feat: support special chars like "+" in username parameter of /api/get-email-and-phone API (#3824 )

feat: can configure Domain field in Nextcloud OAuth provider (#3813 )
feat: can redirect user to login page after linking provider in prompt page (#3820 )
2025-07-14 08:03:23 +08:00 · 2025-05-23 17:29:00 +08:00 · 2025-05-23 17:23:34 +08:00 · 2025-05-23 07:15:53 +08:00 · 2025-05-22 20:42:47 +08:00 · 2025-05-21 18:54:42 +08:00
104 changed files with 1689 additions and 447 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@ COPY ./web .
 RUN yarn install --frozen-lockfile --network-timeout 1000000 && NODE_OPTIONS="--max-old-space-size=4096" yarn run build


-FROM --platform=$BUILDPLATFORM golang:1.20.12 AS BACK
+FROM --platform=$BUILDPLATFORM golang:1.21.13 AS BACK
 WORKDIR /go/src/casdoor
 COPY . .
 RUN ./build.sh
--- a/authz/authz.go
+++ b/authz/authz.go
@ -47,6 +47,7 @@ p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
 p, *, *, POST, /api/callback, *, *
+p, *, *, POST, /api/device-auth, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
 p, *, *, GET, /api/user, *, *
--- a/conf/app.conf
+++ b/conf/app.conf
@ -31,7 +31,7 @@ radiusServerPort = 1812
 radiusDefaultOrganization = "built-in"
 radiusSecret = "secret"
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
-logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
+logConfig = {"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
 initDataNewOnly = false
 initDataFile = "./init_data.json"
 frontendBaseDir = "../cc_0"
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@ -115,7 +115,7 @@ func TestGetConfigLogs(t *testing.T) {
 		description string
 		expected    string
 	}{
-		{"Default log config", `{"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
+		{"Default log config", `{"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
 	}

 	err := beego.LoadAppConfig("ini", "app.conf")
--- a/controllers/account.go
+++ b/controllers/account.go
@ -32,6 +32,7 @@ const (
 	ResponseTypeIdToken = "id_token"
 	ResponseTypeSaml    = "saml"
 	ResponseTypeCas     = "cas"
+	ResponseTypeDevice  = "device"
 )

 type Response struct {
@ -139,6 +140,8 @@ func (c *ApiController) Signup() {
 		invitationName = invitation.Name
 	}

+	userEmailVerified := false
+
 	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && authForm.Email != "" {
 		var checkResult *object.VerifyResult
 		checkResult, err = object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
@ -150,6 +153,8 @@ func (c *ApiController) Signup() {
 			c.ResponseError(checkResult.Msg)
 			return
 		}
+
+		userEmailVerified = true
 	}

 	var checkPhone string
@ -228,6 +233,7 @@ func (c *ApiController) Signup() {
 		Karma:             0,
 		Invitation:        invitationName,
 		InvitationCode:    authForm.InvitationCode,
+		EmailVerified:     userEmailVerified,
 	}

 	if len(organization.Tags) > 0 {
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -25,6 +25,7 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
+	"time"

 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/conf"
@ -146,7 +147,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			c.ResponseError(c.T("auth:Challenge method should be S256"))
 			return
 		}
-		code, err := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
+		code, err := object.GetOAuthCode(userId, clientId, form.Provider, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
 			return
@ -169,6 +170,32 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob

 			resp.Data2 = user.NeedUpdatePassword
 		}
+	} else if form.Type == ResponseTypeDevice {
+		authCache, ok := object.DeviceAuthMap.LoadAndDelete(form.UserCode)
+		if !ok {
+			c.ResponseError(c.T("auth:UserCode Expired"))
+			return
+		}
+
+		authCacheCast := authCache.(object.DeviceAuthCache)
+		if authCacheCast.RequestAt.Add(time.Second * 120).Before(time.Now()) {
+			c.ResponseError(c.T("auth:UserCode Expired"))
+			return
+		}
+
+		deviceAuthCacheDeviceCode, ok := object.DeviceAuthMap.Load(authCacheCast.UserName)
+		if !ok {
+			c.ResponseError(c.T("auth:DeviceCode Invalid"))
+			return
+		}
+
+		deviceAuthCacheDeviceCodeCast := deviceAuthCacheDeviceCode.(object.DeviceAuthCache)
+		deviceAuthCacheDeviceCodeCast.UserName = user.Name
+		deviceAuthCacheDeviceCodeCast.UserSignIn = true
+
+		object.DeviceAuthMap.Store(authCacheCast.UserName, deviceAuthCacheDeviceCodeCast)
+
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeSaml { // saml flow
 		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
 		if err != nil {
@ -242,6 +269,7 @@ func (c *ApiController) GetApplicationLogin() {
 	state := c.Input().Get("state")
 	id := c.Input().Get("id")
 	loginType := c.Input().Get("type")
+	userCode := c.Input().Get("userCode")

 	var application *object.Application
 	var msg string
@ -268,6 +296,19 @@ func (c *ApiController) GetApplicationLogin() {
 			c.ResponseError(err.Error())
 			return
 		}
+	} else if loginType == "device" {
+		deviceAuthCache, ok := object.DeviceAuthMap.Load(userCode)
+		if !ok {
+			c.ResponseError(c.T("auth:UserCode Invalid"))
+			return
+		}
+
+		deviceAuthCacheCast := deviceAuthCache.(object.DeviceAuthCache)
+		application, err = object.GetApplication(deviceAuthCacheCast.ApplicationId)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
 	}

 	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
@ -483,6 +524,14 @@ func (c *ApiController) Login() {
 				verificationType = "sms"
 			} else {
 				verificationType = "email"
+				if !user.EmailVerified {
+					user.EmailVerified = true
+					_, err = object.UpdateUser(user.GetId(), user, []string{"email_verified"}, false)
+					if err != nil {
+						c.ResponseError(err.Error(), nil)
+						return
+					}
+				}
 			}
 		} else {
 			var application *object.Application
@ -1207,3 +1256,75 @@ func (c *ApiController) Callback() {
 	frontendCallbackUrl := fmt.Sprintf("/callback?code=%s&state=%s", code, state)
 	c.Ctx.Redirect(http.StatusFound, frontendCallbackUrl)
 }
+
+// DeviceAuth
+// @Title DeviceAuth
+// @Tag Device Authorization Endpoint
+// @Description Endpoint for the device authorization flow
+// @router /device-auth [post]
+// @Success 200 {object} object.DeviceAuthResponse The Response object
+func (c *ApiController) DeviceAuth() {
+	clientId := c.Input().Get("client_id")
+	scope := c.Input().Get("scope")
+	application, err := object.GetApplicationByClientId(clientId)
+	if err != nil {
+		c.Data["json"] = object.TokenError{
+			Error:            err.Error(),
+			ErrorDescription: err.Error(),
+		}
+		c.ServeJSON()
+		return
+	}
+
+	if application == nil {
+		c.Data["json"] = object.TokenError{
+			Error:            c.T("token:Invalid client_id"),
+			ErrorDescription: c.T("token:Invalid client_id"),
+		}
+		c.ServeJSON()
+		return
+	}
+
+	deviceCode := util.GenerateId()
+	userCode := util.GetRandomName()
+
+	generateTime := 0
+	for {
+		if generateTime > 5 {
+			c.Data["json"] = object.TokenError{
+				Error:            "userCode gen",
+				ErrorDescription: c.T("token:Invalid client_id"),
+			}
+			c.ServeJSON()
+			return
+		}
+		_, ok := object.DeviceAuthMap.Load(userCode)
+		if !ok {
+			break
+		}
+
+		generateTime++
+	}
+
+	deviceAuthCache := object.DeviceAuthCache{
+		UserSignIn:    false,
+		UserName:      "",
+		Scope:         scope,
+		ApplicationId: application.GetId(),
+		RequestAt:     time.Now(),
+	}
+
+	userAuthCache := object.DeviceAuthCache{
+		UserSignIn:    false,
+		UserName:      deviceCode,
+		Scope:         scope,
+		ApplicationId: application.GetId(),
+		RequestAt:     time.Now(),
+	}
+
+	object.DeviceAuthMap.Store(deviceCode, deviceAuthCache)
+	object.DeviceAuthMap.Store(userCode, userAuthCache)
+
+	c.Data["json"] = object.GetDeviceAuthResponse(deviceCode, userCode, c.Ctx.Request.Host)
+	c.ServeJSON()
+}
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@ -27,10 +27,10 @@ type LdapResp struct {
 	ExistUuids []string          `json:"existUuids"`
 }

-//type LdapRespGroup struct {
+// type LdapRespGroup struct {
 //	GroupId   string
 //	GroupName string
-//}
+// }

 type LdapSyncResp struct {
 	Exist  []object.LdapUser `json:"exist"`
@ -61,18 +61,18 @@ func (c *ApiController) GetLdapUsers() {
 	}
 	defer conn.Close()

-	//groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
-	//if err != nil {
+	// groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
+	// if err != nil {
 	//  c.ResponseError(err.Error())
 	//	return
-	//}
+	// }

-	//for _, group := range groupsMap {
+	// for _, group := range groupsMap {
 	//	resp.Groups = append(resp.Groups, LdapRespGroup{
 	//		GroupId:   group.GidNumber,
 	//		GroupName: group.Cn,
 	//	})
-	//}
+	// }

 	users, err := conn.GetLdapUsers(ldapServer)
 	if err != nil {
@ -269,7 +269,11 @@ func (c *ApiController) SyncLdapUsers() {
 		return
 	}

-	exist, failed, _ := object.SyncLdapUsers(owner, users, ldapId)
+	exist, failed, err := object.SyncLdapUsers(owner, users, ldapId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}

 	c.ResponseOk(&LdapSyncResp{
 		Exist:  exist,
--- a/controllers/token.go
+++ b/controllers/token.go
@ -16,6 +16,7 @@ package controllers

 import (
 	"encoding/json"
+	"time"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@ -170,12 +171,13 @@ func (c *ApiController) GetOAuthToken() {
 	tag := c.Input().Get("tag")
 	avatar := c.Input().Get("avatar")
 	refreshToken := c.Input().Get("refresh_token")
+	deviceCode := c.Input().Get("device_code")

 	if clientId == "" && clientSecret == "" {
 		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
 	}

-	if len(c.Ctx.Input.RequestBody) != 0 {
+	if len(c.Ctx.Input.RequestBody) != 0 && grantType != "urn:ietf:params:oauth:grant-type:device_code" {
 		// If clientId is empty, try to read data from RequestBody
 		var tokenRequest TokenRequest
 		err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest)
@ -219,6 +221,46 @@ func (c *ApiController) GetOAuthToken() {
 		}
 	}

+	if deviceCode != "" {
+		deviceAuthCache, ok := object.DeviceAuthMap.Load(deviceCode)
+		if !ok {
+			c.Data["json"] = &object.TokenError{
+				Error:            "expired_token",
+				ErrorDescription: "token is expired",
+			}
+			c.SetTokenErrorHttpStatus()
+			c.ServeJSON()
+			c.SetTokenErrorHttpStatus()
+			return
+		}
+
+		deviceAuthCacheCast := deviceAuthCache.(object.DeviceAuthCache)
+		if !deviceAuthCacheCast.UserSignIn {
+			c.Data["json"] = &object.TokenError{
+				Error:            "authorization_pending",
+				ErrorDescription: "authorization pending",
+			}
+			c.SetTokenErrorHttpStatus()
+			c.ServeJSON()
+			c.SetTokenErrorHttpStatus()
+			return
+		}
+
+		if deviceAuthCacheCast.RequestAt.Add(time.Second * 120).Before(time.Now()) {
+			c.Data["json"] = &object.TokenError{
+				Error:            "expired_token",
+				ErrorDescription: "token is expired",
+			}
+			c.SetTokenErrorHttpStatus()
+			c.ServeJSON()
+			c.SetTokenErrorHttpStatus()
+			return
+		}
+		object.DeviceAuthMap.Delete(deviceCode)
+
+		username = deviceAuthCacheCast.UserName
+	}
+
 	host := c.Ctx.Request.Host
 	token, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, nonce, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
 	if err != nil {
@ -321,6 +363,11 @@ func (c *ApiController) IntrospectToken() {
 		return
 	}

+	respondWithInactiveToken := func() {
+		c.Data["json"] = &object.IntrospectionResponse{Active: false}
+		c.ServeJSON()
+	}
+
 	tokenTypeHint := c.Input().Get("token_type_hint")
 	var token *object.Token
 	if tokenTypeHint != "" {
@ -329,7 +376,12 @@ func (c *ApiController) IntrospectToken() {
 			c.ResponseTokenError(err.Error())
 			return
 		}
-		if token == nil {
+		if token == nil || token.ExpiresIn <= 0 {
+			respondWithInactiveToken()
+			return
+		}
+
+		if token.ExpiresIn <= 0 {
 			c.Data["json"] = &object.IntrospectionResponse{Active: false}
 			c.ServeJSON()
 			return
@ -340,12 +392,11 @@ func (c *ApiController) IntrospectToken() {

 	if application.TokenFormat == "JWT-Standard" {
 		jwtToken, err := object.ParseStandardJwtTokenByApplication(tokenValue, application)
-		if err != nil || jwtToken.Valid() != nil {
+		if err != nil {
 			// and token revoked case. but we not implement
 			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
 			// refs: https://tools.ietf.org/html/rfc7009
-			c.Data["json"] = &object.IntrospectionResponse{Active: false}
-			c.ServeJSON()
+			respondWithInactiveToken()
 			return
 		}

@ -365,28 +416,34 @@ func (c *ApiController) IntrospectToken() {
 		}
 	} else {
 		jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
-		if err != nil || jwtToken.Valid() != nil {
+		if err != nil {
 			// and token revoked case. but we not implement
 			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
 			// refs: https://tools.ietf.org/html/rfc7009
-			c.Data["json"] = &object.IntrospectionResponse{Active: false}
-			c.ServeJSON()
+			respondWithInactiveToken()
 			return
 		}

 		introspectionResponse = object.IntrospectionResponse{
-			Active:    true,
-			Scope:     jwtToken.Scope,
-			ClientId:  clientId,
-			Username:  jwtToken.Name,
-			TokenType: jwtToken.TokenType,
-			Exp:       jwtToken.ExpiresAt.Unix(),
-			Iat:       jwtToken.IssuedAt.Unix(),
-			Nbf:       jwtToken.NotBefore.Unix(),
-			Sub:       jwtToken.Subject,
-			Aud:       jwtToken.Audience,
-			Iss:       jwtToken.Issuer,
-			Jti:       jwtToken.ID,
+			Active:   true,
+			ClientId: clientId,
+			Exp:      jwtToken.ExpiresAt.Unix(),
+			Iat:      jwtToken.IssuedAt.Unix(),
+			Nbf:      jwtToken.NotBefore.Unix(),
+			Sub:      jwtToken.Subject,
+			Aud:      jwtToken.Audience,
+			Iss:      jwtToken.Issuer,
+			Jti:      jwtToken.ID,
+		}
+
+		if jwtToken.Scope != "" {
+			introspectionResponse.Scope = jwtToken.Scope
+		}
+		if jwtToken.Name != "" {
+			introspectionResponse.Username = jwtToken.Name
+		}
+		if jwtToken.TokenType != "" {
+			introspectionResponse.TokenType = jwtToken.TokenType
 		}
 	}

@ -396,13 +453,15 @@ func (c *ApiController) IntrospectToken() {
 			c.ResponseTokenError(err.Error())
 			return
 		}
-		if token == nil {
-			c.Data["json"] = &object.IntrospectionResponse{Active: false}
-			c.ServeJSON()
+		if token == nil || token.ExpiresIn <= 0 {
+			respondWithInactiveToken()
 			return
 		}
 	}
-	introspectionResponse.TokenType = token.TokenType
+
+	if token != nil {
+		introspectionResponse.TokenType = token.TokenType
+	}

 	c.Data["json"] = introspectionResponse
 	c.ServeJSON()
--- a/controllers/user.go
+++ b/controllers/user.go
@ -457,10 +457,10 @@ func (c *ApiController) SetPassword() {
 	newPassword := c.Ctx.Request.Form.Get("newPassword")
 	code := c.Ctx.Request.Form.Get("code")

-	//if userOwner == "built-in" && userName == "admin" {
+	// if userOwner == "built-in" && userName == "admin" {
 	//	c.ResponseError(c.T("auth:Unauthorized operation"))
 	//	return
-	//}
+	// }

 	if strings.Contains(newPassword, " ") {
 		c.ResponseError(c.T("user:New password cannot contain blank space."))
@ -602,7 +602,11 @@ func (c *ApiController) CheckUserPassword() {
 		return
 	}

-	_, err = object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
+	/*
+	 * Verified password with user as subject, if field ldap not empty,
+	 * then `isPasswordWithLdapEnabled` is true
+	 */
+	_, err = object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage(), false, false, user.Ldap != "")
 	if err != nil {
 		c.ResponseError(err.Error())
 	} else {
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -242,7 +242,7 @@ func (c *ApiController) SendVerificationCode() {
 		} else if vform.Method == ResetVerification {
 			user = c.getCurrentUser()
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
+			mfaProps := user.GetMfaProps(object.EmailType, false)
 			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
@ -281,7 +281,7 @@ func (c *ApiController) SendVerificationCode() {
 				}
 			}
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
+			mfaProps := user.GetMfaProps(object.SmsType, false)
 			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
@ -436,7 +436,8 @@ func (c *ApiController) ResetEmailOrPhone() {
 	switch destType {
 	case object.VerifyTypeEmail:
 		user.Email = dest
-		_, err = object.SetUserField(user, "email", user.Email)
+		user.EmailVerified = true
+		_, err = object.UpdateUser(user.GetId(), user, []string{"email", "email_verified"}, false)
 	case object.VerifyTypePhone:
 		user.Phone = dest
 		_, err = object.SetUserField(user, "phone", user.Phone)
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@ -16,7 +16,7 @@ package controllers

 import (
 	"bytes"
-	"fmt"
+	"encoding/base64"
 	"io"

 	"github.com/casdoor/casdoor/form"
@ -118,24 +118,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 		return
 	}

-	userOwner := c.Input().Get("owner")
-	userName := c.Input().Get("name")
-	user, err := object.GetUserByFields(userOwner, userName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-		return
-	}
-	if len(user.WebauthnCredentials) == 0 {
-		c.ResponseError(c.T("webauthn:Found no credentials for this user"))
-		return
-	}
-
-	options, sessionData, err := webauthnObj.BeginLogin(user)
+	options, sessionData, err := webauthnObj.BeginDiscoverableLogin()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@ -168,20 +151,23 @@ func (c *ApiController) WebAuthnSigninFinish() {
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
-	userId := string(sessionData.UserID)
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+
+	var user *object.User
+	handler := func(rawID, userHandle []byte) (webauthn.User, error) {
+		user, err = object.GetUserByWebauthID(base64.StdEncoding.EncodeToString(rawID))
+		if err != nil {
+			return nil, err
+		}
+		return user, nil
 	}

-	_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
+	_, err = webauthnObj.FinishDiscoverableLogin(handler, sessionData, c.Ctx.Request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	c.SetSessionUsername(userId)
-	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
+	c.SetSessionUsername(user.GetId())
+	util.LogInfo(c.Ctx, "API: [%s] signed in", user.GetId())

 	var application *object.Application

--- a/cred/manager.go
+++ b/cred/manager.go
@ -34,6 +34,8 @@ func GetCredManager(passwordType string) CredManager {
 		return NewPbkdf2SaltCredManager()
 	} else if passwordType == "argon2id" {
 		return NewArgon2idCredManager()
+	} else if passwordType == "pbkdf2-django" {
+		return NewPbkdf2DjangoCredManager()
 	}
 	return nil
 }
--- a/cred/pbkdf2_django.go
+++ b/cred/pbkdf2_django.go
@ -0,0 +1,71 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cred
+
+import (
+	"crypto/sha256"
+	"encoding/base64"
+	"strconv"
+	"strings"
+
+	"golang.org/x/crypto/pbkdf2"
+)
+
+// password type: pbkdf2-django
+
+type Pbkdf2DjangoCredManager struct{}
+
+func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
+	cm := &Pbkdf2DjangoCredManager{}
+	return cm
+}
+
+func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	iterations := 260000
+	salt := userSalt
+	if salt == "" {
+		salt = organizationSalt
+	}
+
+	saltBytes := []byte(salt)
+	passwordBytes := []byte(password)
+	computedHash := pbkdf2.Key(passwordBytes, saltBytes, iterations, sha256.Size, sha256.New)
+	hashBase64 := base64.StdEncoding.EncodeToString(computedHash)
+	return "pbkdf2_sha256$" + strconv.Itoa(iterations) + "$" + salt + "$" + hashBase64
+}
+
+func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool {
+	parts := strings.Split(passwordHash, "$")
+	if len(parts) != 4 {
+		return false
+	}
+
+	algorithm, iterations, salt, hash := parts[0], parts[1], parts[2], parts[3]
+	if algorithm != "pbkdf2_sha256" {
+		return false
+	}
+
+	iter, err := strconv.Atoi(iterations)
+	if err != nil {
+		return false
+	}
+
+	saltBytes := []byte(salt)
+	passwordBytes := []byte(password)
+	computedHash := pbkdf2.Key(passwordBytes, saltBytes, iter, sha256.Size, sha256.New)
+	computedHashBase64 := base64.StdEncoding.EncodeToString(computedHash)
+
+	return computedHashBase64 == hash
+}
--- a/email/custom_http.go
+++ b/email/custom_http.go
@ -15,6 +15,8 @@
 package email

 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
@ -24,14 +26,24 @@ import (
 )

 type HttpEmailProvider struct {
-	endpoint string
-	method   string
+	endpoint    string
+	method      string
+	httpHeaders map[string]string
+	bodyMapping map[string]string
+	contentType string
 }

-func NewHttpEmailProvider(endpoint string, method string) *HttpEmailProvider {
+func NewHttpEmailProvider(endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) *HttpEmailProvider {
+	if contentType == "" {
+		contentType = "application/x-www-form-urlencoded"
+	}
+
 	client := &HttpEmailProvider{
-		endpoint: endpoint,
-		method:   method,
+		endpoint:    endpoint,
+		method:      method,
+		httpHeaders: httpHeaders,
+		bodyMapping: bodyMapping,
+		contentType: contentType,
 	}
 	return client
 }
@ -39,18 +51,52 @@ func NewHttpEmailProvider(endpoint string, method string) *HttpEmailProvider {
 func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
 	var req *http.Request
 	var err error
-	if c.method == "POST" {
-		formValues := url.Values{}
-		formValues.Set("fromName", fromName)
-		formValues.Set("toAddress", toAddress)
-		formValues.Set("subject", subject)
-		formValues.Set("content", content)
-		req, err = http.NewRequest(c.method, c.endpoint, strings.NewReader(formValues.Encode()))
+
+	fromNameField := "fromName"
+	toAddressField := "toAddress"
+	subjectField := "subject"
+	contentField := "content"
+
+	for k, v := range c.bodyMapping {
+		switch k {
+		case "fromName":
+			fromNameField = v
+		case "toAddress":
+			toAddressField = v
+		case "subject":
+			subjectField = v
+		case "content":
+			contentField = v
+		}
+	}
+
+	if c.method == "POST" || c.method == "PUT" || c.method == "DELETE" {
+		bodyMap := make(map[string]string)
+		bodyMap[fromNameField] = fromName
+		bodyMap[toAddressField] = toAddress
+		bodyMap[subjectField] = subject
+		bodyMap[contentField] = content
+
+		var fromValueBytes []byte
+		if c.contentType == "application/json" {
+			fromValueBytes, err = json.Marshal(bodyMap)
+			if err != nil {
+				return err
+			}
+			req, err = http.NewRequest(c.method, c.endpoint, bytes.NewBuffer(fromValueBytes))
+		} else {
+			formValues := url.Values{}
+			for k, v := range bodyMap {
+				formValues.Add(k, v)
+			}
+			req, err = http.NewRequest(c.method, c.endpoint, strings.NewReader(formValues.Encode()))
+		}
+
 		if err != nil {
 			return err
 		}

