feat: add Lark OAuth provider (#3956 )

feat: check if MFA is verified when required (#3954 )
feat: support links in email to reset password (#3939 )
2025-07-15 03:53:50 +08:00 · 2025-07-13 19:51:45 +08:00 · 2025-07-12 15:20:44 +08:00 · 2025-07-12 00:18:56 +08:00 · 2025-07-11 19:57:55 +08:00 · 2025-07-11 00:24:33 +08:00
154 changed files with 3598 additions and 1729 deletions
--- a/captcha/aliyun.go
+++ b/captcha/aliyun.go
@ -15,32 +15,51 @@
 package captcha

 import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/casdoor/casdoor/util"
+	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	openapiutil "github.com/alibabacloud-go/openapi-util/service"
+	teaUtil "github.com/alibabacloud-go/tea-utils/v2/service"
+	"github.com/alibabacloud-go/tea/tea"
 )

-const AliyunCaptchaVerifyUrl = "http://afs.aliyuncs.com"
+const AliyunCaptchaVerifyUrl = "captcha.cn-shanghai.aliyuncs.com"

-type captchaSuccessResponse struct {
-	Code int    `json:"Code"`
-	Msg  string `json:"Msg"`
+type VerifyCaptchaRequest struct {
+	CaptchaVerifyParam *string `json:"CaptchaVerifyParam,omitempty" xml:"CaptchaVerifyParam,omitempty"`
+	SceneId            *string `json:"SceneId,omitempty" xml:"SceneId,omitempty"`
 }

-type captchaFailResponse struct {
-	Code    string `json:"Code"`
-	Message string `json:"Message"`
+type VerifyCaptchaResponseBodyResult struct {
+	VerifyResult *bool `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
 }

+type VerifyCaptchaResponseBody struct {
+	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
+	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
+	// Id of the request
+	RequestId *string                          `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
+	Result    *VerifyCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
+	Success   *bool                            `json:"Success,omitempty" xml:"Success,omitempty"`
+}
+
+type VerifyIntelligentCaptchaResponseBodyResult struct {
+	VerifyCode   *string `json:"VerifyCode,omitempty" xml:"VerifyCode,omitempty"`
+	VerifyResult *bool   `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
+}
+
+type VerifyIntelligentCaptchaResponseBody struct {
+	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
+	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
+	// Id of the request
+	RequestId *string                                     `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
+	Result    *VerifyIntelligentCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
+	Success   *bool                                       `json:"Success,omitempty" xml:"Success,omitempty"`
+}
+
+type VerifyIntelligentCaptchaResponse struct {
+	Headers    map[string]*string                    `json:"headers,omitempty" xml:"headers,omitempty" require:"true"`
+	StatusCode *int32                                `json:"statusCode,omitempty" xml:"statusCode,omitempty" require:"true"`
+	Body       *VerifyIntelligentCaptchaResponseBody `json:"body,omitempty" xml:"body,omitempty" require:"true"`
+}
 type AliyunCaptchaProvider struct{}

 func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
@ -48,68 +67,69 @@ func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
 	return captcha
 }

-func contentEscape(str string) string {
-	str = strings.Replace(str, " ", "%20", -1)
-	str = url.QueryEscape(str)
-	return str
-}
+func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+	config := &openapi.Config{}

-func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	pathData, err := url.ParseQuery(token)
+	config.Endpoint = tea.String(AliyunCaptchaVerifyUrl)
+	config.ConnectTimeout = tea.Int(5000)
+	config.ReadTimeout = tea.Int(5000)
+	config.AccessKeyId = tea.String(clientId)
+	config.AccessKeySecret = tea.String(clientSecret)
+
+	client := new(openapi.Client)
+	err := client.Init(config)
 	if err != nil {
 		return false, err
 	}

-	pathData["Action"] = []string{"AuthenticateSig"}
-	pathData["Format"] = []string{"json"}
-	pathData["SignatureMethod"] = []string{"HMAC-SHA1"}
-	pathData["SignatureNonce"] = []string{strconv.FormatInt(time.Now().UnixNano(), 10)}
-	pathData["SignatureVersion"] = []string{"1.0"}
-	pathData["Timestamp"] = []string{time.Now().UTC().Format("2006-01-02T15:04:05Z")}
-	pathData["Version"] = []string{"2018-01-12"}
+	request := VerifyCaptchaRequest{CaptchaVerifyParam: tea.String(token), SceneId: tea.String(clientId2)}

-	var keys []string
-	for k := range pathData {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-
-	sortQuery := ""
-	for _, k := range keys {
-		sortQuery += k + "=" + contentEscape(pathData[k][0]) + "&"
-	}
-	sortQuery = strings.TrimSuffix(sortQuery, "&")
-
-	stringToSign := fmt.Sprintf("GET&%s&%s", url.QueryEscape("/"), url.QueryEscape(sortQuery))
-
-	signature := util.GetHmacSha1(clientSecret+"&", stringToSign)
-
-	resp, err := http.Get(fmt.Sprintf("%s?%s&Signature=%s", AliyunCaptchaVerifyUrl, sortQuery, url.QueryEscape(signature)))
+	err = teaUtil.ValidateModel(&request)
 	if err != nil {
 		return false, err
 	}

