
     "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
   },
   "payment": {
     "Confirm your invoice information": "Confirm your invoice information",
@@ -728,6 +740,7 @@
     "paid-user do not have active subscription or pending subscription, please select a plan to buy": "paid-user do not have active subscription or pending subscription, please select a plan to buy"
   },
   "product": {
+    "AirWallex": "AirWallex",
     "Alipay": "Alipay",
     "Buy": "Buy",
     "Buy Product": "Buy Product",
@@ -757,7 +770,6 @@
     "Sold": "Sold",
     "Sold - Tooltip": "Quantity sold",
     "Stripe": "Stripe",
-    "AirWallex": "AirWallex",
     "Tag - Tooltip": "Tag of product",
     "Test buy page..": "Test buy page..",
     "There is no payment channel for this product.": "There is no payment channel for this product.",
@@ -817,6 +829,8 @@
     "Edit Provider": "Edit Provider",
     "Email content": "Email content",
     "Email content - Tooltip": "Content of the Email",
+    "Email regex": "Email regex",
+    "Email regex - Tooltip": "Email regex - Tooltip",
     "Email title": "Email title",
     "Email title - Tooltip": "Title of the email",
     "Endpoint": "Endpoint",
@@ -844,6 +858,8 @@
     "Key text - Tooltip": "Key text",
     "Metadata": "Metadata",
     "Metadata - Tooltip": "SAML metadata",
+    "Metadata url": "Metadata url",
+    "Metadata url - Tooltip": "Metadata url - Tooltip",
     "Method - Tooltip": "Login method, QR code or silent login",
     "New Provider": "New Provider",
     "Normal": "Normal",
@@ -1244,6 +1260,8 @@
     "Edit Webhook": "Edit Webhook",
     "Events": "Events",
     "Events - Tooltip": "Events",
+    "Extended user fields": "Extended user fields",
+    "Extended user fields - Tooltip": "Extended user fields - Tooltip",
     "Headers": "Headers",
     "Headers - Tooltip": "HTTP headers (key-value pairs)",
     "Is user extended": "Is user extended",