-		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.Header.Set("Content-Type", c.contentType)
 	} else if c.method == "GET" {
 		req, err = http.NewRequest(c.method, c.endpoint, nil)
 		if err != nil {
@ -58,15 +104,19 @@ func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress
 		}

 		q := req.URL.Query()
-		q.Add("fromName", fromName)
-		q.Add("toAddress", toAddress)
-		q.Add("subject", subject)
-		q.Add("content", content)
+		q.Add(fromNameField, fromName)
+		q.Add(toAddressField, toAddress)
+		q.Add(subjectField, subject)
+		q.Add(contentField, content)
 		req.URL.RawQuery = q.Encode()
 	} else {
 		return fmt.Errorf("HttpEmailProvider's Send() error, unsupported method: %s", c.method)
 	}

+	for k, v := range c.httpHeaders {
+		req.Header.Set(k, v)
+	}
+
 	httpClient := proxy.DefaultHttpClient
 	resp, err := httpClient.Do(req)
 	if err != nil {
--- a/email/provider.go
+++ b/email/provider.go
@ -18,11 +18,11 @@ type EmailProvider interface {
 	Send(fromAddress string, fromName, toAddress string, subject string, content string) error
 }

-func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, disableSsl bool, endpoint string, method string) EmailProvider {
+func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, disableSsl bool, endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) EmailProvider {
 	if typ == "Azure ACS" {
 		return NewAzureACSEmailProvider(clientSecret, host)
 	} else if typ == "Custom HTTP Email" {
-		return NewHttpEmailProvider(endpoint, method)
+		return NewHttpEmailProvider(endpoint, method, httpHeaders, bodyMapping, contentType)
 	} else if typ == "SendGrid" {
 		return NewSendgridEmailProvider(clientSecret, host, endpoint)
 	} else {
--- a/form/auth.go
+++ b/form/auth.go
@ -70,6 +70,7 @@ type AuthForm struct {

 	FaceId      []float64 `json:"faceId"`
 	FaceIdImage []string  `json:"faceIdImage"`
+	UserCode    string    `json:"userCode"`
 }

 func GetAuthFormFieldValue(form *AuthForm, fieldName string) (bool, string) {
--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module github.com/casdoor/casdoor

-go 1.18
+go 1.21

 require (
 	github.com/Masterminds/squirrel v1.5.3
@ -16,7 +16,7 @@ require (
 	github.com/casdoor/go-sms-sender v0.25.0
 	github.com/casdoor/gomail/v2 v2.1.0
 	github.com/casdoor/ldapserver v1.2.0
-	github.com/casdoor/notify v1.0.0
+	github.com/casdoor/notify v1.0.1
 	github.com/casdoor/oss v1.8.0
 	github.com/casdoor/xorm-adapter/v3 v3.1.0
 	github.com/casvisor/casvisor-go-sdk v1.4.0
@ -31,8 +31,8 @@ require (
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
-	github.com/go-webauthn/webauthn v0.6.0
-	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/go-webauthn/webauthn v0.10.2
+	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/google/uuid v1.6.0
 	github.com/json-iterator/go v1.1.12
 	github.com/lestrrat-go/jwx v1.2.29
@ -101,7 +101,7 @@ require (
 	github.com/aliyun/aliyun-oss-go-sdk v2.2.2+incompatible // indirect
 	github.com/aliyun/credentials-go v1.3.10 // indirect
 	github.com/apistd/uni-go-sdk v0.0.2 // indirect
-	github.com/atc0005/go-teams-notify/v2 v2.6.1 // indirect
+	github.com/atc0005/go-teams-notify/v2 v2.13.0 // indirect
 	github.com/baidubce/bce-sdk-go v0.9.156 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blinkbean/dingtalk v0.0.0-20210905093040-7d935c0f7e19 // indirect
@ -124,14 +124,15 @@ require (
 	github.com/drswork/go-twitter v0.0.0-20221107160839-dea1b6ed53d7 // indirect
 	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-lark/lark v1.9.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
-	github.com/go-webauthn/revoke v0.1.6 // indirect
+	github.com/go-webauthn/x v0.1.9 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@ -140,7 +141,7 @@ require (
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/gomodule/redigo v2.0.0+incompatible // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/go-tpm v0.3.3 // indirect
+	github.com/google/go-tpm v0.9.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -177,18 +177,19 @@ github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmP
 github.com/aliyun/credentials-go v1.3.10 h1:45Xxrae/evfzQL9V10zL3xX31eqgLWEaIdCoPipOEQA=
 github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/apistd/uni-go-sdk v0.0.2 h1:7kqETCOz/rz8AQU55XGzxDFGoFeMgeZL5fGwvxKBZrc=
 github.com/apistd/uni-go-sdk v0.0.2/go.mod h1:eIqYos4IbHgE/rB75r05ypNLahooEMJCrbjXq322b74=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/atc0005/go-teams-notify/v2 v2.6.1 h1:t22ybzQuaQs4UJe4ceF5VYGsPhs6ir3nZOId/FBy6Go=
-github.com/atc0005/go-teams-notify/v2 v2.6.1/go.mod h1:xo6GejLDHn3tWBA181F8LrllIL0xC1uRsRxq7YNXaaY=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/atc0005/go-teams-notify/v2 v2.13.0 h1:nbDeHy89NjYlF/PEfLVF6lsserY9O5SnN1iOIw3AxXw=
+github.com/atc0005/go-teams-notify/v2 v2.13.0/go.mod h1:WSv9moolRsBcpZbwEf6gZxj7h0uJlJskJq5zkEWKO8Y=
 github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
 github.com/aws/aws-sdk-go v1.40.45/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/aws/aws-sdk-go v1.45.5 h1:bxilnhv9FngUgdPNJmOIv2bk+2sP0dpqX3e4olhWcGM=
@ -199,6 +200,7 @@ github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAm
 github.com/baidubce/bce-sdk-go v0.9.156 h1:f++WfptxGmSp5acsjl4kUxHpWDDccoFqkIrQKxvp/Sw=
 github.com/baidubce/bce-sdk-go v0.9.156/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA=
+github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
 github.com/beego/beego v1.12.12 h1:ARY1sNVSS23N0mEQIhSqRDTyyDlx95JY0V3GogBbZbQ=
 github.com/beego/beego v1.12.12/go.mod h1:QURFL1HldOcCZAxnc1cZ7wrplsYR5dKPHFjmk6WkLAs=
 github.com/beego/goyaml2 v0.0.0-20130207012346-5545475820dd/go.mod h1:1b+Y/CofkYwXMUU0OhQqGvsY2Bvgr4j6jfT699wyZKQ=
@ -236,8 +238,8 @@ github.com/casdoor/gomail/v2 v2.1.0 h1:ua97E3CARnF1Ik8ga/Drz9uGZfaElXJumFexiErWU
 github.com/casdoor/gomail/v2 v2.1.0/go.mod h1:GFzOD9RhY0nODiiPaQiOa6DfoKtmO9aTesu5qrp26OI=
 github.com/casdoor/ldapserver v1.2.0 h1:HdSYe+ULU6z9K+2BqgTrJKQRR4//ERAXB64ttOun6Ow=
 github.com/casdoor/ldapserver v1.2.0/go.mod h1:VwYU2vqQ2pA8sa00PRekH71R2XmgfzMKhmp1XrrDu2s=
-github.com/casdoor/notify v1.0.0 h1:oldsaaQFPrlufm/OA314z8DwFVE1Tc9Gt1z4ptRHhXw=
-github.com/casdoor/notify v1.0.0/go.mod h1:wNHQu0tiDROMBIvz0j3Om3Lhd5yZ+AIfnFb8MYb8OLQ=
+github.com/casdoor/notify v1.0.1 h1:p0kzI7OBlvLbL7zWeKIu31LRcEAygNZGKr5gcFfSIoE=
+github.com/casdoor/notify v1.0.1/go.mod h1:RUlaFJw87FoM/nbs0iXPP0h+DxKGTaWAIFQV0oZcSQA=
 github.com/casdoor/oss v1.8.0 h1:uuyKhDIp7ydOtV4lpqhAY23Ban2Ln8La8+QT36CwylM=
 github.com/casdoor/oss v1.8.0/go.mod h1:uaqO7KBI2lnZcnB8rF7O6C2bN7llIbfC5Ql8ex1yR1U=
 github.com/casdoor/xorm-adapter/v3 v3.1.0 h1:NodWayRtSLVSeCvL9H3Hc61k0G17KhV9IymTCNfh3kk=
@ -270,21 +272,13 @@ github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58/go.mod h1:EOBUe0h
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/couchbase/go-couchbase v0.0.0-20201216133707-c04035124b17/go.mod h1:+/bddYDxXsf9qt0xpDUtRR47A2GjaXmGGAqQ/k3GJ8A=
 github.com/couchbase/gomemcached v0.1.2-0.20201224031647-c432ccf49f32/go.mod h1:mxliKQxOv84gQ0bJWbI+w9Wxdpt9HjDvgW9MjCym5Vo=
 github.com/couchbase/goutils v0.0.0-20210118111533-e33d3ffb5401/go.mod h1:BQwMFlJzDjFDG3DJUdU0KORxn88UlsOULuxLExMh3Hs=
-github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb h1:7X9nrm+LNWdxzQOiCjy0G51rNUxbH35IDHCjAMvogyM=
 github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb/go.mod h1:RfQ9wji3fjcSEsQ+uFCtIh3+BXgcZum8Kt3JxvzYzlk=
@ -309,8 +303,6 @@ github.com/dghubble/oauth1 v0.7.2 h1:pwcinOZy8z6XkNxvPmUDY52M7RDPxt0Xw1zgZ6Cl5JA
 github.com/dghubble/oauth1 v0.7.2/go.mod h1:9erQdIhqhOHG/7K9s/tgh9Ks/AfoyrO5mW/43Lu2+kE=
 github.com/dghubble/sling v1.4.0 h1:/n8MRosVTthvMbwlNZgLx579OGVjUOy3GNEv5BIqAWY=
 github.com/dghubble/sling v1.4.0/go.mod h1:0r40aNsU9EdDUVBNhfCstAtFgutjgJGYbO1oNzkMoM8=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/di-wu/parser v0.2.2 h1:I9oHJ8spBXOeL7Wps0ffkFFFiXJf/pk7NX9lcAMqRMU=
 github.com/di-wu/parser v0.2.2/go.mod h1:SLp58pW6WamdmznrVRrw2NTyn4wAvT9rrEFynKX7nYo=
 github.com/di-wu/xsd-datetime v1.0.0 h1:vZoGNkbzpBNoc+JyfVLEbutNDNydYV8XwHeV7eUJoxI=
@ -330,6 +322,7 @@ github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo
 github.com/elazarl/go-bindata-assetfs v1.0.1 h1:m0kkaHRKEu7tUIUFVwhGGGYClXvyl4RE03qmvRTNfbw=
 github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
 github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
+github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
 github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3 h1:+zrUtdBUJpY9qptMaaY3CA3T/lBI2+QqfUbzM2uxJss=
 github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3/go.mod h1:JkjcmqbLW+khwt2fmBPJFBhx2zGZ8XobRZ+O0VhlwWo=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
@ -356,11 +349,12 @@ github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
-github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
+github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=
+github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/glendc/gopher-json v0.0.0-20170414221815-dc4743023d0c/go.mod h1:Gja1A+xZ9BoviGJNA2E9vFkPjjsl+CoJxSXiQM1UXtw=
 github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
+github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
 github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
 github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
@ -368,6 +362,7 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmS
 github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
 github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4=
 github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@ -408,16 +403,15 @@ github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible h1:2cauKuaEL
 github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible/go.mod h1:qf9acutJ8cwBUhm1bqgz6Bei9/C/c93FPDljKWwsOgM=
 github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho=
 github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/go-webauthn/revoke v0.1.6 h1:3tv+itza9WpX5tryRQx4GwxCCBrCIiJ8GIkOhxiAmmU=
-github.com/go-webauthn/revoke v0.1.6/go.mod h1:TB4wuW4tPlwgF3znujA96F70/YSQXHPPWl7vgY09Iy8=
-github.com/go-webauthn/webauthn v0.6.0 h1:uLInMApSvBfP+vEFasNE0rnVPG++fjp7lmAIvNhe+UU=
-github.com/go-webauthn/webauthn v0.6.0/go.mod h1:7edMRZXwuM6JIVjN68G24Bzt+bPCvTmjiL0j+cAmXtY=
+github.com/go-webauthn/webauthn v0.10.2 h1:OG7B+DyuTytrEPFmTX503K77fqs3HDK/0Iv+z8UYbq4=
+github.com/go-webauthn/webauthn v0.10.2/go.mod h1:Gd1IDsGAybuvK1NkwUTLbGmeksxuRJjVN2PE/xsPxHs=
+github.com/go-webauthn/x v0.1.9 h1:v1oeLmoaa+gPOaZqUdDentu6Rl7HkSSsmOT6gxEQHhE=
+github.com/go-webauthn/x v0.1.9/go.mod h1:pJNMlIMP1SU7cN8HNlKJpLEnFHCygLCvaLZ8a1xeoQA=
 github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
@ -425,12 +419,13 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@ -490,17 +485,14 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
-github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4/go.mod h1:H9HbmUG2YgV/PHITkO7p6wxEEj/v5nlsVWIwumwH2NI=
-github.com/google/go-tpm v0.3.0/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
-github.com/google/go-tpm v0.3.3 h1:P/ZFNBZYXRxc+z7i5uyd8VP7MaDteuLZInzrH2idRGo=
-github.com/google/go-tpm v0.3.3/go.mod h1:9Hyn3rgnzWF9XBWVk6ml6A6hNkbWjNFlDQL51BeghL4=
-github.com/google/go-tpm-tools v0.0.0-20190906225433-1614c142f845/go.mod h1:AVfHadzbdzHo54inR2x1v640jdi1YSi3NauM2DUsxk0=
-github.com/google/go-tpm-tools v0.2.0/go.mod h1:npUd03rQ60lxN7tzeBJreG38RvWwme2N1reF/eeiBk4=
+github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=
+github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
+github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@ -534,17 +526,15 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1 h1:LqbZZ9sNMWVjeXS4NN5oVvhMjDyLhmA1LG86oSo+IqY=
+github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1/go.mod h1:YeAe0gNeiNT5hoiZRI4yiOky6jVdNvfO2N6Kav/HmxY=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregdel/pushover v1.2.1 h1:IPPJCdzXz60gMqnlzS0ZAW5z5aS1gI4nU+YM0Pe+ssA=
 github.com/gregdel/pushover v1.2.1/go.mod h1:EcaO66Nn1StkpEm1iKtBTV3d2A16SoMsVER1PthX7to=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
 github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
@ -570,7 +560,6 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
 github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
@ -578,9 +567,9 @@ github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKEN
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/hudl/fargo v1.4.0/go.mod h1:9Ai6uvFy5fQNq6VPKtg+Ceq1+eTY4nKUlR2JElEOcDo=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
 github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da h1:FjHUJJ7oBW4G/9j1KzlHaXL09LyMVM9rupS39lncbXk=
+github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
@ -590,6 +579,7 @@ github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxy
 github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jinzhu/configor v1.2.1 h1:OKk9dsR8i6HPOCZR8BcMtcEImAFjIhbJFZNyn5GCZko=
+github.com/jinzhu/configor v1.2.1/go.mod h1:nX89/MOmDba7ZX7GCyU/VIaQ2Ar2aizBl2d3JLF/rDc=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@ -598,10 +588,10 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfC
 github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
+github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@ -620,7 +610,6 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNU
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
@ -637,6 +626,7 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@ -672,7 +662,6 @@ github.com/localtunnel/go-localtunnel v0.0.0-20170326223115-8a804488f275 h1:IZyc
 github.com/localtunnel/go-localtunnel v0.0.0-20170326223115-8a804488f275/go.mod h1:zt6UU74K6Z6oMOYJbJzYpYucqdcQwSMPBEdSvGiaUMw=
 github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 h1:wIONC+HMNRqmWBjuMxhatuSzHaljStc4gjDeKycxy0A=
 github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3/go.mod h1:37YR9jabpiIxsb8X9VCIx8qFOjTDIIrIHHODa8C4gz0=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/markbates/going v1.0.0 h1:DQw0ZP7NbNlFGcKbcE/IVSOAFzScxRtLpd0rLMzLhq0=
 github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
 github.com/markbates/goth v1.79.0 h1:fUYi9R6VubVEK2bpmXvIUp7xRcxA68i8ovfUQx/i5Qc=
@ -742,7 +731,6 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/nyaruka/phonenumbers v1.1.5 h1:vYy2DI+z5hdaemqVzXYJ4CVyK92IG484CirEY+40GTo=
 github.com/nyaruka/phonenumbers v1.1.5/go.mod h1:yShPJHDSH3aTKzCbXyVxNpbl2kA+F+Ne5Pun/MvFRos=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
@ -756,6 +744,7 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y
 github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
+github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A=
@ -764,7 +753,6 @@ github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.0.1/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM=
 github.com/peterh/liner v1.0.1-0.20171122030339-3681c2a91233/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
@ -794,7 +782,6 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
 github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
 github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.0/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
@ -808,8 +795,6 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
 github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
@ -817,14 +802,12 @@ github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9
 github.com/prometheus/common v0.30.0 h1:JEkYlQnpzrzQFxi6gnukFPdQ+ac82oRhzMcIduJu/Ug=
 github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/qiangmzsx/string-adapter/v2 v2.1.0 h1:q0y8TPa/sTwtriJPRe8gWL++PuZ+XbOUuvKU+hvtTYs=
 github.com/qiangmzsx/string-adapter/v2 v2.1.0/go.mod h1:PElPB7b7HnGKTsuADAffFpOQXHqjEGJz1+U1a6yR5wA=
 github.com/qiniu/dyn v1.3.0/go.mod h1:E8oERcm8TtwJiZvkQPbcAh0RL8jO1G0VXJMW3FAWdkk=
@ -837,12 +820,12 @@ github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6O
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/zerolog v1.30.0 h1:SymVODrcRsaRaSInD9yQtKbtWqwsfoPcRff/oRXLj4c=
@ -851,10 +834,10 @@ github.com/russellhaering/gosaml2 v0.9.0 h1:CNMnH42z/GirrKjdmNrSS6bAAs47F9bPdl4P
 github.com/russellhaering/gosaml2 v0.9.0/go.mod h1:byViER/1YPUa0Puj9ROZblpoq2jsE7h/CJmitzX0geU=
 github.com/russellhaering/goxmldsig v1.2.0 h1:Y6GTTc9Un5hCxSzVz4UIWQ/zuVwDvzJk80guqzwx6Vg=
 github.com/russellhaering/goxmldsig v1.2.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
-github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/scim2/filter-parser/v2 v2.2.0 h1:QGadEcsmypxg8gYChRSM2j1edLyE/2j72j+hdmI4BJM=
 github.com/scim2/filter-parser/v2 v2.2.0/go.mod h1:jWnkDToqX/Y0ugz0P5VvpVEUKcWcyHHj+X+je9ce5JA=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
@ -897,19 +880,10 @@ github.com/slack-go/slack v0.12.3/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQ
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
 github.com/sony/sonyflake v1.0.0 h1:MpU6Ro7tfXwgn2l5eluf9xQvQJDROTBImNCfRXn/YeM=
 github.com/sony/sonyflake v1.0.0/go.mod h1:Jv3cfhf/UFtolOTTRd3q4Nl6ENqM+KfyZ5PseKfZGF4=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/ssdb/gossdb v0.0.0-20180723034631-88f6b59b84ec/go.mod h1:QBvMkMya+gXctz3kmljlUCu/yB3GZ6oee+dUozsezQE=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
@ -966,7 +940,6 @@ github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03O
 github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk=
 github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//o=
 github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/twilio/twilio-go v1.13.0 h1:8uKXSWAgCvO9Kn12iboy3x/Pw7oxPBufs94fTWQGhLk=
 github.com/twilio/twilio-go v1.13.0/go.mod h1:tdnfQ5TjbewoAu4lf9bMsGvfuJ/QU9gYuv9yx3TSIXU=
@ -977,8 +950,6 @@ github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6
 github.com/ucloud/ucloud-sdk-go v0.22.5 h1:GIltVwMDUqQj4iPL/emsZAMhEYWjLTwZqpOxdkdDrM8=
 github.com/ucloud/ucloud-sdk-go v0.22.5/go.mod h1:dyLmFHmUfgb4RZKYQP9IArlvQ2pxzFthfhwxRzOEPIw=
 github.com/ugorji/go v0.0.0-20171122102828-84cb69a8af83/go.mod h1:hnLbHMwcvSihnDhEfx2/BzKp2xb0Y+ErdfYcrs9tkJQ=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 github.com/utahta/go-linenotify v0.5.0 h1:E1tJaB/XhqRY/iz203FD0MaHm10DjQPOq5/Mem2A3Gs=
 github.com/utahta/go-linenotify v0.5.0/go.mod h1:KsvBXil2wx+ByaCR0e+IZKTbp4pDesc7yjzRigLf6pE=
@ -992,8 +963,6 @@ github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/xorm-io/builder v0.3.13 h1:J4oZxt4Gjgm/Si9iKazfzYwHB/ijEOD9EHInyjOSX+M=
 github.com/xorm-io/builder v0.3.13/go.mod h1:24o5riRwzre2WvjmN+LM4YpUtJg7W8MdvJ8H57rvrJA=
 github.com/xorm-io/core v0.7.4 h1:qIznlqqmYNEb03ewzRXCrNkbbxpkgc/44nVF8yoFV7Y=
@ -1011,7 +980,6 @@ github.com/yuin/gopher-lua v0.0.0-20171031051903-609c9cd26973/go.mod h1:aEV29Xrm
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
@ -1028,7 +996,6 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
@ -1041,14 +1008,12 @@ go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9i
 go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec=
 go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
 go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
 go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI=
 go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@ -1142,14 +1107,12 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@ -1235,9 +1198,7 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -1293,7 +1254,6 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210629170331-7dc0b73dc9fb/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -1370,7 +1330,6 @@ golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -1507,7 +1466,6 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 h1:
 google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@ -1562,14 +1520,12 @@ gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3M
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@ -1644,6 +1600,7 @@ modernc.org/strutil v1.1.3 h1:fNMm+oJklMGYfU9Ylcywl0CO5O6nTfaowNsh2wpPjzY=
 modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw=
 modernc.org/tcl v1.5.0/go.mod h1:gb57hj4pO8fRrK54zveIfFXBaMHK3SKJNWcmRw1cRzc=
 modernc.org/tcl v1.13.2 h1:5PQgL/29XkQ9wsEmmNPjzKs+7iPCaYqUJAhzPvQbjDA=
+modernc.org/tcl v1.13.2/go.mod h1:7CLiGIPo1M8Rv1Mitpv5akc2+8fxUd2y2UzC/MfMzy0=
 modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 modernc.org/token v1.0.1 h1:A3qvTqOwexpfZZeyI0FeGPDlSWX5pjZu9hF4lU+EKWg=
 modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
@ -1651,6 +1608,7 @@ modernc.org/y v1.0.1/go.mod h1:Ho86I+LVHEI+LYXoUKlmOMAM1JTXOCfj8qi1T8PsClE=
 modernc.org/z v1.0.1-0.20210308123920-1f282aa71362/go.mod h1:8/SRk5C/HgiQWCgXdfpb+1RvhORdkz5sw72d3jjtyqA=
 modernc.org/z v1.0.1/go.mod h1:8/SRk5C/HgiQWCgXdfpb+1RvhORdkz5sw72d3jjtyqA=
 modernc.org/z v1.5.1 h1:RTNHdsrOpeoSeOF4FbzTo8gBYByaJ5xT7NgZ9ZqRiJM=
+modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@ -1,9 +1,9 @@
 {
  "account": {
    "Failed to add user": "Gagal menambahkan pengguna",
-    "Get init score failed, error: %w": "Gagal mendapatkan nilai init, kesalahan: %w",
+    "Get init score failed, error: %w": "Gagal mendapatkan nilai inisiasi, kesalahan: %w",
    "Please sign out first": "Silakan keluar terlebih dahulu",
-    "The application does not allow to sign up new account": "Aplikasi tidak memperbolehkan untuk mendaftar akun baru"
+    "The application does not allow to sign up new account": "Aplikasi tidak memperbolehkan pendaftaran akun baru"
  },
  "auth": {
    "Challenge method should be S256": "Metode tantangan harus S256",
@ -13,17 +13,17 @@
    "State expected: %s, but got: %s": "Diharapkan: %s, tapi diperoleh: %s",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru melalui %%s, silakan gunakan cara lain untuk mendaftar",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru, silakan hubungi dukungan IT Anda",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Akun untuk provider: %s dan username: %s (%s) sudah terhubung dengan akun lain: %s (%s)",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Akun untuk penyedia: %s dan username: %s (%s) sudah terhubung dengan akun lain: %s (%s)",
    "The application: %s does not exist": "Aplikasi: %s tidak ada",
    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
-    "The login method: login with password is not enabled for the application": "Metode login: login dengan kata sandi tidak diaktifkan untuk aplikasi tersebut",
+    "The login method: login with password is not enabled for the application": "Metode login: login dengan sandi tidak diaktifkan untuk aplikasi tersebut",
    "The organization: %s does not exist": "The organization: %s does not exist",
    "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
    "Unauthorized operation": "Operasi tidak sah",
-    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s",
+    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan sandi atau penyedia), formulir = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
  },
@ -39,59 +39,59 @@
    "Email cannot be empty": "Email tidak boleh kosong",
    "Email is invalid": "Email tidak valid",
    "Empty username.": "Nama pengguna kosong.",
-    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
-    "Face data mismatch": "Face data mismatch",
+    "Face data does not exist, cannot log in": "Data wajah tidak ada, tidak bisa login",
+    "Face data mismatch": "Ketidakcocokan data wajah",
    "FirstName cannot be blank": "Nama depan tidak boleh kosong",
-    "Invitation code cannot be blank": "Invitation code cannot be blank",
-    "Invitation code exhausted": "Invitation code exhausted",
-    "Invitation code is invalid": "Invitation code is invalid",
-    "Invitation code suspended": "Invitation code suspended",
-    "LDAP user name or password incorrect": "Nama pengguna atau kata sandi Ldap salah",
+    "Invitation code cannot be blank": "Kode undangan tidak boleh kosong",
+    "Invitation code exhausted": "Kode undangan habis",
+    "Invitation code is invalid": "Kode undangan tidak valid",
+    "Invitation code suspended": "Kode undangan ditangguhkan",
+    "LDAP user name or password incorrect": "Nama pengguna atau sandi LDAP salah",
    "LastName cannot be blank": "Nama belakang tidak boleh kosong",
-    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server ldap Anda",
+    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server LDAP Anda",
    "Organization does not exist": "Organisasi tidak ada",
    "Phone already exists": "Telepon sudah ada",
    "Phone cannot be empty": "Telepon tidak boleh kosong",
    "Phone number is invalid": "Nomor telepon tidak valid",
-    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
-    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
-    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
-    "Session outdated, please login again": "Sesi kedaluwarsa, silakan masuk lagi",
-    "The invitation code has already been used": "The invitation code has already been used",
+    "Please register using the email corresponding to the invitation code": "Silakan mendaftar menggunakan email yang sesuai dengan kode undangan",
+    "Please register using the phone  corresponding to the invitation code": "Silakan mendaftar menggunakan email yang sesuai dengan kode undangan",
+    "Please register using the username corresponding to the invitation code": "Silakan mendaftar menggunakan username yang sesuai dengan kode undangan",
+    "Session outdated, please login again": "Sesi kadaluwarsa, silakan masuk lagi",
+    "The invitation code has already been used": "Kode undangan sudah digunakan",
    "The user is forbidden to sign in, please contact the administrator": "Pengguna dilarang masuk, silakan hubungi administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The user: %s doesn't exist in LDAP server": "Pengguna: %s tidak ada di server LDAP",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Nama pengguna hanya bisa menggunakan karakter alfanumerik, garis bawah atau tanda hubung, tidak boleh memiliki dua tanda hubung atau garis bawah berurutan, dan tidak boleh diawali atau diakhiri dengan tanda hubung atau garis bawah.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Nilai \\\"%s\\\" pada bidang akun \\\"%s\\\" tidak cocok dengan ketentuan",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Nilai \\\"%s\\\" pada bidang pendaftaran \\\"%s\\\" tidak cocok dengan ketentuan aplikasi \\\"%s\\\"",
    "Username already exists": "Nama pengguna sudah ada",
    "Username cannot be an email address": "Username tidak bisa menjadi alamat email",
    "Username cannot contain white spaces": "Username tidak boleh mengandung spasi",
    "Username cannot start with a digit": "Username tidak dapat dimulai dengan angka",
    "Username is too long (maximum is 255 characters).": "Nama pengguna terlalu panjang (maksimum 255 karakter).",
    "Username must have at least 2 characters": "Nama pengguna harus memiliki setidaknya 2 karakter",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan kata sandi atau kode yang salah terlalu banyak kali, mohon tunggu selama %d menit dan coba lagi",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan sandi atau kode yang salah terlalu sering, mohon tunggu selama %d menit lalu coba kembali",
    "Your region is not allow to signup by phone": "Wilayah Anda tidak diizinkan untuk mendaftar melalui telepon",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Kata sandi atau kode salah, Anda memiliki %d kesempatan tersisa",
+    "password or code is incorrect": "kata sandi atau kode salah",
+    "password or code is incorrect, you have %d remaining chances": "Sandi atau kode salah, Anda memiliki %d kesempatan tersisa",
    "unsupported password type: %s": "jenis sandi tidak didukung: %s"
  },
  "general": {
    "Missing parameter": "Parameter hilang",
    "Please login first": "Silahkan login terlebih dahulu",
-    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
+    "The organization: %s should have one application at least": "Organisasi: %s setidaknya harus memiliki satu aplikasi",
    "The user: %s doesn't exist": "Pengguna: %s tidak ada",
    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
-    "this operation requires administrator to perform": "this operation requires administrator to perform"
+    "this operation is not allowed in demo mode": "tindakan ini tidak diizinkan pada mode demo",
+    "this operation requires administrator to perform": "tindakan ini membutuhkan peran administrator"
  },
  "ldap": {
    "Ldap server exist": "Server ldap ada"
  },
  "link": {
-    "Please link first": "Tolong tautkan terlebih dahulu",
+    "Please link first": "Silahkan tautkan terlebih dahulu",
    "This application has no providers": "Aplikasi ini tidak memiliki penyedia",
    "This application has no providers of type": " Aplikasi ini tidak memiliki penyedia tipe ",
-    "This provider can't be unlinked": "Pemberi layanan ini tidak dapat dipisahkan",
+    "This provider can't be unlinked": "Penyedia layanan ini tidak dapat dipisahkan",
    "You are not the global admin, you can't unlink other users": "Anda bukan admin global, Anda tidak dapat memutuskan tautan pengguna lain",
    "You can't unlink yourself, you are not a member of any application": "Anda tidak dapat memutuskan tautan diri sendiri, karena Anda bukan anggota dari aplikasi apa pun"
  },
@ -101,11 +101,11 @@
    "Unknown modify rule %s.": "Aturan modifikasi tidak diketahui %s."
  },
  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+    "The permission: \\\"%s\\\" doesn't exist": "Izin: \\\"%s\\\" tidak ada"
  },
  "provider": {
    "Invalid application id": "ID aplikasi tidak valid",
-    "the provider: %s does not exist": "provider: %s tidak ada"
+    "the provider: %s does not exist": "penyedia: %s tidak ada"
  },
  "resource": {
    "User is nil for tag: avatar": "Pengguna kosong untuk tag: avatar",
@ -129,13 +129,13 @@
  "token": {
    "Grant_type: %s is not supported in this application": "Jenis grant (grant_type) %s tidak didukung dalam aplikasi ini",
    "Invalid application or wrong clientSecret": "Aplikasi tidak valid atau clientSecret salah",
-    "Invalid client_id": "Invalid client_id = ID klien tidak valid",
+    "Invalid client_id": "ID klien tidak valid",
    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI pengalihan: %s tidak ada dalam daftar URI Pengalihan yang diizinkan",
    "Token not found, invalid accessToken": "Token tidak ditemukan, accessToken tidak valid"
  },
  "user": {
    "Display name cannot be empty": "Nama tampilan tidak boleh kosong",
-    "New password cannot contain blank space.": "Kata sandi baru tidak boleh mengandung spasi kosong."
+    "New password cannot contain blank space.": "Sandi baru tidak boleh mengandung spasi kosong."
  },
  "user_upload": {
    "Failed to import users": "Gagal mengimpor pengguna"
@ -148,16 +148,16 @@
  "verification": {
    "Invalid captcha provider.": "Penyedia captcha tidak valid.",
    "Phone number is invalid in your region %s": "Nomor telepon tidak valid di wilayah anda %s",
-    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
+    "The verification code has not been sent yet!": "Kode verifikasi belum terkirim!",
+    "The verification code has not been sent yet, or has already been used!": "Kode verifikasi belum dikirim atau telah digunakan!",
    "Turing test failed.": "Tes Turing gagal.",
    "Unable to get the email modify rule.": "Tidak dapat memperoleh aturan modifikasi email.",
    "Unable to get the phone modify rule.": "Tidak dapat memodifikasi aturan telepon.",
    "Unknown type": "Tipe tidak diketahui",
    "Wrong verification code!": "Kode verifikasi salah!",
    "You should verify your code in %d min!": "Anda harus memverifikasi kode Anda dalam %d menit!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "silahkan tambahkan penyedia SMS ke daftar \\\"Penyedia\\\" untuk aplikasi: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "silahkan tambahkan penyedia Email ke daftar \\\"Penyedia\\\" untuk aplikasi: %s",
    "the user does not exist, please sign up first": "Pengguna tidak ada, silakan daftar terlebih dahulu"
  },
  "webauthn": {
--- a/idp/dingtalk.go
+++ b/idp/dingtalk.go
@ -136,12 +136,12 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 	dtUserInfo := &DingTalkUserResponse{}
 	accessToken := token.AccessToken

-	reqest, err := http.NewRequest("GET", idp.Config.Endpoint.AuthURL, nil)
+	request, err := http.NewRequest("GET", idp.Config.Endpoint.AuthURL, nil)
 	if err != nil {
 		return nil, err
 	}
-	reqest.Header.Add("x-acs-dingtalk-access-token", accessToken)
-	resp, err := idp.Client.Do(reqest)
+	request.Header.Add("x-acs-dingtalk-access-token", accessToken)
+	resp, err := idp.Client.Do(request)
 	if err != nil {
 		return nil, err
 	}
--- a/idp/goth.go
+++ b/idp/goth.go
@ -278,9 +278,16 @@ func NewGothIdProvider(providerType string, clientId string, clientSecret string
 			Session:  &naver.Session{},
 		}
 	case "Nextcloud":
-		idp = GothIdProvider{
-			Provider: nextcloud.New(clientId, clientSecret, redirectUrl),
-			Session:  &nextcloud.Session{},
+		if hostUrl != "" {
+			idp = GothIdProvider{
+				Provider: nextcloud.NewCustomisedDNS(clientId, clientSecret, redirectUrl, hostUrl),
+				Session:  &nextcloud.Session{},
+			}
+		} else {
+			idp = GothIdProvider{
+				Provider: nextcloud.New(clientId, clientSecret, redirectUrl),
+				Session:  &nextcloud.Session{},
+			}
 		}
 	case "OneDrive":
 		idp = GothIdProvider{
--- a/idp/provider.go
+++ b/idp/provider.go
@ -44,6 +44,7 @@ type ProviderInfo struct {
 	AppId         string
 	HostUrl       string
 	RedirectUrl   string
+	DisableSsl    bool

 	TokenURL    string
 	AuthURL     string
@ -79,9 +80,9 @@ func GetIdProvider(idpInfo *ProviderInfo, redirectUrl string) (IdProvider, error
 		return NewLinkedInIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil
 	case "WeCom":
 		if idpInfo.SubType == "Internal" {
-			return NewWeComInternalIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil
+			return NewWeComInternalIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.DisableSsl), nil
 		} else if idpInfo.SubType == "Third-party" {
-			return NewWeComIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil
+			return NewWeComIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.DisableSsl), nil
 		} else {
 			return nil, fmt.Errorf("WeCom provider subType: %s is not supported", idpInfo.SubType)
 		}
--- a/idp/wechat.go
+++ b/idp/wechat.go
@ -299,12 +299,12 @@ func GetWechatOfficialAccountQRCode(clientId string, clientSecret string, provid
 	params := fmt.Sprintf(`{"expire_seconds": 3600, "action_name": "QR_STR_SCENE", "action_info": {"scene": {"scene_str": "%s"}}}`, providerId)

 	bodyData := bytes.NewReader([]byte(params))
-	requeset, err := http.NewRequest("POST", qrCodeUrl, bodyData)
+	request, err := http.NewRequest("POST", qrCodeUrl, bodyData)
 	if err != nil {
 		return "", "", err
 	}

-	resp, err := client.Do(requeset)
+	resp, err := client.Do(request)
 	if err != nil {
 		return "", "", err
 	}
--- a/idp/wecom_internal.go
+++ b/idp/wecom_internal.go
@ -29,13 +29,16 @@ import (
 type WeComInternalIdProvider struct {
 	Client *http.Client
 	Config *oauth2.Config
+
+	UseIdAsName bool
 }

-func NewWeComInternalIdProvider(clientId string, clientSecret string, redirectUrl string) *WeComInternalIdProvider {
+func NewWeComInternalIdProvider(clientId string, clientSecret string, redirectUrl string, useIdAsName bool) *WeComInternalIdProvider {
 	idp := &WeComInternalIdProvider{}

 	config := idp.getConfig(clientId, clientSecret, redirectUrl)
 	idp.Config = config
+	idp.UseIdAsName = useIdAsName

 	return idp
 }
@ -169,5 +172,9 @@ func (idp *WeComInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo,
 		userInfo.Id = userInfo.Username
 	}

+	if idp.UseIdAsName {
+		userInfo.Username = userInfo.Id
+	}
+
 	return &userInfo, nil
 }
--- a/idp/wecom_third_party.go
+++ b/idp/wecom_third_party.go
@ -28,13 +28,16 @@ import (
 type WeComIdProvider struct {
 	Client *http.Client
 	Config *oauth2.Config
+
+	UseIdAsName bool
 }

-func NewWeComIdProvider(clientId string, clientSecret string, redirectUrl string) *WeComIdProvider {
+func NewWeComIdProvider(clientId string, clientSecret string, redirectUrl string, useIdAsName bool) *WeComIdProvider {
 	idp := &WeComIdProvider{}

 	config := idp.getConfig(clientId, clientSecret, redirectUrl)
 	idp.Config = config
+	idp.UseIdAsName = useIdAsName

 	return idp
 }
@ -183,6 +186,10 @@ func (idp *WeComIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 		DisplayName: wecomUserInfo.UserInfo.Name,
 		AvatarUrl:   wecomUserInfo.UserInfo.Avatar,
 	}
+
+	if idp.UseIdAsName {
+		userInfo.Username = userInfo.Id
+	}
 	return &userInfo, nil
 }

--- a/main.go
+++ b/main.go
@ -15,6 +15,7 @@
 package main

 import (
+	"encoding/json"
 	"fmt"

 	"github.com/beego/beego"
@ -77,10 +78,26 @@ func main() {
 	beego.BConfig.WebConfig.Session.SessionGCMaxLifetime = 3600 * 24 * 30
 	// beego.BConfig.WebConfig.Session.SessionCookieSameSite = http.SameSiteNoneMode

-	err := logs.SetLogger(logs.AdapterFile, conf.GetConfigString("logConfig"))
+	var logAdapter string
+	logConfigMap := make(map[string]interface{})
+	err := json.Unmarshal([]byte(conf.GetConfigString("logConfig")), &logConfigMap)
 	if err != nil {
 		panic(err)
 	}
+	_, ok := logConfigMap["adapter"]
+	if !ok {
+		logAdapter = "file"
+	} else {
+		logAdapter = logConfigMap["adapter"].(string)
+	}
+	if logAdapter == "console" {
+		logs.Reset()
+	}
+	err = logs.SetLogger(logAdapter, conf.GetConfigString("logConfig"))
+	if err != nil {
+		panic(err)
+	}
+
 	port := beego.AppConfig.DefaultInt("httpport", 8000)
 	// logs.SetLevel(logs.LevelInformational)
 	logs.SetLogFuncCall(false)
--- a/object/adapter.go
+++ b/object/adapter.go
@ -191,12 +191,7 @@ func (adapter *Adapter) InitAdapter() error {
 		}
 	}

-	var tableName string
-	if driverName == "mssql" {
-		tableName = fmt.Sprintf("[%s]", adapter.Table)
-	} else {
-		tableName = adapter.Table
-	}
+	tableName := adapter.Table

 	adapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(engine, tableName, "")
 	if err != nil {
--- a/object/application.go
+++ b/object/application.go
@ -85,7 +85,7 @@ type Application struct {
 	EnableWebAuthn        bool            `json:"enableWebAuthn"`
 	EnableLinkWithEmail   bool            `json:"enableLinkWithEmail"`
 	OrgChoiceMode         string          `json:"orgChoiceMode"`
-	SamlReplyUrl          string          `xorm:"varchar(100)" json:"samlReplyUrl"`
+	SamlReplyUrl          string          `xorm:"varchar(500)" json:"samlReplyUrl"`
 	Providers             []*ProviderItem `xorm:"mediumtext" json:"providers"`
 	SigninMethods         []*SigninMethod `xorm:"varchar(2000)" json:"signinMethods"`
 	SignupItems           []*SignupItem   `xorm:"varchar(3000)" json:"signupItems"`
@ -101,6 +101,7 @@ type Application struct {
 	ClientId                string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret            string     `xorm:"varchar(100)" json:"clientSecret"`
 	RedirectUris            []string   `xorm:"varchar(1000)" json:"redirectUris"`
+	ForcedRedirectOrigin    string     `xorm:"varchar(100)" json:"forcedRedirectOrigin"`
 	TokenFormat             string     `xorm:"varchar(100)" json:"tokenFormat"`
 	TokenSigningMethod      string     `xorm:"varchar(100)" json:"tokenSigningMethod"`
 	TokenFields             []string   `xorm:"varchar(1000)" json:"tokenFields"`
--- a/object/cert.go
+++ b/object/cert.go
@ -63,7 +63,11 @@ func GetCertCount(owner, field, value string) (int64, error) {

 func GetCerts(owner string) ([]*Cert, error) {
 	certs := []*Cert{}
-	err := ormer.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&certs, &Cert{})
+	db := ormer.Engine.NewSession()
+	if owner != "" {
+		db = db.Where("owner = ? or owner = ? ", "admin", owner)
+	}
+	err := db.Desc("created_time").Find(&certs, &Cert{})
 	if err != nil {
 		return certs, err
 	}
--- a/object/email.go
+++ b/object/email.go
@ -31,7 +31,7 @@ func TestSmtpServer(provider *Provider) error {
 }

 func SendEmail(provider *Provider, title string, content string, dest string, sender string) error {
-	emailProvider := email.GetEmailProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Host, provider.Port, provider.DisableSsl, provider.Endpoint, provider.Method)
+	emailProvider := email.GetEmailProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Host, provider.Port, provider.DisableSsl, provider.Endpoint, provider.Method, provider.HttpHeaders, provider.UserMapping, provider.IssuerUrl)

 	fromAddress := provider.ClientId2
 	if fromAddress == "" {
--- a/object/group.go
+++ b/object/group.go
@ -17,6 +17,7 @@ package object
 import (
 	"errors"
 	"fmt"
+	"strings"

 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
@ -210,6 +211,12 @@ func DeleteGroup(group *Group) (bool, error) {
 }

 func checkGroupName(name string) error {
+	if name == "" {
+		return errors.New("group name can't be empty")
+	}
+	if strings.Contains(name, "/") {
+		return errors.New("group name can't contain \"/\"")
+	}
 	exist, err := ormer.Engine.Exist(&Organization{Owner: "admin", Name: name})
 	if err != nil {
 		return err
--- a/object/init_data.go
+++ b/object/init_data.go
@ -70,12 +70,12 @@ func InitFromFile() {
 		for _, provider := range initData.Providers {
 			initDefinedProvider(provider)
 		}
-		for _, user := range initData.Users {
-			initDefinedUser(user)
-		}
 		for _, application := range initData.Applications {
 			initDefinedApplication(application)
 		}
+		for _, user := range initData.Users {
+			initDefinedUser(user)
+		}
 		for _, cert := range initData.Certs {
 			initDefinedCert(cert)
 		}
--- a/object/ldap.go
+++ b/object/ldap.go
@ -23,17 +23,18 @@ type Ldap struct {
 	Owner       string `xorm:"varchar(100)" json:"owner"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	ServerName   string   `xorm:"varchar(100)" json:"serverName"`
-	Host         string   `xorm:"varchar(100)" json:"host"`
-	Port         int      `xorm:"int" json:"port"`
-	EnableSsl    bool     `xorm:"bool" json:"enableSsl"`
-	Username     string   `xorm:"varchar(100)" json:"username"`
-	Password     string   `xorm:"varchar(100)" json:"password"`
-	BaseDn       string   `xorm:"varchar(100)" json:"baseDn"`
-	Filter       string   `xorm:"varchar(200)" json:"filter"`
-	FilterFields []string `xorm:"varchar(100)" json:"filterFields"`
-	DefaultGroup string   `xorm:"varchar(100)" json:"defaultGroup"`
-	PasswordType string   `xorm:"varchar(100)" json:"passwordType"`
+	ServerName          string   `xorm:"varchar(100)" json:"serverName"`
+	Host                string   `xorm:"varchar(100)" json:"host"`
+	Port                int      `xorm:"int" json:"port"`
+	EnableSsl           bool     `xorm:"bool" json:"enableSsl"`
+	AllowSelfSignedCert bool     `xorm:"bool" json:"allowSelfSignedCert"`
+	Username            string   `xorm:"varchar(100)" json:"username"`
+	Password            string   `xorm:"varchar(100)" json:"password"`
+	BaseDn              string   `xorm:"varchar(100)" json:"baseDn"`
+	Filter              string   `xorm:"varchar(200)" json:"filter"`
+	FilterFields        []string `xorm:"varchar(100)" json:"filterFields"`
+	DefaultGroup        string   `xorm:"varchar(100)" json:"defaultGroup"`
+	PasswordType        string   `xorm:"varchar(100)" json:"passwordType"`

 	AutoSync int    `json:"autoSync"`
 	LastSync string `xorm:"varchar(100)" json:"lastSync"`
@ -150,7 +151,7 @@ func UpdateLdap(ldap *Ldap) (bool, error) {
 	}

 	affected, err := ormer.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group", "password_type").Update(ldap)
+		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync", "default_group", "password_type", "allow_self_signed_cert").Update(ldap)
 	if err != nil {
 		return false, nil
 	}
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@ -106,6 +106,12 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) e
 		}

 		existed, failed, err := SyncLdapUsers(ldap.Owner, AutoAdjustLdapUser(users), ldap.Id)
+		if err != nil {
+			conn.Close()
+			logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
+			continue
+		}
+
 		if len(failed) != 0 {
 			logs.Warning(fmt.Sprintf("ldap autosync,%d new users,but %d user failed during :", len(users)-len(existed)-len(failed), len(failed)), failed)
 			logs.Warning(err.Error())
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@ -16,6 +16,7 @@ package object

 import (
 	"crypto/md5"
+	"crypto/tls"
 	"encoding/base64"
 	"errors"
 	"fmt"
@ -64,8 +65,11 @@ type LdapUser struct {

 func (ldap *Ldap) GetLdapConn() (c *LdapConn, err error) {
 	var conn *goldap.Conn
+	tlsConfig := tls.Config{
+		InsecureSkipVerify: ldap.AllowSelfSignedCert,
+	}
 	if ldap.EnableSsl {
-		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), &tlsConfig)
 	} else {
 		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
 	}
--- a/object/mfa_sms.go
+++ b/object/mfa_sms.go
@ -60,7 +60,8 @@ func (mfa *SmsMfa) Enable(user *User) error {
 		columns = append(columns, "mfa_phone_enabled", "phone", "country_code")
 	} else if mfa.MfaType == EmailType {
 		user.MfaEmailEnabled = true
-		columns = append(columns, "mfa_email_enabled", "email")
+		user.EmailVerified = true
+		columns = append(columns, "mfa_email_enabled", "email", "email_verified")
 	}

 	_, err := UpdateUser(user.GetId(), user, columns, false)
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@ -30,6 +30,7 @@ type OidcDiscovery struct {
 	AuthorizationEndpoint                  string   `json:"authorization_endpoint"`
 	TokenEndpoint                          string   `json:"token_endpoint"`
 	UserinfoEndpoint                       string   `json:"userinfo_endpoint"`
+	DeviceAuthorizationEndpoint            string   `json:"device_authorization_endpoint"`
 	JwksUri                                string   `json:"jwks_uri"`
 	IntrospectionEndpoint                  string   `json:"introspection_endpoint"`
 	ResponseTypesSupported                 []string `json:"response_types_supported"`
@ -119,6 +120,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		AuthorizationEndpoint:                  fmt.Sprintf("%s/login/oauth/authorize", originFrontend),
 		TokenEndpoint:                          fmt.Sprintf("%s/api/login/oauth/access_token", originBackend),
 		UserinfoEndpoint:                       fmt.Sprintf("%s/api/userinfo", originBackend),
+		DeviceAuthorizationEndpoint:            fmt.Sprintf("%s/api/device-auth", originBackend),
 		JwksUri:                                fmt.Sprintf("%s/.well-known/jwks", originBackend),
 		IntrospectionEndpoint:                  fmt.Sprintf("%s/api/login/oauth/introspect", originBackend),
 		ResponseTypesSupported:                 []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token", "none"},
@ -138,7 +140,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {

 func GetJsonWebKeySet() (jose.JSONWebKeySet, error) {
 	jwks := jose.JSONWebKeySet{}
-	certs, err := GetCerts("admin")
+	certs, err := GetCerts("")
 	if err != nil {
 		return jwks, err
 	}
@ -213,3 +215,14 @@ func GetWebFinger(resource string, rels []string, host string) (WebFinger, error

 	return wf, nil
 }
+
+func GetDeviceAuthResponse(deviceCode string, userCode string, host string) DeviceAuthResponse {
+	originFrontend, _ := getOriginFromHost(host)
+
+	return DeviceAuthResponse{
+		DeviceCode:      deviceCode,
+		UserCode:        userCode,
+		VerificationUri: fmt.Sprintf("%s/login/oauth/device/%s", originFrontend, userCode),
+		ExpiresIn:       120,
+	}
+}
--- a/object/organization.go
+++ b/object/organization.go
@ -63,7 +63,7 @@ type Organization struct {
 	PasswordObfuscatorType string     `xorm:"varchar(100)" json:"passwordObfuscatorType"`
 	PasswordObfuscatorKey  string     `xorm:"varchar(100)" json:"passwordObfuscatorKey"`
 	PasswordExpireDays     int        `json:"passwordExpireDays"`
-	CountryCodes           []string   `xorm:"varchar(200)"  json:"countryCodes"`
+	CountryCodes           []string   `xorm:"mediumtext"  json:"countryCodes"`
 	DefaultAvatar          string     `xorm:"varchar(200)" json:"defaultAvatar"`
 	DefaultApplication     string     `xorm:"varchar(100)" json:"defaultApplication"`
 	UserTypes              []string   `xorm:"mediumtext" json:"userTypes"`
@ -80,7 +80,8 @@ type Organization struct {
 	UseEmailAsUsername     bool       `json:"useEmailAsUsername"`
 	EnableTour             bool       `json:"enableTour"`
 	IpRestriction          string     `json:"ipRestriction"`
-	NavItems               []string   `xorm:"varchar(500)" json:"navItems"`
+	NavItems               []string   `xorm:"varchar(1000)" json:"navItems"`
+	WidgetItems            []string   `xorm:"varchar(1000)" json:"widgetItems"`

 	MfaItems     []*MfaItem     `xorm:"varchar(300)" json:"mfaItems"`
 	AccountItems []*AccountItem `xorm:"varchar(5000)" json:"accountItems"`
@ -227,6 +228,7 @@ func UpdateOrganization(id string, organization *Organization, isGlobalAdmin boo

 	if !isGlobalAdmin {
 		organization.NavItems = org.NavItems
+		organization.WidgetItems = org.WidgetItems
 	}

 	session := ormer.Engine.ID(core.PK{owner, name}).AllCols()
--- a/object/ormer.go
+++ b/object/ormer.go
@ -157,7 +157,7 @@ func NewAdapter(driverName string, dataSourceName string, dbName string) (*Ormer
 	return a, nil
 }

-// NewAdapterFromdb is the constructor for Ormer.
+// NewAdapterFromDb is the constructor for Ormer.
 func NewAdapterFromDb(driverName string, dataSourceName string, dbName string, db *sql.DB) (*Ormer, error) {
 	a := &Ormer{}
 	a.driverName = driverName
@ -179,7 +179,7 @@ func NewAdapterFromDb(driverName string, dataSourceName string, dbName string, d

 func refineDataSourceNameForPostgres(dataSourceName string) string {
 	reg := regexp.MustCompile(`dbname=[^ ]+\s*`)
-	return reg.ReplaceAllString(dataSourceName, "")
+	return reg.ReplaceAllString(dataSourceName, "dbname=postgres")
 }

 func createDatabaseForPostgres(driverName string, dataSourceName string, dbName string) error {
@ -190,7 +190,7 @@ func createDatabaseForPostgres(driverName string, dataSourceName string, dbName
 		}
 		defer db.Close()

-		_, err = db.Exec(fmt.Sprintf("CREATE DATABASE %s;", dbName))
+		_, err = db.Exec(fmt.Sprintf("CREATE DATABASE \"%s\";", dbName))
 		if err != nil {
 			if !strings.Contains(err.Error(), "already exists") {
 				return err
--- a/object/provider.go
+++ b/object/provider.go
@ -48,6 +48,7 @@ type Provider struct {
 	CustomLogo        string            `xorm:"varchar(200)" json:"customLogo"`
 	Scopes            string            `xorm:"varchar(100)" json:"scopes"`
 	UserMapping       map[string]string `xorm:"varchar(500)" json:"userMapping"`
+	HttpHeaders       map[string]string `xorm:"varchar(500)" json:"httpHeaders"`

 	Host       string `xorm:"varchar(100)" json:"host"`
 	Port       int    `json:"port"`
@ -474,6 +475,7 @@ func FromProviderToIdpInfo(ctx *context.Context, provider *Provider) *idp.Provid
 		AuthURL:       provider.CustomAuthUrl,
 		UserInfoURL:   provider.CustomUserInfoUrl,
 		UserMapping:   provider.UserMapping,
+		DisableSsl:    provider.DisableSsl,
 	}

 	if provider.Type == "WeChat" {
--- a/object/record.go
+++ b/object/record.go
@ -263,6 +263,27 @@ func addWebhookRecord(webhook *Webhook, record *casvisorsdk.Record, statusCode i
 	return err
 }

+func filterRecordObject(object string, objectFields []string) string {
+	var rawObject map[string]interface{}
+	_ = json.Unmarshal([]byte(object), &rawObject)
+
+	if rawObject == nil {
+		return object
+	}
+
+	filteredObject := make(map[string]interface{})
+
+	for _, field := range objectFields {
+		fieldValue, ok := rawObject[field]
+		if !ok {
+			continue
+		}
+		filteredObject[field] = fieldValue
+	}
+
+	return util.StructToJson(filteredObject)
+}
+
 func SendWebhooks(record *casvisorsdk.Record) error {
 	webhooks, err := getWebhooksByOrganization("")
 	if err != nil {
@ -271,7 +292,14 @@ func SendWebhooks(record *casvisorsdk.Record) error {

 	errs := []error{}
 	webhooks = getFilteredWebhooks(webhooks, record.Organization, record.Action)
+
+	record2 := *record
 	for _, webhook := range webhooks {
+
+		if len(webhook.ObjectFields) != 0 && webhook.ObjectFields[0] != "All" {
+			record2.Object = filterRecordObject(record.Object, webhook.ObjectFields)
+		}
+
 		var user *User
 		if webhook.IsUserExtended {
 			user, err = getUser(record.Organization, record.User)
@ -287,12 +315,12 @@ func SendWebhooks(record *casvisorsdk.Record) error {
 			}
 		}

-		statusCode, respBody, err := sendWebhook(webhook, record, user)
+		statusCode, respBody, err := sendWebhook(webhook, &record2, user)
 		if err != nil {
 			errs = append(errs, err)
 		}

-		err = addWebhookRecord(webhook, record, statusCode, respBody, err)
+		err = addWebhookRecord(webhook, &record2, statusCode, respBody, err)
 		if err != nil {
 			errs = append(errs, err)
 		}
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@ -30,7 +30,7 @@ import (
 	"time"

 	"github.com/beevik/etree"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
 	saml "github.com/russellhaering/gosaml2"
 	dsig "github.com/russellhaering/goxmldsig"
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@ -21,7 +21,7 @@ import (
 	"time"

 	"github.com/casdoor/casdoor/util"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )

 type Claims struct {
@ -31,7 +31,8 @@ type Claims struct {
 	Tag       string `json:"tag"`
 	Scope     string `json:"scope,omitempty"`
 	// the `azp` (Authorized Party) claim. Optional. See https://openid.net/specs/openid-connect-core-1_0.html#IDToken
-	Azp string `json:"azp,omitempty"`
+	Azp      string `json:"azp,omitempty"`
+	Provider string `json:"provider,omitempty"`
 	jwt.RegisteredClaims
 }

@ -46,6 +47,17 @@ type UserShort struct {
 	Phone       string `xorm:"varchar(100) index" json:"phone"`
 }

+type UserStandard struct {
+	Owner string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name  string `xorm:"varchar(100) notnull pk" json:"preferred_username,omitempty"`
+
+	Id          string `xorm:"varchar(100) index" json:"id"`
+	DisplayName string `xorm:"varchar(100)" json:"name,omitempty"`
+	Avatar      string `xorm:"varchar(500)" json:"picture,omitempty"`
+	Email       string `xorm:"varchar(100) index" json:"email,omitempty"`
+	Phone       string `xorm:"varchar(100) index" json:"phone,omitempty"`
+}
+
 type UserWithoutThirdIdp struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@ -140,6 +152,7 @@ type ClaimsShort struct {
 	Nonce     string `json:"nonce,omitempty"`
 	Scope     string `json:"scope,omitempty"`
 	Azp       string `json:"azp,omitempty"`
+	Provider  string `json:"provider,omitempty"`
 	jwt.RegisteredClaims
 }

@ -159,6 +172,7 @@ type ClaimsWithoutThirdIdp struct {
 	Tag       string `json:"tag"`
 	Scope     string `json:"scope,omitempty"`
 	Azp       string `json:"azp,omitempty"`
+	Provider  string `json:"provider,omitempty"`
 	jwt.RegisteredClaims
 }

@ -176,6 +190,20 @@ func getShortUser(user *User) *UserShort {
 	return res
 }

+func getStandardUser(user *User) *UserStandard {
+	res := &UserStandard{
+		Owner: user.Owner,
+		Name:  user.Name,
+
+		Id:          user.Id,
+		DisplayName: user.DisplayName,
+		Avatar:      user.Avatar,
+		Email:       user.Email,
+		Phone:       user.Phone,
+	}
+	return res
+}
+
 func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {
 	res := &UserWithoutThirdIdp{
 		Owner:       user.Owner,
@ -274,6 +302,7 @@ func getShortClaims(claims Claims) ClaimsShort {
 		Scope:            claims.Scope,
 		RegisteredClaims: claims.RegisteredClaims,
 		Azp:              claims.Azp,
+		Provider:         claims.Provider,
 	}
 	return res
 }
@ -287,6 +316,7 @@ func getClaimsWithoutThirdIdp(claims Claims) ClaimsWithoutThirdIdp {
 		Scope:               claims.Scope,
 		RegisteredClaims:    claims.RegisteredClaims,
 		Azp:                 claims.Azp,
+		Provider:            claims.Provider,
 	}
 	return res
 }
@ -308,6 +338,7 @@ func getClaimsCustom(claims Claims, tokenField []string) jwt.MapClaims {
 	res["tag"] = claims.Tag
 	res["scope"] = claims.Scope
 	res["azp"] = claims.Azp
+	res["provider"] = claims.Provider

 	for _, field := range tokenField {
 		userField := userValue.FieldByName(field)
@ -342,7 +373,7 @@ func refineUser(user *User) *User {
 	return user
 }

-func generateJwtToken(application *Application, user *User, nonce string, scope string, host string) (string, string, string, error) {
+func generateJwtToken(application *Application, user *User, provider string, nonce string, scope string, host string) (string, string, string, error) {
 	nowTime := time.Now()
 	expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour)
 	refreshExpireTime := nowTime.Add(time.Duration(application.RefreshExpireInHours) * time.Hour)
@ -362,9 +393,10 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 		TokenType: "access-token",
 		Nonce:     nonce,
 		// FIXME: A workaround for custom claim by reusing `tag` in user info
-		Tag:   user.Tag,
-		Scope: scope,
-		Azp:   application.ClientId,
+		Tag:      user.Tag,
+		Scope:    scope,
+		Azp:      application.ClientId,
+		Provider: provider,
 		RegisteredClaims: jwt.RegisteredClaims{
 			Issuer:    originBackend,
 			Subject:   user.Id,
--- a/object/token_oauth.go
+++ b/object/token_oauth.go
@ -18,6 +18,7 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
+	"sync"
 	"time"

 	"github.com/casdoor/casdoor/i18n"
@ -37,6 +38,8 @@ const (
 	EndpointError        = "endpoint_error"
 )

+var DeviceAuthMap = sync.Map{}
+
 type Code struct {
 	Message string `xorm:"varchar(100)" json:"message"`
 	Code    string `xorm:"varchar(100)" json:"code"`
@ -71,6 +74,22 @@ type IntrospectionResponse struct {
 	Jti       string   `json:"jti,omitempty"`
 }

+type DeviceAuthCache struct {
+	UserSignIn    bool
+	UserName      string
+	ApplicationId string
+	Scope         string
+	RequestAt     time.Time
+}
+
+type DeviceAuthResponse struct {
+	DeviceCode      string `json:"device_code"`
+	UserCode        string `json:"user_code"`
+	VerificationUri string `json:"verification_uri"`
+	ExpiresIn       int    `json:"expires_in"`
+	Interval        int    `json:"interval"`
+}
+
 func ExpireTokenByAccessToken(accessToken string) (bool, *Application, *Token, error) {
 	token, err := GetTokenByAccessToken(accessToken)
 	if err != nil {
@ -117,7 +136,7 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
 	return "", application, nil
 }

-func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string, nonce string, challenge string, host string, lang string) (*Code, error) {
+func GetOAuthCode(userId string, clientId string, provider string, responseType string, redirectUri string, scope string, state string, nonce string, challenge string, host string, lang string) (*Code, error) {
 	user, err := GetUser(userId)
 	if err != nil {
 		return nil, err
@ -152,7 +171,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 	if err != nil {
 		return nil, err
 	}
-	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host)
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, provider, nonce, scope, host)
 	if err != nil {
 		return nil, err
 	}
@ -222,6 +241,8 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 		token, tokenError, err = GetClientCredentialsToken(application, clientSecret, scope, host)
 	case "token", "id_token": // Implicit Grant
 		token, tokenError, err = GetImplicitToken(application, username, scope, nonce, host)
+	case "urn:ietf:params:oauth:grant-type:device_code":
+		token, tokenError, err = GetImplicitToken(application, username, scope, nonce, host)
 	case "refresh_token":
 		refreshToken2, err := RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
 		if err != nil {
@ -358,7 +379,7 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 		return nil, err
 	}

-	newAccessToken, newRefreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
+	newAccessToken, newRefreshToken, tokenName, err := generateJwtToken(application, user, "", "", scope, host)
 	if err != nil {
 		return &TokenError{
 			Error:            EndpointError,
@ -537,7 +558,7 @@ func GetPasswordToken(application *Application, username string, password string
 		return nil, nil, err
 	}

-	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", scope, host)
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", scope, host)
 	if err != nil {
 		return nil, &TokenError{
 			Error:            EndpointError,
@ -583,7 +604,7 @@ func GetClientCredentialsToken(application *Application, clientSecret string, sc
 		Type:  "application",
 	}

-	accessToken, _, tokenName, err := generateJwtToken(application, nullUser, "", scope, host)
+	accessToken, _, tokenName, err := generateJwtToken(application, nullUser, "", "", scope, host)
 	if err != nil {
 		return nil, &TokenError{
 			Error:            EndpointError,
@ -647,7 +668,7 @@ func GetTokenByUser(application *Application, user *User, scope string, nonce st
 		return nil, err
 	}

-	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, nonce, scope, host)
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", nonce, scope, host)
 	if err != nil {
 		return nil, err
 	}
@ -754,7 +775,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 		return nil, nil, err
 	}

-	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", host)
+	accessToken, refreshToken, tokenName, err := generateJwtToken(application, user, "", "", "", host)
 	if err != nil {
 		return nil, &TokenError{
 			Error:            EndpointError,
--- a/object/token_standard_jwt.go
+++ b/object/token_standard_jwt.go
@ -19,11 +19,11 @@ import (
 	"strings"

 	"github.com/casdoor/casdoor/util"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )

 type ClaimsStandard struct {
-	*UserShort
+	*UserStandard
 	EmailVerified       bool        `json:"email_verified,omitempty"`
 	PhoneNumber         string      `json:"phone_number,omitempty"`
 	PhoneNumberVerified bool        `json:"phone_number_verified,omitempty"`
@ -33,6 +33,7 @@ type ClaimsStandard struct {
 	Scope               string      `json:"scope,omitempty"`
 	Address             OIDCAddress `json:"address,omitempty"`
 	Azp                 string      `json:"azp,omitempty"`
+	Provider            string      `json:"provider,omitempty"`

 	jwt.RegisteredClaims
 }
@ -47,13 +48,14 @@ func getStreetAddress(user *User) string {

 func getStandardClaims(claims Claims) ClaimsStandard {
 	res := ClaimsStandard{
-		UserShort:        getShortUser(claims.User),
+		UserStandard:     getStandardUser(claims.User),
 		EmailVerified:    claims.User.EmailVerified,
 		TokenType:        claims.TokenType,
 		Nonce:            claims.Nonce,
 		Scope:            claims.Scope,
 		RegisteredClaims: claims.RegisteredClaims,
 		Azp:              claims.Azp,
+		Provider:         claims.Provider,
 	}

 	res.Phone = ""
--- a/object/user.go
+++ b/object/user.go
@ -459,6 +459,31 @@ func GetUserByEmail(owner string, email string) (*User, error) {
 	}
 }

+func GetUserByWebauthID(webauthId string) (*User, error) {
+	user := User{}
+	existed := false
+	var err error
+
+	if ormer.driverName == "postgres" {
+		existed, err = ormer.Engine.Where(builder.Like{"\"webauthnCredentials\"", webauthId}).Get(&user)
+	} else if ormer.driverName == "mssql" {
+		existed, err = ormer.Engine.Where("CAST(webauthnCredentials AS VARCHAR(MAX)) like ?", "%"+webauthId+"%").Get(&user)
+	} else if ormer.driverName == "sqlite" {
+		existed, err = ormer.Engine.Where("CAST(webauthnCredentials AS text) like ?", "%"+webauthId+"%").Get(&user)
+	} else {
+		existed, err = ormer.Engine.Where("webauthnCredentials like ?", "%"+webauthId+"%").Get(&user)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if !existed {
+		return nil, fmt.Errorf("user not exist")
+	}
+
+	return &user, err
+}
+
 func GetUserByEmailOnly(email string) (*User, error) {
 	if email == "" {
 		return nil, nil
@ -812,6 +837,10 @@ func AddUser(user *User) (bool, error) {
 		return false, fmt.Errorf("the user's owner and name should not be empty")
 	}

+	if CheckUsernameWithEmail(user.Name, "en") != "" {
+		user.Name = util.GetRandomName()
+	}
+
 	organization, err := GetOrganizationByUser(user)
 	if err != nil {
 		return false, err
@ -820,6 +849,16 @@ func AddUser(user *User) (bool, error) {
 		return false, fmt.Errorf("the organization: %s is not found", user.Owner)
 	}

+	if user.Owner != "built-in" {
+		applicationCount, err := GetOrganizationApplicationCount(organization.Owner, organization.Name, "", "")
+		if err != nil {
+			return false, err
+		}
+		if applicationCount == 0 {
+			return false, fmt.Errorf("The organization: %s should have one application at least", organization.Owner)
+		}
+	}
+
 	if organization.DefaultPassword != "" && user.Password == "123" {
 		user.Password = organization.DefaultPassword
 	}
--- a/object/webhook.go
+++ b/object/webhook.go
@ -39,6 +39,7 @@ type Webhook struct {
 	Headers        []*Header `xorm:"mediumtext" json:"headers"`
 	Events         []string  `xorm:"varchar(1000)" json:"events"`
 	TokenFields    []string  `xorm:"varchar(1000)" json:"tokenFields"`
+	ObjectFields   []string  `xorm:"varchar(1000)" json:"objectFields"`
 	IsUserExtended bool      `json:"isUserExtended"`
 	SingleOrgOnly  bool      `json:"singleOrgOnly"`
 	IsEnabled      bool      `json:"isEnabled"`
--- a/routers/router.go
+++ b/routers/router.go
@ -66,6 +66,7 @@ func initAPI() {
 	beego.Router("/api/get-webhook-event", &controllers.ApiController{}, "GET:GetWebhookEventType")
 	beego.Router("/api/get-captcha-status", &controllers.ApiController{}, "GET:GetCaptchaStatus")
 	beego.Router("/api/callback", &controllers.ApiController{}, "POST:Callback")
+	beego.Router("/api/device-auth", &controllers.ApiController{}, "POST:DeviceAuth")

 	beego.Router("/api/get-organizations", &controllers.ApiController{}, "GET:GetOrganizations")
 	beego.Router("/api/get-organization", &controllers.ApiController{}, "GET:GetOrganization")
--- a/routers/static_filter.go
+++ b/routers/static_filter.go
@ -89,7 +89,7 @@ func fastAutoSignin(ctx *context.Context) (string, error) {
 		return "", nil
 	}

-	code, err := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, ctx.Request.Host, getAcceptLanguage(ctx))
+	code, err := object.GetOAuthCode(userId, clientId, "", responseType, redirectUri, scope, state, nonce, codeChallenge, ctx.Request.Host, getAcceptLanguage(ctx))
 	if err != nil {
 		return "", err
 	} else if code.Message != "" {
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -53,6 +53,14 @@ const template = `<style>
    background-color: #333333;
    box-shadow: 0 0 30px 20px rgba(255, 255, 255, 0.20);
  }
+  .forget-content {
+    padding: 10px 100px 20px;
+    margin: 30px auto;
+    border: 2px solid #fff;
+    border-radius: 7px;
+    background-color: rgb(255 255 255);
+    box-shadow: 0 0 20px rgb(0 0 0 / 20%);
+  }
 </style>`;

 const previewGrid = Setting.isMobile() ? 22 : 11;
@ -86,11 +94,11 @@ const sideTemplate = `<style>
  }
 </style>
 <div class="left-model">
-  <span class="side-logo"> <img src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png" alt="Casdoor" style="width: 120px"> 
+  <span class="side-logo"> <img src="${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png" alt="Casdoor" style="width: 120px"> 
    <span>SSO</span> 
  </span>
  <div class="img">
-    <img src="https://cdn.casbin.org/img/casbin.svg" alt="Casdoor"/>
+    <img src="${Setting.StaticBaseUrl}/img/casbin.svg" alt="Casdoor"/>
  </div>
 </div>
 `;
@ -410,6 +418,16 @@ class ApplicationEditPage extends React.Component {
            />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Forced redirect origin"), i18next.t("general:Forced redirect origin - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={this.state.application.forcedRedirectOrigin} onChange={e => {
+              this.updateApplicationField("forcedRedirectOrigin", e.target.value);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("application:Token format"), i18next.t("application:Token format - Tooltip"))} :
@ -436,6 +454,7 @@ class ApplicationEditPage extends React.Component {
          </Col>
          <Col span={22} >
            <Select virtual={false} disabled={this.state.application.tokenFormat !== "JWT-Custom"} mode="tags" showSearch style={{width: "100%"}} value={this.state.application.tokenFields} onChange={(value => {this.updateApplicationField("tokenFields", value);})}>
+              <Option key={"provider"} value={"provider"}>{"Provider"}</Option>)
              {
                Setting.getUserCommonFields().map((item, index) => <Option key={index} value={item}>{item}</Option>)
              }
@ -708,6 +727,7 @@ class ApplicationEditPage extends React.Component {
                  {id: "token", name: "Token"},
                  {id: "id_token", name: "ID Token"},
                  {id: "refresh_token", name: "Refresh Token"},
+                  {id: "urn:ietf:params:oauth:grant-type:device_code", name: "Device Code"},
                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
              }
            </Select>
--- a/web/src/EntryPage.js
+++ b/web/src/EntryPage.js
@ -119,6 +119,7 @@ class EntryPage extends React.Component {
            <Route exact path="/login/:owner" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
            <Route exact path="/signup/oauth/authorize" render={(props) => <SignupPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />} />
            <Route exact path="/login/oauth/authorize" render={(props) => <LoginPage {...this.props} application={this.state.application} type={"code"} mode={"signin"} onUpdateApplication={onUpdateApplication} {...props} />} />
+            <Route exact path="/login/oauth/device/:userCode" render={(props) => <LoginPage {...this.props} application={this.state.application} type={"device"} mode={"signin"} onUpdateApplication={onUpdateApplication} {...props} />} />
            <Route exact path="/login/saml/authorize/:owner/:applicationName" render={(props) => <LoginPage {...this.props} application={this.state.application} type={"saml"} mode={"signin"} onUpdateApplication={onUpdateApplication} {...props} />} />
            <Route exact path="/forget" render={(props) => <SelfForgetPage {...this.props} account={this.props.account} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />} />
            <Route exact path="/forget/:applicationName" render={(props) => <ForgetPage {...this.props} account={this.props.account} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />} />
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@ -170,6 +170,16 @@ class LdapEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Allow self-signed certificate"), i18next.t("ldap:Allow self-signed certificate - Tooltip"))} :
+          </Col>
+          <Col span={21} >
+            <Switch checked={this.state.ldap.allowSelfSignedCert} onChange={checked => {
+              this.updateLdapField("allowSelfSignedCert", checked);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}}>
          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
            {Setting.getLabel(i18next.t("ldap:Base DN"), i18next.t("ldap:Base DN - Tooltip"))} :
--- a/web/src/ManagementPage.js
+++ b/web/src/ManagementPage.js
@ -95,8 +95,9 @@ import TransactionEditPage from "./TransactionEditPage";
 import VerificationListPage from "./VerificationListPage";

 function ManagementPage(props) {
-
  const [menuVisible, setMenuVisible] = useState(false);
+  const navItems = props.account?.organization?.navItems;
+  const widgetItems = props.account?.organization?.widgetItems;

  function logout() {
    AuthBackend.logout()
@ -175,6 +176,35 @@ function ManagementPage(props) {
    );
  }

+  function navItemsIsAll() {
+    return !Array.isArray(navItems) || !!navItems?.includes("all");
+  }
+
+  function widgetItemsIsAll() {
+    return !Array.isArray(widgetItems) || !!widgetItems?.includes("all");
+  }
+
+  function renderWidgets() {
+    const widgets = [
+      Setting.getItem(<ThemeSelect themeAlgorithm={props.themeAlgorithm} onChange={props.setLogoAndThemeAlgorithm} />, "theme"),
+      Setting.getItem(<LanguageSelect languages={props.account.organization.languages} />, "language"),
+      Setting.getItem(Conf.AiAssistantUrl?.trim() && (
+        <Tooltip title="Click to open AI assistant">
+          <div className="select-box" onClick={props.openAiAssistant}>
+            <DeploymentUnitOutlined style={{fontSize: "24px"}} />
+          </div>
+        </Tooltip>
+      ), "ai-assistant"),
+      Setting.getItem(<OpenTour />, "tour"),
+    ];
+
+    if (widgetItemsIsAll()) {
+      return widgets.map(item => item.label);
+    }
+
+    return widgets.filter(item => widgetItems.includes(item.key)).map(item => item.label);
+  }
+
  function renderAccountMenu() {
    if (props.account === undefined) {
      return null;
@ -188,20 +218,7 @@ function ManagementPage(props) {
      return (
        <React.Fragment>
          {renderRightDropdown()}
-          <ThemeSelect
-            themeAlgorithm={props.themeAlgorithm}
-            onChange={props.setLogoAndThemeAlgorithm} />
-          <LanguageSelect languages={props.account.organization.languages} />
-          {
-            Conf.AiAssistantUrl?.trim() && (
-              <Tooltip title="Click to open AI assistant">
-                <div className="select-box" onClick={props.openAiAssistant}>
-                  <DeploymentUnitOutlined style={{fontSize: "24px"}} />
-                </div>
-              </Tooltip>
-            )
-          }
-          <OpenTour />
+          {renderWidgets()}
          {Setting.isAdminUser(props.account) && (props.uri.indexOf("/trees") === -1) &&
                        <OrganizationSelect
                          initValue={Setting.getOrganization()}
@ -323,13 +340,7 @@ function ManagementPage(props) {
      }
    }

-    const navItems = props.account.organization.navItems;
-
-    if (!Array.isArray(navItems)) {
-      return res;
-    }
-
-    if (navItems.includes("all")) {
+    if (navItemsIsAll()) {
      return res;
    }

--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@ -27,6 +27,7 @@ import AccountTable from "./table/AccountTable";
 import ThemeEditor from "./common/theme/ThemeEditor";
 import MfaTable from "./table/MfaTable";
 import {NavItemTree} from "./common/NavItemTree";
+import {WidgetItemTree} from "./common/WidgetItemTree";

 const {Option} = Select;

@ -275,7 +276,7 @@ class OrganizationEditPage extends React.Component {
          </Col>
          <Col span={22} >
            <Select virtual={false} style={{width: "100%"}} value={this.state.organization.passwordType} onChange={(value => {this.updateOrganizationField("passwordType", value);})}
-              options={["plain", "salt", "sha512-salt", "md5-salt", "bcrypt", "pbkdf2-salt", "argon2id"].map(item => Setting.getOption(item, item))}
+              options={["plain", "salt", "sha512-salt", "md5-salt", "bcrypt", "pbkdf2-salt", "argon2id", "pbkdf2-django"].map(item => Setting.getOption(item, item))}
            />
          </Col>
        </Row>
@ -537,7 +538,7 @@ class OrganizationEditPage extends React.Component {
        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Navbar items"), i18next.t("general:Navbar items - Tooltip"))} :
+            {Setting.getLabel(i18next.t("organization:Navbar items"), i18next.t("organization:Navbar items - Tooltip"))} :
          </Col>
          <Col span={22} >
            <NavItemTree
@ -550,6 +551,21 @@ class OrganizationEditPage extends React.Component {
            />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("organization:Widget items"), i18next.t("organization:Widget items - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <WidgetItemTree
+              disabled={!Setting.isAdminUser(this.props.account)}
+              checkedKeys={this.state.organization.widgetItems ?? ["all"]}
+              defaultExpandedKeys={["all"]}
+              onCheck={(checked, _) => {
+                this.updateOrganizationField("widgetItems", checked);
+              }}
+            />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("organization:Account items"), i18next.t("organization:Account items - Tooltip"))} :
--- a/web/src/PlanEditPage.js
+++ b/web/src/PlanEditPage.js
@ -232,6 +232,15 @@ class PlanEditPage extends React.Component {
                [
                  {id: "USD", name: "USD"},
                  {id: "CNY", name: "CNY"},
+                  {id: "EUR", name: "EUR"},
+                  {id: "JPY", name: "JPY"},
+                  {id: "GBP", name: "GBP"},
+                  {id: "AUD", name: "AUD"},
+                  {id: "CAD", name: "CAD"},
+                  {id: "CHF", name: "CHF"},
+                  {id: "HKD", name: "HKD"},
+                  {id: "SGD", name: "SGD"},
+                  {id: "BRL", name: "BRL"},
                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
              }
            </Select>
--- a/web/src/ProductBuyPage.js
+++ b/web/src/ProductBuyPage.js
@ -139,6 +139,8 @@ class ProductBuyPage extends React.Component {
      return "HK$";
    } else if (product?.currency === "SGD") {
      return "S$";
+    } else if (product?.currency === "BRL") {
+      return "R$";
    } else {
      return "(Unknown currency)";
    }
--- a/web/src/ProductEditPage.js
+++ b/web/src/ProductEditPage.js
@ -217,6 +217,7 @@ class ProductEditPage extends React.Component {
                  {id: "CHF", name: "CHF"},
                  {id: "HKD", name: "HKD"},
                  {id: "SGD", name: "SGD"},
+                  {id: "BRL", name: "BRL"},
                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
              }
            </Select>
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@ -29,6 +29,7 @@ import {CaptchaPreview} from "./common/CaptchaPreview";
 import {CountryCodeSelect} from "./common/select/CountryCodeSelect";
 import * as Web3Auth from "./auth/Web3Auth";
 import Editor from "./common/Editor";
+import HttpHeaderTable from "./table/HttpHeaderTable";

 const {Option} = Select;
 const {TextArea} = Input;
@ -41,6 +42,13 @@ const defaultUserMapping = {
  avatarUrl: "avatarUrl",
 };

+const defaultEmailMapping = {
+  fromName: "fromName",
+  toAddress: "toAddress",
+  subject: "subject",
+  content: "content",
+};
+
 class ProviderEditPage extends React.Component {
  constructor(props) {
    super(props);
@ -71,7 +79,16 @@ class ProviderEditPage extends React.Component {

        if (res.status === "ok") {
          const provider = res.data;
-          provider.userMapping = provider.userMapping || defaultUserMapping;
+          if (provider.type === "Custom HTTP Email") {
+            if (!provider.userMapping) {
+              provider.userMapping = provider.userMapping || defaultEmailMapping;
+            }
+            if (!provider.userMapping?.fromName) {
+              provider.userMapping = defaultEmailMapping;
+            }
+          } else {
+            provider.userMapping = provider.userMapping || defaultUserMapping;
+          }
          this.setState({
            provider: provider,
          });
@ -145,9 +162,16 @@ class ProviderEditPage extends React.Component {
    const requiredKeys = ["id", "username", "displayName"];
    const provider = this.state.provider;

-    if (value === "" && requiredKeys.includes(key)) {
-      Setting.showMessage("error", i18next.t("provider:This field is required"));
-      return;
+    if (provider.type === "Custom HTTP Email") {
+      if (value === "") {
+        Setting.showMessage("error", i18next.t("provider:This field is required"));
+        return;
+      }
+    } else {
+      if (value === "" && requiredKeys.includes(key)) {
+        Setting.showMessage("error", i18next.t("provider:This field is required"));
+        return;
+      }
    }

    provider.userMapping[key] = value;
@ -183,6 +207,30 @@ class ProviderEditPage extends React.Component {
      </React.Fragment>
    );
  }
+
+  renderEmailMappingInput() {
+    return (
+      <React.Fragment>
+        {Setting.getLabel(i18next.t("provider:From name"), i18next.t("provider:From name - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.fromName} onChange={e => {
+          this.updateUserMappingField("fromName", e.target.value);
+        }} />
+        {Setting.getLabel(i18next.t("provider:From address"), i18next.t("provider:From address - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.toAddress} onChange={e => {
+          this.updateUserMappingField("toAddress", e.target.value);
+        }} />
+        {Setting.getLabel(i18next.t("provider:Subject"), i18next.t("provider:Subject - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.subject} onChange={e => {
+          this.updateUserMappingField("subject", e.target.value);
+        }} />
+        {Setting.getLabel(i18next.t("provider:Email content"), i18next.t("provider:Email content - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.content} onChange={e => {
+          this.updateUserMappingField("content", e.target.value);
+        }} />
+      </React.Fragment>
+    );
+  }
+
  getClientIdLabel(provider) {
    switch (provider.category) {
    case "OAuth":
@ -644,23 +692,35 @@ class ProviderEditPage extends React.Component {
              </Row>
              {
                this.state.provider.type !== "WeCom" ? null : (
-                  <Row style={{marginTop: "20px"}} >
-                    <Col style={{marginTop: "5px"}} span={2}>
-                      {Setting.getLabel(i18next.t("general:Method"), i18next.t("provider:Method - Tooltip"))} :
-                    </Col>
-                    <Col span={22} >
-                      <Select virtual={false} style={{width: "100%"}} value={this.state.provider.method} onChange={value => {
-                        this.updateProviderField("method", value);
-                      }}>
-                        {
-                          [
-                            {id: "Normal", name: i18next.t("provider:Normal")},
-                            {id: "Silent", name: i18next.t("provider:Silent")},
-                          ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
-                        }
-                      </Select>
-                    </Col>
-                  </Row>)
+                  <React.Fragment>
+                    <Row style={{marginTop: "20px"}} >
+                      <Col style={{marginTop: "5px"}} span={2}>
+                        {Setting.getLabel(i18next.t("general:Method"), i18next.t("provider:Method - Tooltip"))} :
+                      </Col>
+                      <Col span={22} >
+                        <Select virtual={false} style={{width: "100%"}} value={this.state.provider.method} onChange={value => {
+                          this.updateProviderField("method", value);
+                        }}>
+                          {
+                            [
+                              {id: "Normal", name: i18next.t("provider:Normal")},
+                              {id: "Silent", name: i18next.t("provider:Silent")},
+                            ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+                          }
+                        </Select>
+                      </Col>
+                    </Row>
+                    <Row style={{marginTop: "20px"}} >
+                      <Col style={{marginTop: "5px"}} span={2}>
+                        {Setting.getLabel(i18next.t("provider:Use id as name"), i18next.t("provider:Use id as name - Tooltip"))} :
+                      </Col>
+                      <Col span={22} >
+                        <Switch checked={this.state.provider.disableSsl} onChange={checked => {
+                          this.updateProviderField("disableSsl", checked);
+                        }} />
+                      </Col>
+                    </Row>
+                  </React.Fragment>)
              }
            </React.Fragment>
          )
@ -771,6 +831,7 @@ class ProviderEditPage extends React.Component {
          (this.state.provider.category === "Web3") ||
          (this.state.provider.category === "Storage" && this.state.provider.type === "Local File System") ||
          (this.state.provider.category === "SMS" && this.state.provider.type === "Custom HTTP SMS") ||
+          (this.state.provider.category === "Email" && this.state.provider.type === "Custom HTTP Email") ||
          (this.state.provider.category === "Notification" && (this.state.provider.type === "Google Chat" || this.state.provider.type === "Custom HTTP") || this.state.provider.type === "Balance") ? null : (
              <React.Fragment>
                {
@ -889,7 +950,7 @@ class ProviderEditPage extends React.Component {
          )
        }
        {
-          this.state.provider.type !== "ADFS" && this.state.provider.type !== "AzureAD" && this.state.provider.type !== "AzureADB2C" && (this.state.provider.type !== "Casdoor" && this.state.category !== "Storage") && this.state.provider.type !== "Okta" ? null : (
+          this.state.provider.type !== "ADFS" && this.state.provider.type !== "AzureAD" && this.state.provider.type !== "AzureADB2C" && (this.state.provider.type !== "Casdoor" && this.state.category !== "Storage") && this.state.provider.type !== "Okta" && this.state.provider.type !== "Nextcloud" ? null : (
            <Row style={{marginTop: "20px"}} >
              <Col style={{marginTop: "5px"}} span={2}>
                {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@ -916,7 +977,7 @@ class ProviderEditPage extends React.Component {
                </Col>
              </Row>
            )}
-            {["Custom HTTP SMS", "SendGrid", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology", "Casdoor", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Custom HTTP Email", "SendGrid", "Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology", "Casdoor", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
                  {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
@ -928,7 +989,7 @@ class ProviderEditPage extends React.Component {
                </Col>
              </Row>
            )}
-            {["Custom HTTP SMS", "SendGrid", "Local File System", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Custom HTTP Email", "SendGrid", "Local File System", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
                  {["Casdoor"].includes(this.state.provider.type) ?
@ -942,7 +1003,7 @@ class ProviderEditPage extends React.Component {
                </Col>
              </Row>
            )}
-            {["Custom HTTP SMS", "SendGrid", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Custom HTTP Email", "SendGrid", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
                  {Setting.getLabel(i18next.t("provider:Path prefix"), i18next.t("provider:Path prefix - Tooltip"))} :
@ -954,7 +1015,7 @@ class ProviderEditPage extends React.Component {
                </Col>
              </Row>
            )}
-            {["Custom HTTP SMS", "SendGrid", "Synology", "Casdoor", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
+            {["Custom HTTP SMS", "Custom HTTP Email", "SendGrid", "Synology", "Casdoor", "CUCloud", "Alibaba Cloud Facebody"].includes(this.state.provider.type) ? null : (
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
                  {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@ -1095,6 +1156,66 @@ class ProviderEditPage extends React.Component {
                  </Col>
                </Row>
              )}
+              {
+                !["Custom HTTP Email"].includes(this.state.provider.type) ? null : (
+                  <React.Fragment>
+                    <Row style={{marginTop: "20px"}} >
+                      <Col style={{marginTop: "5px"}} span={2}>
+                        {Setting.getLabel(i18next.t("general:Method"), i18next.t("provider:Method - Tooltip"))} :
+                      </Col>
+                      <Col span={22} >
+                        <Select virtual={false} style={{width: "100%"}} value={this.state.provider.method} onChange={value => {
+                          this.updateProviderField("method", value);
+                        }}>
+                          {
+                            [
+                              {id: "GET", name: "GET"},
+                              {id: "POST", name: "POST"},
+                              {id: "PUT", name: "PUT"},
+                              {id: "DELETE", name: "DELETE"},
+                            ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+                          }
+                        </Select>
+                      </Col>
+                    </Row>
+                    {
+                      this.state.provider.method !== "GET" ? (<Row style={{marginTop: "20px"}} >
+                        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                          {Setting.getLabel(i18next.t("webhook:Content type"), i18next.t("webhook:Content type - Tooltip"))} :
+                        </Col>
+                        <Col span={22} >
+                          <Select virtual={false} style={{width: "100%"}} value={this.state.provider.issuerUrl === "" ? "application/x-www-form-urlencoded" : this.state.provider.issuerUrl} onChange={value => {
+                            this.updateProviderField("issuerUrl", value);
+                          }}>
+                            {
+                              [
+                                {id: "application/json", name: "application/json"},
+                                {id: "application/x-www-form-urlencoded", name: "application/x-www-form-urlencoded"},
+                              ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+                            }
+                          </Select>
+                        </Col>
+                      </Row>) : null
+                    }
+                    <Row style={{marginTop: "20px"}} >
+                      <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                        {Setting.getLabel(i18next.t("provider:HTTP header"), i18next.t("provider:HTTP header - Tooltip"))} :
+                      </Col>
+                      <Col span={22} >
+                        <HttpHeaderTable httpHeaders={this.state.provider.httpHeaders} onUpdateTable={(value) => {this.updateProviderField("httpHeaders", value);}} />
+                      </Col>
+                    </Row>
+                    {this.state.provider.method !== "GET" ? <Row style={{marginTop: "20px"}}>
+                      <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                        {Setting.getLabel(i18next.t("provider:HTTP body mapping"), i18next.t("provider:HTTP body mapping - Tooltip"))} :
+                      </Col>
+                      <Col span={22}>
+                        {this.renderEmailMappingInput()}
+                      </Col>
+                    </Row> : null}
+                  </React.Fragment>
+                )
+              }
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                  {Setting.getLabel(i18next.t("provider:Email title"), i18next.t("provider:Email title - Tooltip"))} :
@ -1163,7 +1284,7 @@ class ProviderEditPage extends React.Component {
                </Button>
              </Row>
            </React.Fragment>
-          ) : this.state.provider.category === "SMS" ? (
+          ) : ["SMS"].includes(this.state.provider.category) ? (
            <React.Fragment>
              {["Custom HTTP SMS", "Twilio SMS", "Amazon SNS", "Azure ACS", "Msg91 SMS", "Infobip SMS"].includes(this.state.provider.type) ?
                null :
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@ -1532,7 +1532,7 @@ export function getUserCommonFields() {
 }

 export function getDefaultFooterContent() {
-  return "Powered by <a target=\"_blank\" href=\"https://casdoor.org\" rel=\"noreferrer\"><img style=\"padding-bottom: 3px\" height=\"20\" alt=\"Casdoor\" src=\"https://cdn.casbin.org/img/casdoor-logo_1185x256.png\"/></a>";
+  return `Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style="padding-bottom: 3px" height="20" alt="Casdoor" src="${StaticBaseUrl}/img/casdoor-logo_1185x256.png"/></a>`;
 }

 export function getEmptyFooterContent() {
@ -1564,7 +1564,7 @@ export function getDefaultHtmlEmailContent() {
 <div class="email-container">
  <div class="header">
        <h3>Casbin Organization</h3>
-        <img src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png" alt="Casdoor Logo" width="300">
+        <img src="${StaticBaseUrl}/img/casdoor-logo_1185x256.png" alt="Casdoor Logo" width="300">
    </div>
    <p><strong>%{user.friendlyName}</strong>, here is your verification code</p>
    <p>Use this code for your transaction. It's valid for 5 minutes</p>
@ -1603,6 +1603,8 @@ export function getCurrencyText(product) {
    return i18next.t("currency:HKD");
  } else if (product?.currency === "SGD") {
    return i18next.t("currency:SGD");
+  } else if (product?.currency === "BRL") {
+    return i18next.t("currency:BRL");
  } else {
    return "(Unknown currency)";
  }
@ -1614,7 +1616,7 @@ export function isDarkTheme(themeAlgorithm) {

 function getPreferredMfaProp(mfaProps) {
  for (const i in mfaProps) {
-    if (mfaProps[i].isPreffered) {
+    if (mfaProps[i].isPreferred) {
      return mfaProps[i];
    }
  }
--- a/web/src/SystemInfo.js
+++ b/web/src/SystemInfo.js
@ -37,17 +37,35 @@ class SystemInfo extends React.Component {
  UNSAFE_componentWillMount() {
    SystemBackend.getSystemInfo("").then(res => {
      this.setState({
-        systemInfo: res.data,
        loading: false,
      });

+      if (res.status === "ok") {
+        this.setState({
+          systemInfo: res.data,
+        });
+      } else {
+        Setting.showMessage("error", res.msg);
+        this.stopTimer();
+      }
+
      const id = setInterval(() => {
        SystemBackend.getSystemInfo("").then(res => {
          this.setState({
-            systemInfo: res.data,
+            loading: false,
          });
+
+          if (res.status === "ok") {
+            this.setState({
+              systemInfo: res.data,
+            });
+          } else {
+            Setting.showMessage("error", res.msg);
+            this.stopTimer();
+          }
        }).catch(error => {
          Setting.showMessage("error", `System info failed to get: ${error}`);
+          this.stopTimer();
        });
        SystemBackend.getPrometheusInfo().then(res => {
          this.setState({
@ -55,17 +73,25 @@ class SystemInfo extends React.Component {
          });
        });
      }, 1000 * 2);
+
      this.setState({intervalId: id});
    }).catch(error => {
      Setting.showMessage("error", `System info failed to get: ${error}`);
+      this.stopTimer();
    });

    SystemBackend.getVersionInfo().then(res => {
-      this.setState({
-        versionInfo: res.data,
-      });
+      if (res.status === "ok") {
+        this.setState({
+          versionInfo: res.data,
+        });
+      } else {
+        Setting.showMessage("error", res.msg);
+        this.stopTimer();
+      }
    }).catch(err => {
      Setting.showMessage("error", `Version info failed to get: ${err}`);
+      this.stopTimer();
    });
  }

@ -77,10 +103,14 @@ class SystemInfo extends React.Component {
    this.setState({isTourVisible: TourConfig.getTourVisible()});
  };

-  componentWillUnmount() {
+  stopTimer() {
    if (this.state.intervalId !== null) {
      clearInterval(this.state.intervalId);
    }
+  }
+
+  componentWillUnmount() {
+    this.stopTimer();
    window.removeEventListener("storageTourChanged", this.handleTourChange);
  }

@ -125,9 +155,9 @@ class SystemInfo extends React.Component {
        <br /> <br />
        <Progress type="circle" percent={Number((Number(this.state.systemInfo.memoryUsed) / Number(this.state.systemInfo.memoryTotal) * 100).toFixed(2))} />
      </div>;
-    const latencyUi = this.state.prometheusInfo.apiLatency === null || this.state.prometheusInfo.apiLatency?.length <= 0 ? <Spin size="large" /> :
+    const latencyUi = this.state.prometheusInfo?.apiLatency === null || this.state.prometheusInfo?.apiLatency?.length <= 0 ? <Spin size="large" /> :
      <PrometheusInfoTable prometheusInfo={this.state.prometheusInfo} table={"latency"} />;
-    const throughputUi = this.state.prometheusInfo.apiThroughput === null || this.state.prometheusInfo.apiThroughput?.length <= 0 ? <Spin size="large" /> :
+    const throughputUi = this.state.prometheusInfo?.apiThroughput === null || this.state.prometheusInfo?.apiThroughput?.length <= 0 ? <Spin size="large" /> :
      <PrometheusInfoTable prometheusInfo={this.state.prometheusInfo} table={"throughput"} />;
    const link = this.state.versionInfo?.version !== "" ? `https://github.com/casdoor/casdoor/releases/tag/${this.state.versionInfo?.version}` : "";
    let versionText = this.state.versionInfo?.version !== "" ? this.state.versionInfo?.version : i18next.t("system:Unknown version");
--- a/web/src/TourConfig.js
+++ b/web/src/TourConfig.js
@ -1,4 +1,5 @@
 import React from "react";
+import * as Setting from "./Setting";

 export const TourObj = {
  home: [
@ -8,7 +9,7 @@ export const TourObj = {
      cover: (
        <img
          alt="casdoor.png"
-          src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png"
+          src={`${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`}
        />
      ),
    },
--- a/web/src/WebhookEditPage.js
+++ b/web/src/WebhookEditPage.js
@ -144,6 +144,9 @@ class WebhookEditPage extends React.Component {
    if (["port"].includes(key)) {
      value = Setting.myParseInt(value);
    }
+    if (key === "objectFields") {
+      value = value.includes("All") ? ["All"] : value;
+    }
    return value;
  }

@ -294,6 +297,19 @@ class WebhookEditPage extends React.Component {
            </Select>
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("webhook:Object fields"), i18next.t("webhook:Object fields - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" showSearch style={{width: "100%"}} value={this.state.webhook.objectFields} onChange={(value => {this.updateWebhookField("objectFields", value);})}>
+              <Option key="All" value="All">{i18next.t("general:All")}</Option>
+              {
+                ["owner", "name", "createdTime", "updatedTime", "deletedTime", "id", "displayName"].map((item, index) => <Option key={index} value={item}>{item}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
            {Setting.getLabel(i18next.t("webhook:Is user extended"), i18next.t("webhook:Is user extended - Tooltip"))} :
--- a/web/src/auth/AuthBackend.js
+++ b/web/src/auth/AuthBackend.js
@ -37,7 +37,7 @@ export function signup(values) {
 }

 export function getEmailAndPhone(organization, username) {
-  return fetch(`${authConfig.serverUrl}/api/get-email-and-phone?organization=${organization}&username=${username}`, {
+  return fetch(`${authConfig.serverUrl}/api/get-email-and-phone?organization=${organization}&username=${encodeURIComponent(username)}`, {
    method: "GET",
    credentials: "include",
    headers: {
@ -61,7 +61,14 @@ export function oAuthParamsToQuery(oAuthParams) {
 }

 export function getApplicationLogin(params) {
-  const queryParams = (params?.type === "cas") ? casLoginParamsToQuery(params) : oAuthParamsToQuery(params);
+  let queryParams = "";
+  if (params?.type === "cas") {
+    queryParams = casLoginParamsToQuery(params);
+  } else if (params?.type === "device") {
+    queryParams = `?userCode=${params.userCode}&type=device`;
+  } else {
+    queryParams = oAuthParamsToQuery(params);
+  }
  return fetch(`${authConfig.serverUrl}/api/get-app-login${queryParams}`, {
    method: "GET",
    credentials: "include",
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@ -193,7 +193,11 @@ class AuthCallback extends React.Component {
              const token = res.data;
              Setting.goToLink(`${oAuthParams.redirectUri}${concatChar}${responseType}=${token}&state=${oAuthParams.state}&token_type=bearer`);
            } else if (responseType === "link") {
-              const from = innerParams.get("from");
+              let from = innerParams.get("from");
+              const oauth = innerParams.get("oauth");
+              if (oauth) {
+                from += `?oauth=${oauth}`;
+              }
              Setting.goToLinkSoftOrJumpSelf(this, from);
            } else if (responseType === "saml") {
              if (res.data2.method === "POST") {
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@ -471,6 +471,8 @@ class ForgetPage extends React.Component {
      <React.Fragment>
        <CustomGithubCorner />
        <div className="forget-content" style={{padding: Setting.isMobile() ? "0" : null, boxShadow: Setting.isMobile() ? "none" : null}}>
+          {Setting.inIframe() || Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
+          {Setting.inIframe() || !Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCssMobile}} />}
          <Button type="text"
            style={{position: "relative", left: Setting.isMobile() ? "10px" : "-90px", top: 0}}
            icon={<ArrowLeftOutlined style={{fontSize: "24px"}} />}
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -37,6 +37,7 @@ import RedirectForm from "../common/RedirectForm";
 import {RequiredMfa} from "./mfa/MfaAuthVerifyForm";
 import {GoogleOneTapLoginVirtualButton} from "./GoogleLoginButton";
 import * as ProviderButton from "./ProviderButton";
+import {goToLink} from "../Setting";
 const FaceRecognitionCommonModal = lazy(() => import("../common/modal/FaceRecognitionCommonModal"));
 const FaceRecognitionModal = lazy(() => import("../common/modal/FaceRecognitionModal"));

@ -63,6 +64,9 @@ class LoginPage extends React.Component {
      termsOfUseContent: "",
      orgChoiceMode: new URLSearchParams(props.location?.search).get("orgChoiceMode") ?? null,
      userLang: null,
+      loginLoading: false,
+      userCode: props.userCode ?? (props.match?.params?.userCode ?? null),
+      userCodeStatus: "",
    };

    if (this.state.type === "cas" && props.match?.params.casApplicationName !== undefined) {
@ -79,7 +83,7 @@ class LoginPage extends React.Component {
    if (this.getApplicationObj() === undefined) {
      if (this.state.type === "login" || this.state.type === "saml") {
        this.getApplication();
-      } else if (this.state.type === "code" || this.state.type === "cas") {
+      } else if (this.state.type === "code" || this.state.type === "cas" || this.state.type === "device") {
        this.getApplicationLogin();
      } else {
        Setting.showMessage("error", `Unknown authentication type: ${this.state.type}`);
@ -153,13 +157,25 @@ class LoginPage extends React.Component {
  }

  getApplicationLogin() {
-    const loginParams = (this.state.type === "cas") ? Util.getCasLoginParameters("admin", this.state.applicationName) : Util.getOAuthGetParameters();
+    let loginParams;
+    if (this.state.type === "cas") {
+      loginParams = Util.getCasLoginParameters("admin", this.state.applicationName);
+    } else if (this.state.type === "device") {
+      loginParams = {userCode: this.state.userCode, type: this.state.type};
+    } else {
+      loginParams = Util.getOAuthGetParameters();
+    }
    AuthBackend.getApplicationLogin(loginParams)
      .then((res) => {
        if (res.status === "ok") {
          const application = res.data;
          this.onUpdateApplication(application);
        } else {
+          if (this.state.type === "device") {
+            this.setState({
+              userCodeStatus: "expired",
+            });
+          }
          this.onUpdateApplication(null);
          this.setState({
            msg: res.msg,
@ -264,6 +280,9 @@ class LoginPage extends React.Component {

  onUpdateApplication(application) {
    this.props.onUpdateApplication(application);
+    if (application === null) {
+      return;
+    }
    for (const idx in application.providers) {
      const provider = application.providers[idx];
      if (provider.provider?.category === "Face ID") {
@ -294,6 +313,9 @@ class LoginPage extends React.Component {
    const oAuthParams = Util.getOAuthGetParameters();

    values["type"] = oAuthParams?.responseType ?? this.state.type;
+    if (this.state.userCode) {
+      values["userCode"] = this.state.userCode;
+    }

    if (oAuthParams?.samlRequest) {
      values["samlRequest"] = oAuthParams.samlRequest;
@ -364,6 +386,7 @@ class LoginPage extends React.Component {
  }

  onFinish(values) {
+    this.setState({loginLoading: true});
    if (this.state.loginMethod === "webAuthn") {
      let username = this.state.username;
      if (username === null || username === "") {
@ -388,6 +411,9 @@ class LoginPage extends React.Component {
      }).then(res => res.json())
        .then((res) => {
          if (res.status === "error") {
+            this.setState({
+              loginLoading: false,
+            });
            Setting.showMessage("error", res.msg);
            return;
          }
@ -452,6 +478,8 @@ class LoginPage extends React.Component {
        } else {
          Setting.showMessage("error", `${i18next.t("application:Failed to sign in")}: ${res.msg}`);
        }
+      }).finally(() => {
+        this.setState({loginLoading: false});
      });
    } else {
      // OAuth
@ -471,6 +499,11 @@ class LoginPage extends React.Component {
              this.props.onLoginSuccess();
            } else if (responseType === "code") {
              this.postCodeLoginAction(res);
+            } else if (responseType === "device") {
+              Setting.showMessage("success", "Successful login");
+              this.setState({
+                userCodeStatus: "success",
+              });
            } else if (responseType === "token" || responseType === "id_token") {
              if (res.data2) {
                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
@ -507,6 +540,8 @@ class LoginPage extends React.Component {
          } else {
            Setting.showMessage("error", `${i18next.t("application:Failed to sign in")}: ${res.msg}`);
          }
+        }).finally(() => {
+          this.setState({loginLoading: false});
        });
    }
  }
@ -588,6 +623,9 @@ class LoginPage extends React.Component {
      )
      ;
    } else if (signinItem.name === "Username") {
+      if (this.state.loginMethod === "webAuthn") {
+        return null;
+      }
      return (
        <div key={resultItemKey}>
          <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
@ -694,6 +732,7 @@ class LoginPage extends React.Component {
        <Form.Item key={resultItemKey} className="login-button-box">
          <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
          <Button
+            loading={this.state.loginLoading}
            type="primary"
            htmlType="submit"
            className="login-button"
@ -711,7 +750,7 @@ class LoginPage extends React.Component {
                values["FaceIdImage"] = FaceIdImage;
                this.login(values);
                this.setState({openFaceRecognitionModal: false});
-              }} onCancel={() => this.setState({openFaceRecognitionModal: false})} /></Suspense> :
+              }} onCancel={() => this.setState({openFaceRecognitionModal: false, loginLoading: false})} /></Suspense> :
                <Suspense fallback={null}>
                  <FaceRecognitionModal
                    visible={this.state.openFaceRecognitionModal}
@ -722,7 +761,7 @@ class LoginPage extends React.Component {
                      this.login(values);
                      this.setState({openFaceRecognitionModal: false});
                    }}
-                    onCancel={() => this.setState({openFaceRecognitionModal: false})}
+                    onCancel={() => this.setState({openFaceRecognitionModal: false, loginLoading: false})}
                  />
                </Suspense>
              :
@ -739,6 +778,8 @@ class LoginPage extends React.Component {
      if (signinItem.rule === "None" || signinItem.rule === "") {
        signinItem.rule = showForm ? "small" : "big";
      }
+      const searchParams = new URLSearchParams(window.location.search);
+      const providerHint = searchParams.get("provider_hint");

      return (
        <div key={resultItemKey}>
@ -746,6 +787,10 @@ class LoginPage extends React.Component {
          <Form.Item>
            {
              application.providers.filter(providerItem => this.isProviderVisible(providerItem)).map((providerItem, id) => {
+                if (providerHint === providerItem.provider.name) {
+                  goToLink(Provider.getAuthUrl(application, providerItem.provider, "signup"));
+                  return;
+                }
                return (
                  <span key={id} onClick={(e) => {
                    const agreementChecked = this.form.current.getFieldValue("agreement");
@ -806,6 +851,16 @@ class LoginPage extends React.Component {
      );
    }

+    if (this.state.userCode && this.state.userCodeStatus === "success") {
+      return (
+        <Result
+          status="success"
+          title={i18next.t("application:Logged in successfully")}
+        >
+        </Result>
+      );
+    }
+
    const showForm = Setting.isPasswordEnabled(application) || Setting.isCodeSigninEnabled(application) || Setting.isWebAuthnEnabled(application) || Setting.isLdapEnabled(application) || Setting.isFaceIdEnabled(application);
    if (showForm) {
      let loginWidth = 320;
@ -923,7 +978,7 @@ class LoginPage extends React.Component {
        this.login(values);
        this.setState({openCaptchaModal: false});
      }}
-      onCancel={() => this.setState({openCaptchaModal: false})}
+      onCancel={() => this.setState({openCaptchaModal: false, loginLoading: false})}
      isCurrentProvider={true}
    />;
  }
@ -966,6 +1021,10 @@ class LoginPage extends React.Component {
      return null;
    }

+    if (this.state.userCode && this.state.userCodeStatus === "success") {
+      return null;
+    }
+
    return (
      <div>
        <div style={{fontSize: 16, textAlign: "left"}}>
@ -990,7 +1049,7 @@ class LoginPage extends React.Component {
    const oAuthParams = Util.getOAuthGetParameters();
    this.populateOauthValues(values);
    const application = this.getApplicationObj();
-    return fetch(`${Setting.ServerUrl}/api/webauthn/signin/begin?owner=${application.organization}&name=${username}`, {
+    return fetch(`${Setting.ServerUrl}/api/webauthn/signin/begin?owner=${application.organization}`, {
      method: "GET",
      credentials: "include",
    })
@ -1000,11 +1059,7 @@ class LoginPage extends React.Component {
          Setting.showMessage("error", credentialRequestOptions.msg);
          throw credentialRequestOptions.status.msg;
        }
-
        credentialRequestOptions.publicKey.challenge = UserWebauthnBackend.webAuthnBufferDecode(credentialRequestOptions.publicKey.challenge);
-        credentialRequestOptions.publicKey.allowCredentials.forEach(function(listItem) {
-          listItem.id = UserWebauthnBackend.webAuthnBufferDecode(listItem.id);
-        });

        return navigator.credentials.get({
          publicKey: credentialRequestOptions.publicKey,
@ -1054,6 +1109,12 @@ class LoginPage extends React.Component {
          .catch(error => {
            Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}${error}`);
          });
+      }).catch(error => {
+        Setting.showMessage("error", `${error}`);
+      }).finally(() => {
+        this.setState({
+          loginLoading: false,
+        });
      });
  }

@ -1246,6 +1307,15 @@ class LoginPage extends React.Component {
  }

  render() {
+    if (this.state.userCodeStatus === "expired") {
+      return <Result
+        style={{width: "100%"}}
+        status="error"
+        title={`Code ${i18next.t("subscription:Expired")}`}
+      >
+      </Result>;
+    }
+
    const application = this.getApplicationObj();
    if (application === undefined) {
      return null;
--- a/web/src/auth/PromptPage.js
+++ b/web/src/auth/PromptPage.js
@ -194,8 +194,10 @@ class PromptPage extends React.Component {
    const redirectUri = params.get("redirectUri");
    const code = params.get("code");
    const state = params.get("state");
+    const oauth = params.get("oauth");
    if (redirectUri === null || code === null || state === null) {
-      return "";
+      const signInUrl = sessionStorage.getItem("signinUrl");
+      return oauth === "true" ? signInUrl : "";
    }
    return `${redirectUri}?code=${code}&state=${state}`;
  }
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@ -387,7 +387,8 @@ export function getAuthUrl(application, provider, method, code) {
  }

  let endpoint = authInfo[provider.type].endpoint;
-  let redirectUri = `${window.location.origin}/callback`;
+  const redirectOrigin = application.forcedRedirectOrigin ? application.forcedRedirectOrigin : window.location.origin;
+  let redirectUri = `${redirectOrigin}/callback`;
  let scope = authInfo[provider.type].scope;
  const isShortState = (provider.type === "WeChat" && navigator.userAgent.includes("MicroMessenger")) || (provider.type === "Twitter");
  const state = Util.getStateFromQueryParams(application.name, provider.name, method, isShortState);
@ -398,9 +399,13 @@ export function getAuthUrl(application, provider, method, code) {
      endpoint = endpoint.replace("common", provider.domain);
    }
  } else if (provider.type === "Apple") {
-    redirectUri = `${window.location.origin}/api/callback`;
+    redirectUri = `${redirectOrigin}/api/callback`;
  } else if (provider.type === "Google" && provider.disableSsl) {
    scope += "+https://www.googleapis.com/auth/user.phonenumbers.read";
+  } else if (provider.type === "Nextcloud") {
+    if (provider.domain) {
+      endpoint = `${provider.domain}/apps/oauth2/authorize`;
+    }
  }

  if (provider.type === "Google" || provider.type === "GitHub" || provider.type === "Facebook"
@ -426,7 +431,7 @@ export function getAuthUrl(application, provider, method, code) {
      return `${authInfo[provider.type].mpEndpoint}?appid=${provider.clientId2}&redirect_uri=${redirectUri}&state=${state}&scope=${authInfo[provider.type].mpScope}&response_type=code#wechat_redirect`;
    } else {
      if (provider.clientId2 && provider?.disableSsl && provider?.signName === "media") {
-        return `${window.location.origin}/callback?state=${state}&code=${"wechat_oa:" + code}`;
+        return `${redirectOrigin}/callback?state=${state}&code=${"wechat_oa:" + code}`;
      }
      return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}#wechat_redirect`;
    }
@ -469,7 +474,7 @@ export function getAuthUrl(application, provider, method, code) {
  } else if (provider.type === "Apple") {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code%20id_token&scope=${scope}&response_mode=form_post`;
  } else if (provider.type === "Steam") {
-    return `${endpoint}?openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.realm=${window.location.origin}&openid.return_to=${redirectUri}?state=${state}`;
+    return `${endpoint}?openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.realm=${redirectOrigin}&openid.return_to=${redirectUri}?state=${state}`;
  } else if (provider.type === "Okta") {
    return `${provider.domain}/v1/authorize?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}`;
  } else if (provider.type === "Douyin" || provider.type === "TikTok") {
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@ -195,8 +195,9 @@ class SignupPage extends React.Component {
    if (authConfig.appName === application.name) {
      return "/result";
    } else {
+      const oAuthParams = Util.getOAuthGetParameters();
      if (Setting.hasPromptPage(application)) {
-        return `/prompt/${application.name}`;
+        return `/prompt/${application.name}?oauth=${oAuthParams !== null}`;
      } else {
        return `/result/${application.name}`;
      }
--- a/web/src/basic/GridCards.js
+++ b/web/src/basic/GridCards.js
@ -35,8 +35,8 @@ const GridCards = (props) => {
        {items.map(item => <SingleCard key={item.link} logo={item.logo} link={item.link} title={item.name} desc={item.description} isSingle={items.length === 1} />)}
      </Card>
    ) : (
-      <div style={{margin: "0 15px"}}>
-        <Row>
+      <div style={{width: "100%", padding: "0 100px"}}>
+        <Row style={{justifyContent: "center"}}>
          {items.map(item => <SingleCard logo={item.logo} link={item.link} title={item.name} desc={item.description} time={item.createdTime} isSingle={items.length === 1} key={item.name} />)}
        </Row>
      </div>
--- a/web/src/common/NavItemTree.js
+++ b/web/src/common/NavItemTree.js
@ -2,7 +2,7 @@ import i18next from "i18next";
 import {Tree} from "antd";
 import React from "react";

-export const NavItemTree = ({disable, checkedKeys, defaultExpandedKeys, onCheck}) => {
+export const NavItemTree = ({disabled, checkedKeys, defaultExpandedKeys, onCheck}) => {
  const NavItemNodes = [
    {
      title: i18next.t("organization:All"),
@ -86,7 +86,7 @@ export const NavItemTree = ({disable, checkedKeys, defaultExpandedKeys, onCheck}

  return (
    <Tree
-      disabled={disable}
+      disabled={disabled}
      checkable
      checkedKeys={checkedKeys}
      defaultExpandedKeys={defaultExpandedKeys}
--- a/web/src/common/TestEmailWidget.js
+++ b/web/src/common/TestEmailWidget.js
@ -51,6 +51,8 @@ function testEmailProvider(provider, email = "") {
    receivers: email === "" ? ["TestSmtpServer"] : [email],
    provider: provider.name,
    providerObject: provider,
+    owner: provider.owner,
+    name: provider.name,
  };

  return fetch(`${Setting.ServerUrl}/api/send-email`, {
--- a/web/src/common/TestNotificationWidget.js
+++ b/web/src/common/TestNotificationWidget.js
@ -16,7 +16,7 @@ import * as Setting from "../Setting";
 import i18next from "i18next";

 export function sendTestNotification(provider) {
-  testNotificationProvider(provider.content, provider.name)
+  testNotificationProvider(provider)
    .then((res) => {
      if (res.status === "ok") {
        Setting.showMessage("success", i18next.t("general:Successfully sent"));
@ -29,12 +29,14 @@ export function sendTestNotification(provider) {
    });
 }

-function testNotificationProvider(content, name) {
+function testNotificationProvider(provider) {
  const notificationForm = {
-    content: content,
+    content: provider.content,
+    owner: provider.owner,
+    name: provider.name,
  };

-  return fetch(`${Setting.ServerUrl}/api/send-notification?provider=${name}`, {
+  return fetch(`${Setting.ServerUrl}/api/send-notification?provider=${provider.name}`, {
    method: "POST",
    credentials: "include",
    body: JSON.stringify(notificationForm),
--- a/web/src/common/TestSmsWidget.js
+++ b/web/src/common/TestSmsWidget.js
@ -33,6 +33,8 @@ function testSmsProvider(provider, phone = "") {
  const SmsForm = {
    content: "123456",
    receivers: [phone],
+    owner: provider.owner,
+    name: provider.name,
  };

  return fetch(`${Setting.ServerUrl}/api/send-sms?provider=` + provider.name, {
--- a/web/src/common/WidgetItemTree.js
+++ b/web/src/common/WidgetItemTree.js
@ -0,0 +1,29 @@
+import i18next from "i18next";
+import {Tree} from "antd";
+import React from "react";
+
+export const WidgetItemTree = ({disabled, checkedKeys, defaultExpandedKeys, onCheck}) => {
+  const WidgetItemNodes = [
+    {
+      title: i18next.t("organization:All"),
+      key: "all",
+      children: [
+        {title: i18next.t("general:Tour"), key: "tour"},
+        {title: i18next.t("general:AI Assistant"), key: "ai-assistant"},
+        {title: i18next.t("user:Language"), key: "language"},
+        {title: i18next.t("theme:Theme"), key: "theme"},
+      ],
+    },
+  ];
+
+  return (
+    <Tree
+      disabled={disabled}
+      checkable
+      checkedKeys={checkedKeys}
+      defaultExpandedKeys={defaultExpandedKeys}
+      onCheck={onCheck}
+      treeData={WidgetItemNodes}
+    />
+  );
+};
--- a/web/src/common/modal/FaceRecognitionModal.js
+++ b/web/src/common/modal/FaceRecognitionModal.js
@ -17,6 +17,7 @@ import React, {useState} from "react";
 import {Button, Modal, Progress, Space, Spin, message} from "antd";
 import i18next from "i18next";
 import Dragger from "antd/es/upload/Dragger";
+import * as Setting from "../../Setting";

 const FaceRecognitionModal = (props) => {
  const {visible, onOk, onCancel, withImage} = props;
@ -35,10 +36,8 @@ const FaceRecognitionModal = (props) => {

  React.useEffect(() => {
    const loadModels = async() => {
-      // const MODEL_URL = process.env.PUBLIC_URL + "/models";
      // const MODEL_URL = "https://justadudewhohacks.github.io/face-api.js/models";
-      // const MODEL_URL = "https://cdn.casbin.org/site/casdoor/models";
-      const MODEL_URL = "https://cdn.casdoor.com/casdoor/models";
+      const MODEL_URL = `${Setting.StaticBaseUrl}/casdoor/models`;

      Promise.all([
        faceapi.nets.tinyFaceDetector.loadFromUri(MODEL_URL),
--- a/web/src/locales/ar/data.json
+++ b/web/src/locales/ar/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/cs/data.json
+++ b/web/src/locales/cs/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "HTML patičky",
    "Footer HTML - Edit": "Upravit HTML patičky",
    "Footer HTML - Tooltip": "Přizpůsobit patičku vaší aplikace",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Pozice formuláře",
    "Form position - Tooltip": "Umístění formulářů pro registraci, přihlášení a zapomenuté heslo",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Ověřit"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API klíč",
    "API key - Tooltip": "API klíč - Tooltip",
    "Access key": "Přístupový klíč",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "URL ikony favicon použité na všech stránkách Casdoor organizace",
    "First name": "Křestní jméno",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "URL pro zapomenutí",
    "Forget URL - Tooltip": "Vlastní URL pro stránku \"Zapomenuté heslo\". Pokud není nastaveno, bude použita výchozí stránka Casdoor \"Zapomenuté heslo\". Když je nastaveno, odkaz \"Zapomenuté heslo\" na přihlašovací stránce přesměruje na tuto URL",
    "Found some texts still not translated? Please help us translate at": "Našli jste nějaké texty, které ještě nejsou přeloženy? Pomozte nám prosím přeložit na",
@ -321,8 +325,6 @@
    "Name": "Jméno",
    "Name - Tooltip": "Unikátní, řetězcové ID",
    "Name format": "Formát jména",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "Žádný",
    "OAuth providers": "OAuth poskytovatelé",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Toto je demo stránka pouze pro čtení!",
    "Timestamp": "Časové razítko",
    "Tokens": "Tokeny",
+    "Tour": "Tour",
    "Transactions": "Transakce",
    "Type": "Typ",
    "Type - Tooltip": "Typ - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN nebo ID administrátora LDAP serveru",
    "Admin Password": "Heslo administrátora",
    "Admin Password - Tooltip": "Heslo administrátora LDAP serveru",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Automatická synchronizace",
    "Auto Sync - Tooltip": "Konfigurace automatické synchronizace, deaktivováno při 0",
    "Base DN": "Základní DN",
@ -616,6 +621,8 @@
    "Is profile public": "Je profil veřejný",
    "Is profile public - Tooltip": "Po uzavření mohou profilovou stránku uživatele přistupovat pouze globální administrátoři nebo uživatelé ve stejné organizaci",
    "Modify rule": "Upravit pravidlo",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Nová organizace",
    "Optional": "Volitelný",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Zobrazit pravidlo",
    "Visible": "Viditelné",
    "Website URL": "URL webových stránek",
-    "Website URL - Tooltip": "Domovská URL organizace. Toto pole se v Casdoor nepoužívá"
+    "Website URL - Tooltip": "Domovská URL organizace. Toto pole se v Casdoor nepoužívá",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Potvrďte informace na faktuře",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Jméno \"Z\"",
    "Get phone number": "Získat telefonní číslo",
    "Get phone number - Tooltip": "Pokud je povolena synchronizace telefonního čísla, měli byste nejprve povolit google people API a přidat rozsah https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Hostitel",
    "Host - Tooltip": "Název hostitele",
    "IdP": "IdP",
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Formposition",
    "Form position - Tooltip": "Position der Anmelde-, Registrierungs- und Passwort-vergessen-Formulare",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "überprüfen"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon-URL, die auf allen Casdoor-Seiten der Organisation verwendet wird",
    "First name": "Vorname",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Passwort vergessen URL",
    "Forget URL - Tooltip": "Benutzerdefinierte URL für die \"Passwort vergessen\" Seite. Wenn nicht festgelegt, wird die standardmäßige Casdoor \"Passwort vergessen\" Seite verwendet. Wenn sie festgelegt ist, wird der \"Passwort vergessen\" Link auf der Login-Seite zu dieser URL umgeleitet",
    "Found some texts still not translated? Please help us translate at": "Haben Sie noch Texte gefunden, die nicht übersetzt wurden? Bitte helfen Sie uns beim Übersetzen",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Eindeutige, auf Strings basierende ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth-Provider",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Dies ist eine schreibgeschützte Demo-Seite!",
    "Timestamp": "Timestamp",
    "Tokens": "Token",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN oder ID des LDAP-Serveradministrators",
    "Admin Password": "Administratoren-Passwort",
    "Admin Password - Tooltip": "LDAP-Server-Administratorpasswort",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto-Synchronisierung",
    "Auto Sync - Tooltip": "Auto-Sync-Konfiguration, deaktiviert um 0 Uhr",
    "Base DN": "Basis-DN",
@ -616,6 +621,8 @@
    "Is profile public": "Ist das Profil öffentlich?",
    "Is profile public - Tooltip": "Nach der Schließung können nur globale Administratoren oder Benutzer in der gleichen Organisation auf die Profilseite des Benutzers zugreifen",
    "Modify rule": "Regel ändern",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Neue Organisation",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Ansichtsregel",
    "Visible": "Sichtbar",
    "Website URL": "Website-URL",
-    "Website URL - Tooltip": "Die Homepage-URL der Organisation. Dieses Feld wird in Casdoor nicht verwendet"
+    "Website URL - Tooltip": "Die Homepage-URL der Organisation. Dieses Feld wird in Casdoor nicht verwendet",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Bestätigen Sie Ihre Rechnungsinformationen",
@ -840,6 +849,8 @@
    "From name - Tooltip": "From name - Tooltip",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name des Hosts",
    "IdP": "IdP",
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Posición de la Forma",
    "Form position - Tooltip": "Ubicación de los formularios de registro, inicio de sesión y olvido de contraseña",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verificar"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon (ícono de favoritos)",
    "Favicon - Tooltip": "URL del icono Favicon utilizado en todas las páginas de Casdoor de la organización",
    "First name": "Nombre de pila",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Olvide la URL",
    "Forget URL - Tooltip": "URL personalizada para la página \"Olvidé mi contraseña\". Si no se establece, se utilizará la página \"Olvidé mi contraseña\" predeterminada de Casdoor. Cuando se establezca, el enlace \"Olvidé mi contraseña\" en la página de inicio de sesión redireccionará a esta URL",
    "Found some texts still not translated? Please help us translate at": "¿Encontraste algunos textos que aún no están traducidos? Por favor, ayúdanos a traducirlos en",
@ -321,8 +325,6 @@
    "Name": "Nombre",
    "Name - Tooltip": "ID único basado en cadenas",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "Proveedores de OAuth",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "¡Este es un sitio de demostración solo de lectura!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN o ID del administrador del servidor LDAP",
    "Admin Password": "Contraseña de administrador",
    "Admin Password - Tooltip": "Contraseña del administrador del servidor LDAP",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Sincronización automática",
    "Auto Sync - Tooltip": "Configuración de sincronización automática, desactivada a las 0",
    "Base DN": "DN base",
@ -616,6 +621,8 @@
    "Is profile public": "Es el perfil público",
    "Is profile public - Tooltip": "Después de estar cerrado, solo los administradores globales o usuarios de la misma organización pueden acceder a la página de perfil del usuario",
    "Modify rule": "Modificar regla",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Nueva organización",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Regla de visualización",
    "Visible": "Visible  - Visible",
    "Website URL": "URL del sitio web",
-    "Website URL - Tooltip": "La URL de la página de inicio de la organización. Este campo no se usa en Casdoor"
+    "Website URL - Tooltip": "La URL de la página de inicio de la organización. Este campo no se usa en Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirma la información de tu factura",
@ -840,6 +849,8 @@
    "From name - Tooltip": "From name - Tooltip",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Anfitrión",
    "Host - Tooltip": "Nombre del anfitrión",
    "IdP": "IdP = Proveedor de Identidad",
--- a/web/src/locales/fa/data.json
+++ b/web/src/locales/fa/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "HTML پاورقی",
    "Footer HTML - Edit": "ویرایش HTML پاورقی",
    "Footer HTML - Tooltip": "پاورقی برنامه خود را سفارشی کنید",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "موقعیت فرم",
    "Form position - Tooltip": "مکان فرم‌های ثبت‌نام، ورود و فراموشی رمز عبور",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "تأیید"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "کلید API",
    "API key - Tooltip": "کلید API - راهنمای ابزار",
    "Access key": "کلید دسترسی",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "آدرس آیکون Favicon استفاده شده در تمام صفحات Casdoor سازمان",
    "First name": "نام",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "آدرس فراموشی",
    "Forget URL - Tooltip": "آدرس سفارشی برای صفحه \"فراموشی رمز عبور\". اگر تنظیم نشده باشد، صفحه پیش‌فرض \"فراموشی رمز عبور\" Casdoor استفاده می‌شود. هنگامی که تنظیم شده باشد، لینک \"فراموشی رمز عبور\" در صفحه ورود به این آدرس هدایت می‌شود",
    "Found some texts still not translated? Please help us translate at": "برخی متون هنوز ترجمه نشده‌اند؟ لطفاً به ما در ترجمه کمک کنید در",
@ -321,8 +325,6 @@
    "Name": "نام",
    "Name - Tooltip": "شناسه رشته‌ای منحصربه‌فرد",
    "Name format": "قالب نام",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "غیر LDAP",
    "None": "هیچ‌کدام",
    "OAuth providers": "ارائه‌دهندگان OAuth",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "این یک سایت دمو فقط خواندنی است!",
    "Timestamp": "مهر زمان",
    "Tokens": "توکن‌ها",
+    "Tour": "Tour",
    "Transactions": "تراکنش‌ها",
    "Type": "نوع",
    "Type - Tooltip": "نوع - راهنمای ابزار",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN یا ID مدیر سرور LDAP",
    "Admin Password": "رمز عبور مدیر",
    "Admin Password - Tooltip": "رمز عبور مدیر سرور LDAP",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "همگام‌سازی خودکار",
    "Auto Sync - Tooltip": "پیکربندی همگام‌سازی خودکار، در ۰ غیرفعال است",
    "Base DN": "پایه DN",
@ -616,6 +621,8 @@
    "Is profile public": "پروفایل عمومی است",
    "Is profile public - Tooltip": "پس از بسته شدن، فقط مدیران جهانی یا کاربران در همان سازمان می‌توانند به صفحه پروفایل کاربر دسترسی داشته باشند",
    "Modify rule": "قانون اصلاح",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "سازمان جدید",
    "Optional": "اختیاری",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "قانون مشاهده",
    "Visible": "قابل مشاهده",
    "Website URL": "آدرس وب‌سایت",
-    "Website URL - Tooltip": "آدرس صفحه اصلی سازمان. این فیلد در Casdoor استفاده نمی‌شود"
+    "Website URL - Tooltip": "آدرس صفحه اصلی سازمان. این فیلد در Casdoor استفاده نمی‌شود",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "اطلاعات فاکتور خود را تأیید کنید",
@ -840,6 +849,8 @@
    "From name - Tooltip": "نام \"از\"",
    "Get phone number": "دریافت شماره تلفن",
    "Get phone number - Tooltip": "اگر همگام‌سازی شماره تلفن فعال باشد، باید ابتدا API افراد گوگل را فعال کنید و محدوده https://www.googleapis.com/auth/user.phonenumbers.read را اضافه کنید",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "میزبان",
    "Host - Tooltip": "نام میزبان",
    "IdP": "IdP",
--- a/web/src/locales/fi/data.json
+++ b/web/src/locales/fi/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Position du formulaire",
    "Form position - Tooltip": "Emplacement des formulaires d'inscription, de connexion et de récupération de mot de passe",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Vérifier"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "Clé API",
    "API key - Tooltip": "Clé API - Info-bulle",
    "Access key": "Clé d'accès",
@ -276,6 +279,7 @@
    "Favicon": "Icône du site",
    "Favicon - Tooltip": "L'URL de l'icône « favicon » utilisée dans toutes les pages Casdoor de l'organisation",
    "First name": "Prénom",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "URL d'oubli",
    "Forget URL - Tooltip": "URL personnalisée pour la page \"Mot de passe oublié\". Si elle n'est pas définie, la page par défaut \"Mot de passe oublié\" de Casdoor sera utilisée. Lorsqu'elle est définie, le lien \"Mot de passe oublié\" sur la page de connexion sera redirigé vers cette URL",
    "Found some texts still not translated? Please help us translate at": "Trouvé des textes encore non traduits ? Veuillez nous aider à les traduire sur",
@ -321,8 +325,6 @@
    "Name": "Nom",
    "Name - Tooltip": "Identifiant unique à base de chaîne",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "Aucun",
    "OAuth providers": "Fournisseurs OAuth",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Ceci est un site de démonstration en lecture seule !",
    "Timestamp": "Timestamp",
    "Tokens": "Jetons",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Infobulle",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN ou ID du compte d'administration du serveur LDAP",
    "Admin Password": "Mot de passe du compte d'administration",
    "Admin Password - Tooltip": "Mot de passe administrateur du serveur LDAP",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Synchronisation automatique",
    "Auto Sync - Tooltip": "Configuration de synchronisation automatique, désactivée à 0",
    "Base DN": "DN racine",
@ -616,6 +621,8 @@
    "Is profile public": "Est-ce que le profil est public ?",
    "Is profile public - Tooltip": "Après sa fermeture, seuls les administrateurs et administratrices globales ou les comptes de la même organisation peuvent accéder à la page de profil de l'utilisateur",
    "Modify rule": "Règle de modification",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Nouvelle organisation",
    "Optional": "Optionnel",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Règle de visibilité",
    "Visible": "Visible",
    "Website URL": "URL du site web",
-    "Website URL - Tooltip": "URL du site web l'organisation. Ce champ n'est pas utilisé dans Casdoor"
+    "Website URL - Tooltip": "URL du site web l'organisation. Ce champ n'est pas utilisé dans Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirmez les informations de votre facture",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Le nom affiché comme expéditeur dans les e-mails envoyés",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Hôte",
    "Host - Tooltip": "Nom d'hôte",
    "IdP": "IdP (Identité Fournisseur)",
--- a/web/src/locales/he/data.json
+++ b/web/src/locales/he/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/id/data.json
+++ b/web/src/locales/id/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Posisi formulir",
    "Form position - Tooltip": "Tempat pendaftaran, masuk, dan lupa kata sandi",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Memverifikasi"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "URL ikon Favicon yang digunakan di semua halaman Casdoor organisasi",
    "First name": "Nama depan",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Lupakan URL",
    "Forget URL - Tooltip": "URL kustom untuk halaman \"Lupa kata sandi\". Jika tidak diatur, halaman \"Lupa kata sandi\" default Casdoor akan digunakan. Ketika diatur, tautan \"Lupa kata sandi\" pada halaman masuk akan diarahkan ke URL ini",
    "Found some texts still not translated? Please help us translate at": "Menemukan beberapa teks yang masih belum diterjemahkan? Tolong bantu kami menerjemahkan di",
@ -321,8 +325,6 @@
    "Name": "Nama",
    "Name - Tooltip": "ID unik berbasis string",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "Penyedia OAuth",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Ini adalah situs demo hanya untuk dibaca saja!",
    "Timestamp": "Timestamp",
    "Tokens": "Token-token",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN atau ID dari administrator server LDAP",
    "Admin Password": "Kata sandi administrator",
    "Admin Password - Tooltip": "Kata sandi administrator server LDAP",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sinkronisasi",
    "Auto Sync - Tooltip": "Konfigurasi auto-sync dimatikan pada 0",
    "Base DN": "DN dasar",
@ -616,6 +621,8 @@
    "Is profile public": "Apakah profilnya publik?",
    "Is profile public - Tooltip": "Setelah ditutup, hanya administrator global atau pengguna di organisasi yang sama yang dapat mengakses halaman profil pengguna",
    "Modify rule": "Mengubah aturan",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Organisasi baru",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Aturan tampilan",
    "Visible": "Terlihat",
    "Website URL": "URL situs web",
-    "Website URL - Tooltip": "URL halaman utama organisasi. Bidang ini tidak digunakan di Casdoor"
+    "Website URL - Tooltip": "URL halaman utama organisasi. Bidang ini tidak digunakan di Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Konfirmasikan informasi tagihan Anda",
@ -840,6 +849,8 @@
    "From name - Tooltip": "From name - Tooltip",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Tuan rumah",
    "Host - Tooltip": "Nama tuan rumah",
    "IdP": "IdP",
--- a/web/src/locales/it/data.json
+++ b/web/src/locales/it/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "フォームのポジション",
    "Form position - Tooltip": "登録、ログイン、パスワード忘れフォームの位置",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "検証"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "ファビコン",
    "Favicon - Tooltip": "組織のすべてのCasdoorページに使用されるFaviconアイコンのURL",
    "First name": "名前",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "URLを忘れてください",
    "Forget URL - Tooltip": "「パスワードをお忘れの場合」ページのカスタムURL。未設定の場合、デフォルトのCasdoor「パスワードをお忘れの場合」ページが使用されます。設定された場合、ログインページの「パスワードをお忘れの場合」リンクはこのURLにリダイレクトされます",
    "Found some texts still not translated? Please help us translate at": "まだ翻訳されていない文章が見つかりましたか？是非とも翻訳のお手伝いをお願いします",
@ -321,8 +325,6 @@
    "Name": "名前",
    "Name - Tooltip": "ユニークで文字列ベースのID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuthプロバイダー",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "これは読み取り専用のデモサイトです！",
    "Timestamp": "Timestamp",
    "Tokens": "トークン",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "LDAPサーバー管理者のCNまたはID",
    "Admin Password": "管理者パスワード",
    "Admin Password - Tooltip": "LDAPサーバーの管理者パスワード",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "オート同期",
    "Auto Sync - Tooltip": "自動同期の設定は、0で無効になっています",
    "Base DN": "ベース DN",
@ -616,6 +621,8 @@
    "Is profile public": "プロフィールは公開されていますか？",
    "Is profile public - Tooltip": "閉鎖された後、グローバル管理者または同じ組織のユーザーだけがユーザーのプロファイルページにアクセスできます",
    "Modify rule": "ルールを変更する",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "新しい組織",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "ビュールール",
    "Visible": "見える",
    "Website URL": "ウェブサイトのURL",
-    "Website URL - Tooltip": "組織のホームページのURL。このフィールドはCasdoorでは使用されません"
+    "Website URL - Tooltip": "組織のホームページのURL。このフィールドはCasdoorでは使用されません",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "請求書の情報を確認してください",
@ -840,6 +849,8 @@
    "From name - Tooltip": "From name - Tooltip",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "ホスト",
    "Host - Tooltip": "ホストの名前",
    "IdP": "IdP",
--- a/web/src/locales/kk/data.json
+++ b/web/src/locales/kk/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "양식 위치",
    "Form position - Tooltip": "가입, 로그인 및 비밀번호 재설정 양식의 위치",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "검증하다"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "파비콘",
    "Favicon - Tooltip": "조직의 모든 Casdoor 페이지에서 사용되는 Favicon 아이콘 URL",
    "First name": "이름",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "URL을 잊어버려라",
    "Forget URL - Tooltip": "\"비밀번호를 잊어버렸을 경우\" 페이지에 대한 사용자 정의 URL. 설정되지 않은 경우 기본 Casdoor \"비밀번호를 잊어버렸을 경우\" 페이지가 사용됩니다. 설정된 경우 로그인 페이지의 \"비밀번호를 잊으셨나요?\" 링크는 이 URL로 리디렉션됩니다",
    "Found some texts still not translated? Please help us translate at": "아직 번역되지 않은 텍스트가 있나요? 번역에 도움을 주실 수 있나요?",
@ -321,8 +325,6 @@
    "Name": "이름",
    "Name - Tooltip": "고유한 문자열 기반 ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth 공급자",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "이것은 읽기 전용 데모 사이트입니다!",
    "Timestamp": "Timestamp",
    "Tokens": "토큰",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "LDAP 서버 관리자의 CN 또는 ID",
    "Admin Password": "관리자 비밀번호",
    "Admin Password - Tooltip": "LDAP 서버 관리자 비밀번호",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "자동 동기화",
    "Auto Sync - Tooltip": "자동 동기화 구성, 0에서 비활성화됨",
    "Base DN": "기본 DN",
@ -616,6 +621,8 @@
    "Is profile public": "프로필이 공개적으로 되어 있나요?",
    "Is profile public - Tooltip": "닫힌 후에는 전역 관리자 또는 동일한 조직의 사용자만 사용자 프로필 페이지에 액세스할 수 있습니다",
    "Modify rule": "규칙 수정",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "새로운 조직",
    "Optional": "선택사항",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "보기 규칙",
    "Visible": "보이는",
    "Website URL": "웹사이트 URL",
-    "Website URL - Tooltip": "조직의 홈페이지 URL입니다. 이 필드는 Casdoor에서 사용되지 않습니다"
+    "Website URL - Tooltip": "조직의 홈페이지 URL입니다. 이 필드는 Casdoor에서 사용되지 않습니다",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "송장 정보를 확인하세요",
@ -840,6 +849,8 @@
    "From name - Tooltip": "From name - Tooltip",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "호스트",
    "Host - Tooltip": "호스트의 이름",
    "IdP": "IdP",
--- a/web/src/locales/ms/data.json
+++ b/web/src/locales/ms/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/nl/data.json
+++ b/web/src/locales/nl/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/pl/data.json
+++ b/web/src/locales/pl/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/pt/data.json
+++ b/web/src/locales/pt/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Posição do formulário",
    "Form position - Tooltip": "Localização dos formulários de registro, login e recuperação de senha",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verificar"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "Chave da API",
    "API key - Tooltip": "Chave da API - Tooltip",
    "Access key": "Chave de acesso",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "URL do ícone de favicon usado em todas as páginas do Casdoor da organização",
    "First name": "Nome",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "URL de Esqueci a Senha",
    "Forget URL - Tooltip": "URL personalizada para a página de \"Esqueci a senha\". Se não definido, será usada a página padrão de \"Esqueci a senha\" do Casdoor. Quando definido, o link de \"Esqueci a senha\" na página de login será redirecionado para esta URL",
    "Found some texts still not translated? Please help us translate at": "Encontrou algum texto ainda não traduzido? Ajude-nos a traduzir em",
@ -321,8 +325,6 @@
    "Name": "Nome",
    "Name - Tooltip": "ID único em formato de string",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "Provedores OAuth",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Este é um site de demonstração apenas para leitura!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Tipo",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN ou ID do administrador do servidor LDAP",
    "Admin Password": "Senha do Administrador",
    "Admin Password - Tooltip": "Senha do administrador do servidor LDAP",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Sincronização Automática",
    "Auto Sync - Tooltip": "Configuração de sincronização automática, desativada em 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Perfil é público",
    "Is profile public - Tooltip": "Após ser fechado, apenas administradores globais ou usuários na mesma organização podem acessar a página de perfil do usuário",
    "Modify rule": "Modificar regra",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Nova Organização",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Ver regra",
    "Visible": "Visível",
    "Website URL": "URL do website",
-    "Website URL - Tooltip": "A URL da página inicial da organização. Este campo não é utilizado no Casdoor"
+    "Website URL - Tooltip": "A URL da página inicial da organização. Este campo não é utilizado no Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirme as informações da sua fatura",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Nome do remetente",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Nome do host",
    "IdP": "IdP",
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Позиция формы",
    "Form position - Tooltip": "Местоположение форм регистрации, входа и восстановления пароля",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Проверить"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "ключ API",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Фавикон",
    "Favicon - Tooltip": "URL иконки Favicon, используемый на всех страницах организации Casdoor",
    "First name": "Имя",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Забудьте URL",
    "Forget URL - Tooltip": "Настроенный URL для страницы \"Забыли пароль\". Если не установлено, будет использоваться стандартная страница \"Забыли пароль\" Casdoor. При установке, ссылка \"Забыли пароль\" на странице входа будет перенаправляться на этот URL",
    "Found some texts still not translated? Please help us translate at": "Нашли некоторые тексты, которые еще не переведены? Пожалуйста, помогите нам перевести на",
@ -321,8 +325,6 @@
    "Name": "Имя",
    "Name - Tooltip": "Уникальный идентификатор на основе строки",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "Провайдеры OAuth",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Это демонстрационный сайт только для чтения!",
    "Timestamp": "Timestamp",
    "Tokens": "Токены",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN или ID администратора сервера LDAP",
    "Admin Password": "Пароль администратора",
    "Admin Password - Tooltip": "Пароль администратора сервера LDAP",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Автораспределение",
    "Auto Sync - Tooltip": "Автоматическая синхронизация настроек отключена при значении 0",
    "Base DN": "Базовый DN",
@ -616,6 +621,8 @@
    "Is profile public": "Профиль является публичным?",
    "Is profile public - Tooltip": "После закрытия страницы профиля, только глобальные администраторы или пользователи из той же организации могут получить к ней доступ",
    "Modify rule": "Изменить правило",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Новая организация",
    "Optional": "Опционально",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Правило просмотра",
    "Visible": "Видимый",
    "Website URL": "Веб-адрес сайта",
-    "Website URL - Tooltip": "Главная страница URL организации. Это поле не используется в Casdoor"
+    "Website URL - Tooltip": "Главная страница URL организации. Это поле не используется в Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Подтвердите информацию в вашем счете-фактуре",
@ -840,6 +849,8 @@
    "From name - Tooltip": "From name - Tooltip",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Хост",
    "Host - Tooltip": "Имя хоста",
    "IdP": "ИдП",
--- a/web/src/locales/sk/data.json
+++ b/web/src/locales/sk/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "HTML päty",
    "Footer HTML - Edit": "HTML päty - Upraviť",
    "Footer HTML - Tooltip": "Vlastná pätka vašej aplikácie",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Pozícia formulára",
    "Form position - Tooltip": "Miesto registračných, prihlasovacích a zabudnutých formulárov",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Overiť"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API kľúč",
    "API key - Tooltip": "API kľúč",
    "Access key": "Prístupový kľúč",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "URL ikony favicon používaná na všetkých stránkach Casdoor organizácie",
    "First name": "Meno",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "URL zabudnutia",
    "Forget URL - Tooltip": "Vlastná URL pre stránku \"Zabudol som heslo\". Ak nie je nastavená, bude použitá predvolená stránka Casdoor \"Zabudol som heslo\". Po nastavení bude odkaz na stránke prihlásenia presmerovaný na túto URL",
    "Found some texts still not translated? Please help us translate at": "Našli ste nejaké texty, ktoré ešte nie sú preložené? Pomôžte nám preložiť na",
@ -321,8 +325,6 @@
    "Name": "Názov",
    "Name - Tooltip": "Jedinečný ID reťazec",
    "Name format": "Formát názvu",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "Žiadne",
    "OAuth providers": "OAuth poskytovatelia",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Toto je stránka len na čítanie!",
    "Timestamp": "Časová značka",
    "Tokens": "Tokeny",
+    "Tour": "Tour",
    "Transactions": "Transakcie",
    "Type": "Typ",
    "Type - Tooltip": "Typ",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN alebo ID administrátora LDAP servera",
    "Admin Password": "Heslo administrátora",
    "Admin Password - Tooltip": "Heslo administrátora LDAP servera",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Automatická synchronizácia",
    "Auto Sync - Tooltip": "Konfigurácia automatickej synchronizácie, zakázaná na 0",
    "Base DN": "Základný DN",
@ -616,6 +621,8 @@
    "Is profile public": "Je profil verejný",
    "Is profile public - Tooltip": "Po zatvorení môžu prístup k profilu používateľa získať iba globálni administrátori alebo používatelia v rovnakej organizácii",
    "Modify rule": "Upraviť pravidlo",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Nová organizácia",
    "Optional": "Voliteľné",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Zobraziť pravidlo",
    "Visible": "Viditeľné",
    "Website URL": "URL webovej stránky",
-    "Website URL - Tooltip": "URL domovskej stránky organizácie. Toto pole sa v Casdoor nepoužíva"
+    "Website URL - Tooltip": "URL domovskej stránky organizácie. Toto pole sa v Casdoor nepoužíva",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Potvrďte svoje fakturačné údaje",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Meno odosielateľa",
    "Get phone number": "Získať telefónne číslo",
    "Get phone number - Tooltip": "Ak je synchronizácia telefónneho čísla povolená, mali by ste najprv povoliť Google People API a pridať rozsah https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Hostiteľ",
    "Host - Tooltip": "Názov hostiteľa",
    "IdP": "IdP",
--- a/web/src/locales/sv/data.json
+++ b/web/src/locales/sv/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Verify"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "First name",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Name",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "This is a read-only demo site!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/tr/data.json
+++ b/web/src/locales/tr/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Doğrula"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon icon URL used in all Casdoor pages of the organization",
    "First name": "İsim",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Forget URL",
    "Forget URL - Tooltip": "Custom URL for the \"Forget password\" page. If not set, the default Casdoor \"Forget password\" page will be used. When set, the \"Forget password\" link on the login page will redirect to this URL",
    "Found some texts still not translated? Please help us translate at": "Found some texts still not translated? Please help us translate at",
@ -321,8 +325,6 @@
    "Name": "Ad",
    "Name - Tooltip": "Unique, string-based ID",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "OAuth providers",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Bu site sadece görüntüleme amaçlıdır!",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN or ID of the LDAP server administrator",
    "Admin Password": "Admin Password",
    "Admin Password - Tooltip": "LDAP server administrator password",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Auto Sync",
    "Auto Sync - Tooltip": "Auto-sync configuration, disabled at 0",
    "Base DN": "Base DN",
@ -616,6 +621,8 @@
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "After being closed, only global administrators or users in the same organization can access the user's profile page",
    "Modify rule": "Modify rule",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "New Organization",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "View rule",
    "Visible": "Görünür",
    "Website URL": "Web Sitesi URL'si",
-    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor"
+    "Website URL - Tooltip": "The homepage URL of the organization. This field is not used in Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Name of \"From\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Host",
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
--- a/web/src/locales/uk/data.json
+++ b/web/src/locales/uk/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Нижній колонтитул HTML",
    "Footer HTML - Edit": "Нижній колонтитул HTML - Редагувати",
    "Footer HTML - Tooltip": "Налаштуйте нижній колонтитул вашої програми",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Положення форми",
    "Form position - Tooltip": "Розташування форм для реєстрації, входу та забуття пароля",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Підтвердити"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "Ключ API",
    "API key - Tooltip": "Ключ API – підказка",
    "Access key": "Ключ доступу",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "URL-адреса піктограми Favicon, яка використовується на всіх сторінках Casdoor організації",
    "First name": "Ім'я",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Забути URL",
    "Forget URL - Tooltip": "Користувацька URL-адреса для сторінки \"Забути пароль\". ",
    "Found some texts still not translated? Please help us translate at": "Знайшли ще неперекладені тексти? ",
@ -321,8 +325,6 @@
    "Name": "Ім'я",
    "Name - Tooltip": "Унікальний ідентифікатор на основі рядка",
    "Name format": "Формат імені",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Не LDAP",
    "None": "Жодного",
    "OAuth providers": "Постачальники OAuth",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Це демо-сайт лише для читання!",
    "Timestamp": "Мітка часу",
    "Tokens": "Жетони",
+    "Tour": "Tour",
    "Transactions": "транзакції",
    "Type": "Тип",
    "Type - Tooltip": "Тип - підказка",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN або ID адміністратора сервера LDAP",
    "Admin Password": "Пароль адміністратора",
    "Admin Password - Tooltip": "Пароль адміністратора сервера LDAP",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Автоматична синхронізація",
    "Auto Sync - Tooltip": "Конфігурація автоматичної синхронізації, вимкнена на 0",
    "Base DN": "Базовий DN",
@ -616,6 +621,8 @@
    "Is profile public": "Профіль загальнодоступний",
    "Is profile public - Tooltip": "Після закриття лише глобальні адміністратори або користувачі в одній організації можуть отримати доступ до сторінки профілю користувача",
    "Modify rule": "Змінити правило",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Нова організація",
    "Optional": "Додатково",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Переглянути правило",
    "Visible": "Видно",
    "Website URL": "адреса вебсайту",
-    "Website URL - Tooltip": "URL-адреса домашньої сторінки організації. "
+    "Website URL - Tooltip": "URL-адреса домашньої сторінки організації. ",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Підтвердьте інформацію про рахунок",
@ -840,6 +849,8 @@
    "From name - Tooltip": "Назва \"Від\"",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Хост",
    "Host - Tooltip": "Ім'я хоста",
    "IdP": "IDP",
--- a/web/src/locales/vi/data.json
+++ b/web/src/locales/vi/data.json
@ -65,6 +65,7 @@
    "Footer HTML": "Footer HTML",
    "Footer HTML - Edit": "Footer HTML - Edit",
    "Footer HTML - Tooltip": "Custom the footer of your application",
+    "Forced redirect origin": "Forced redirect origin",
    "Form position": "Vị trí của hình thức",
    "Form position - Tooltip": "Vị trí của các biểu mẫu đăng ký, đăng nhập và quên mật khẩu",
    "Generate Face ID": "Generate Face ID",
@ -168,6 +169,7 @@
  },
  "currency": {
    "AUD": "AUD",
+    "BRL": "BRL",
    "CAD": "CAD",
    "CHF": "CHF",
    "CNY": "CNY",
@ -194,6 +196,7 @@
    "Verify": "Xác thực"
  },
  "general": {
+    "AI Assistant": "AI Assistant",
    "API key": "API key",
    "API key - Tooltip": "API key - Tooltip",
    "Access key": "Access key",
@ -276,6 +279,7 @@
    "Favicon": "Favicon",
    "Favicon - Tooltip": "URL biểu tượng Favicon được sử dụng trong tất cả các trang của tổ chức Casdoor",
    "First name": "Tên",
+    "Forced redirect origin - Tooltip": "Forced redirect origin - Tooltip",
    "Forget URL": "Quên URL",
    "Forget URL - Tooltip": "Đường dẫn tùy chỉnh cho trang \"Quên mật khẩu\". Nếu không được thiết lập, trang \"Quên mật khẩu\" mặc định của Casdoor sẽ được sử dụng. Khi cài đặt, liên kết \"Quên mật khẩu\" trên trang đăng nhập sẽ chuyển hướng đến URL này",
    "Found some texts still not translated? Please help us translate at": "Tìm thấy một số văn bản vẫn chưa được dịch? Vui lòng giúp chúng tôi dịch tại",
@ -321,8 +325,6 @@
    "Name": "Tên",
    "Name - Tooltip": "ID duy nhất dựa trên chuỗi",
    "Name format": "Name format",
-    "Navbar items": "Navbar items",
-    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "Non-LDAP": "Non-LDAP",
    "None": "None",
    "OAuth providers": "Nhà cung cấp OAuth",
@ -421,6 +423,7 @@
    "This is a read-only demo site!": "Đây là trang web giới thiệu chỉ có chức năng đọc!",
    "Timestamp": "Timestamp",
    "Tokens": "Mã thông báo",
+    "Tour": "Tour",
    "Transactions": "Transactions",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
@ -479,6 +482,8 @@
    "Admin - Tooltip": "CN hoặc ID của quản trị viên máy chủ LDAP",
    "Admin Password": "Mật khẩu quản trị viên",
    "Admin Password - Tooltip": "Mật khẩu quản trị viên của máy chủ LDAP",
+    "Allow self-signed certificate": "Allow self-signed certificate",
+    "Allow self-signed certificate - Tooltip": "Allow self-signed certificate - Tooltip",
    "Auto Sync": "Tự động đồng bộ hóa",
    "Auto Sync - Tooltip": "Đồng bộ hóa tự động cấu hình, bị tắt tại 0",
    "Base DN": "DN cơ sở",
@ -616,6 +621,8 @@
    "Is profile public": "Hồ sơ có công khai không?",
    "Is profile public - Tooltip": "Sau khi đóng lại, chỉ các quản trị viên toàn cầu hoặc người dùng trong cùng tổ chức mới có thể truy cập trang hồ sơ người dùng",
    "Modify rule": "Sửa đổi quy tắc",
+    "Navbar items": "Navbar items",
+    "Navbar items - Tooltip": "Navbar items - Tooltip",
    "New Organization": "Tổ chức mới",
    "Optional": "Optional",
    "Password expire days": "Password expire days",
@ -633,7 +640,9 @@
    "View rule": "Xem quy tắc",
    "Visible": "Rõ ràng",
    "Website URL": "Địa chỉ trang web",
-    "Website URL - Tooltip": "Địa chỉ trang chủ của tổ chức. Trường này không được sử dụng trong Casdoor"
+    "Website URL - Tooltip": "Địa chỉ trang chủ của tổ chức. Trường này không được sử dụng trong Casdoor",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Xác nhận thông tin hóa đơn của bạn",
@ -840,6 +849,8 @@
    "From name - Tooltip": "From name - Tooltip",
    "Get phone number": "Get phone number",
    "Get phone number - Tooltip": "If sync phone number is enabled, you should enable google people api first and add scope https://www.googleapis.com/auth/user.phonenumbers.read",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
    "Host": "Chủ nhà",
    "Host - Tooltip": "Tên của người chủ chỗ ở",
    "IdP": "IdP",
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Leon Koth	87506b84e3	feat: support special chars like "+" in username parameter of /api/get-email-and-phone API (#3824 )	2025-05-23 17:29:00 +08:00
People257	fed9332246	feat: can configure Domain field in Nextcloud OAuth provider (#3813 )	2025-05-23 17:23:34 +08:00
DacongDA	33afc52a0b	feat: can redirect user to login page after linking provider in prompt page (#3820 )	2025-05-23 07:15:53 +08:00
Eko Eryanto	9035ca365a	feat: improve Indonesia i18n translations (#3817 )	2025-05-22 20:42:47 +08:00
DacongDA	b97ae72179	feat: use the standard user struct for JWT-Standard to get a correct userinfo (#3809 )	2025-05-21 18:54:42 +08:00
DacongDA	9190db1099	feat: fix bug that token endpoint doesn't return 400/401 when type is object.TokenError (#3808 )	2025-05-20 10:39:55 +08:00
DacongDA	1173f75794	feat: return HTTP status 400 instead of 200 in GetOAuthToken() (#3807 )	2025-05-20 01:05:43 +08:00
Yang Luo	086859d1ce	feat: change User.Avatar length back to 500	2025-05-18 09:47:56 +08:00
Yang Luo	9afaf5d695	feat: increase User.Avatar length to 1000	2025-05-17 19:59:17 +08:00
DacongDA	521f90a603	feat: fix access_token endpoint cannot read clientId in form when using device code flow (#3800 )	2025-05-17 18:53:38 +08:00
DacongDA	4260efcfd0	feat: add useIdAsName field for WeCom OAuth provider (#3797 )	2025-05-17 02:27:06 +08:00
DacongDA	d772b0b7a8	feat: fix bug that username will be random with useEmailAsUsername enabled (#3793 )	2025-05-16 18:40:50 +08:00
DacongDA	702b390da1	feat: fix MFA preference doesn't work bug (#3790 )	2025-05-15 21:04:36 +08:00
DacongDA	b15b3b9335	feat: support adapter in app.conf logConfig (#3784 )	2025-05-14 08:27:11 +08:00
DacongDA	f8f864c5b9	feat: add logged-in IDP provider info to access token (#3776 )	2025-05-11 09:51:51 +08:00
Yang Luo	90e790f83c	feat: increase Application.SamlReplyUrl from 100 chars to 500	2025-05-10 22:42:40 +08:00
DacongDA	58413246f3	feat: fix bug that db not found error in createDatabaseForPostgres (#3765 )	2025-05-05 18:25:58 +08:00
Yang Luo	8f307dd907	feat: upgrade go-teams-notify to v2.13.0	2025-05-05 01:02:27 +08:00
People257	fe42b5e0ba	feat: improve checkGroupName() (#3759 )	2025-05-03 22:47:42 +08:00
DacongDA	383bf44391	feat: support OIDC device flow: "/api/device-auth" (#3757 )	2025-04-30 23:42:26 +08:00
DacongDA	36f5de3203	feat: allow jwks to include the certs from non-admin owner (#3749 )	2025-04-28 09:31:56 +08:00
DacongDA	eae69c41d7	feat: add object field filter for webhook (#3746 )	2025-04-26 22:05:36 +08:00
Khaled Omara	91057f54f3	feat: add Pbkdf2DjangoCredManager (#3745 )	2025-04-25 16:16:50 +08:00
DacongDA	daa7b79915	feat: improve error handling of webauthn login (#3744 )	2025-04-24 01:11:24 +08:00
DacongDA	d3a5539dae	feat: fix loading status not reset issue when failed to login (#3743 )	2025-04-24 00:57:52 +08:00
DacongDA	7d1c614452	feat: use random name as name if user's name is invalid when created by third party provider (#3742 )	2025-04-23 21:30:19 +08:00
Yang Luo	e2eafa909b	feat: fix MODEL_URL in FaceRecognitionModal	2025-04-21 09:10:30 +08:00
DacongDA	56bcef0592	feat: support application.formCss in forget-password page (#3733 )	2025-04-19 22:59:21 +08:00
DacongDA	0860cbf343	feat: can specify content type and http body field mapping for Custom HTTP Email provider (#3730 )	2025-04-17 01:59:11 +08:00
Maxime LUCE	2f4180b1b6	feat: add missing currencies in plan edit page (#3727 )	2025-04-15 16:01:14 +08:00
DacongDA	e3d5619b25	feat: support custom HTTP headers in custom HttpEmailProvider and hide unused fields (#3723 )	2025-04-13 23:52:04 +08:00
closeobserve	019fd87b92	feat: fix code comment typos (#3724 )	2025-04-13 17:57:37 +08:00
Yang Luo	5c41c6c4a5	feat: add BRL currency	2025-04-11 22:24:45 +08:00
Jefferson Rodrigues	b7fafcc62b	feat: improve InitFromFile() code order to fix GetOrganizationApplicationCount always returns 0 bug (#3720 )	2025-04-11 01:43:54 +08:00
Yang Luo	493ceddcd9	feat: improve error handling in system info page	2025-04-11 01:41:27 +08:00
Gabriel Brecci	fc618b9bd5	feat: add validation for optional fields in IntrospectionToken for custom token types (#3717 )	2025-04-09 22:27:19 +08:00
DacongDA	a00900e405	feat: fix sqlite bug for failed to lookup Client-side Discoverable Credential: user not exist (#3719 )	2025-04-09 22:26:47 +08:00
Gabriel Brecci	77ef5828dd	feat(introspection): return correct active status for expired or revoked tokens (#3716 )	2025-04-09 02:00:30 +08:00
DacongDA	c11f013e04	feat: return "Active: false" for expired token in IntrospectToken() (#3714 )	2025-04-08 23:20:44 +08:00
DacongDA	b3bafe8402	feat: fix bug that unable to query webauthnCredentials when db is mssql or postgres in GetUserByWebauthID() (#3712 )	2025-04-08 17:51:32 +08:00
DacongDA	f04a431d85	feat: Casdoor's LDAP client supports LDAP server's self-signed certificates now (#3709 )	2025-04-07 02:02:32 +08:00
WindSpiritSR	952538916d	feat: check application existence in object.AddUser() (#3686 )	2025-04-05 16:38:20 +08:00
Eng Zer Jun	18bb445e71	feat: update `github.com/golang-jwt/jwt` dependency to v5 (#3708 )	2025-04-05 02:05:41 +08:00
DacongDA	cca88e2cb0	feat: fix bug that when email/sms mfa is not preferred, message will send to masked address (#3705 )	2025-04-04 01:08:29 +08:00
Yang Luo	86c10fe0ab	feat: change org.CountryCodes to mediumtext	2025-04-02 20:23:04 +08:00
DacongDA	c1b3bf0f45	feat: set button to loading status immediately after click (#3696 )	2025-04-02 01:15:36 +08:00
DacongDA	62bda61af5	feat: can use provider_hint arg to do OAuth redirect automatically (#3698 )	2025-04-02 01:15:20 +08:00
DacongDA	b6f943e326	feat: support WebAuthn login without username and upgrade Go to 1.21 (#3695 )	2025-04-01 16:35:59 +08:00
DacongDA	2cc5e82d91	feat: support login button loading state (#3694 )	2025-04-01 00:57:24 +08:00
DacongDA	e55cd94298	feat: fix issue that user email is still unverified after signup (#3685 )	2025-03-29 21:24:01 +08:00
WindSpiritSR	08f7a05e61	feat: fix MFA + LDAP bug in /check-user-password API (#3681 )	2025-03-26 22:11:58 +08:00
Yang Luo	4bee21f4a3	feat: use StaticBaseUrl in frontend	2025-03-26 21:32:31 +08:00
DacongDA	5417a90223	feat: fix bug that there is already an object named 'casbin_api_rule' in the database (#3680 )	2025-03-25 22:24:58 +08:00
Yang Luo	131820e34e	feat: add application.ForcedRedirectOrigin	2025-03-24 13:42:35 +08:00
WindSpiritSR	2fcbf7cf6c	feat: fix apps page grid style (#3679 )	2025-03-22 18:19:14 +08:00
WindSpiritSR	14ade8b7e4	feat: fix provider test API's missing owner and name args for auth (#3676 )	2025-03-22 17:53:20 +08:00
WindSpiritSR	a11fe59704	feat: support widget items config in org (#3674 )	2025-03-21 23:00:07 +08:00