-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
+	runtime := &teaUtil.RuntimeOptions{}
+
+	body := map[string]interface{}{}
+	if !tea.BoolValue(teaUtil.IsUnset(request.CaptchaVerifyParam)) {
+		body["CaptchaVerifyParam"] = request.CaptchaVerifyParam
+	}
+
+	if !tea.BoolValue(teaUtil.IsUnset(request.SceneId)) {
+		body["SceneId"] = request.SceneId
+	}
+
+	req := &openapi.OpenApiRequest{
+		Body: openapiutil.ParseToMap(body),
+	}
+	params := &openapi.Params{
+		Action:      tea.String("VerifyIntelligentCaptcha"),
+		Version:     tea.String("2023-03-05"),
+		Protocol:    tea.String("HTTPS"),
+		Pathname:    tea.String("/"),
+		Method:      tea.String("POST"),
+		AuthType:    tea.String("AK"),
+		Style:       tea.String("RPC"),
+		ReqBodyType: tea.String("formData"),
+		BodyType:    tea.String("json"),
+	}
+
+	res := &VerifyIntelligentCaptchaResponse{}
+
+	resBody, err := client.CallApi(params, req, runtime)
 	if err != nil {
 		return false, err
 	}

-	return handleCaptchaResponse(body)
-}
-
-func handleCaptchaResponse(body []byte) (bool, error) {
-	captchaResp := &captchaSuccessResponse{}
-	err := json.Unmarshal(body, captchaResp)
-	if err != nil {
-		captchaFailResp := &captchaFailResponse{}
-		err = json.Unmarshal(body, captchaFailResp)
+	err = tea.Convert(resBody, &res)
 	if err != nil {
 		return false, err
 	}

-		return false, errors.New(captchaFailResp.Message)
-	}
-
+	if res.Body.Result.VerifyResult != nil && *res.Body.Result.VerifyResult {
 		return true, nil
 	}
+
+	return false, nil
+}
--- a/captcha/default.go
+++ b/captcha/default.go
@ -23,6 +23,6 @@ func NewDefaultCaptchaProvider() *DefaultCaptchaProvider {
 	return captcha
 }

-func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	return object.VerifyCaptcha(clientSecret, token), nil
 }
--- a/captcha/geetest.go
+++ b/captcha/geetest.go
@ -35,7 +35,7 @@ func NewGEETESTCaptchaProvider() *GEETESTCaptchaProvider {
 	return captcha
 }

-func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	pathData, err := url.ParseQuery(token)
 	if err != nil {
 		return false, err
--- a/captcha/hcaptcha.go
+++ b/captcha/hcaptcha.go
@ -32,7 +32,7 @@ func NewHCaptchaProvider() *HCaptchaProvider {
 	return captcha
 }

-func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/captcha/provider.go
+++ b/captcha/provider.go
@ -17,7 +17,7 @@ package captcha
 import "fmt"

 type CaptchaProvider interface {
-	VerifyCaptcha(token, clientSecret string) (bool, error)
+	VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error)
 }

 func GetCaptchaProvider(captchaType string) CaptchaProvider {
@ -43,11 +43,11 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 	return nil
 }

-func VerifyCaptchaByCaptchaType(captchaType, token, clientSecret string) (bool, error) {
+func VerifyCaptchaByCaptchaType(captchaType, token, clientId, clientSecret, clientId2 string) (bool, error) {
 	provider := GetCaptchaProvider(captchaType)
 	if provider == nil {
 		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
 	}

-	return provider.VerifyCaptcha(token, clientSecret)
+	return provider.VerifyCaptcha(token, clientId, clientSecret, clientId2)
 }
--- a/captcha/recaptcha.go
+++ b/captcha/recaptcha.go
@ -32,7 +32,7 @@ func NewReCaptchaProvider() *ReCaptchaProvider {
 	return captcha
 }

-func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@ -32,7 +32,7 @@ func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
 	return captcha
 }

-func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/conf/conf.go
+++ b/conf/conf.go
@ -66,7 +66,11 @@ func GetConfigBool(key string) bool {
 func GetConfigInt64(key string) (int64, error) {
 	value := GetConfigString(key)
 	num, err := strconv.ParseInt(value, 10, 64)
-	return num, err
+	if err != nil {
+		return 0, fmt.Errorf("GetConfigInt64(%s) error, %s", key, err.Error())
+	}
+
+	return num, nil
 }

 func GetConfigDataSourceName() string {
--- a/controllers/account.go
+++ b/controllers/account.go
@ -42,6 +42,7 @@ type Response struct {
 	Name   string      `json:"name"`
 	Data   interface{} `json:"data"`
 	Data2  interface{} `json:"data2"`
+	Data3  interface{} `json:"data3"`
 }

 type Captcha struct {
@ -259,7 +260,7 @@ func (c *ApiController) Signup() {
 		user.Groups = []string{application.DefaultGroup}
 	}

-	affected, err := object.AddUser(user)
+	affected, err := object.AddUser(user, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -132,7 +132,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	if form.Type == ResponseTypeLogin {
 		c.SetSessionUsername(userId)
 		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
-		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data3: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeCode {
 		clientId := c.Input().Get("clientId")
 		responseType := c.Input().Get("responseType")
@ -154,7 +154,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		}

 		resp = codeToResponse(code)
-		resp.Data2 = user.NeedUpdatePassword
+		resp.Data3 = user.NeedUpdatePassword
 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
 			c.SetSessionUsername(userId)
@ -168,7 +168,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			token, _ := object.GetTokenByUser(application, user, scope, nonce, c.Ctx.Request.Host)
 			resp = tokenToResponse(token)

-			resp.Data2 = user.NeedUpdatePassword
+			resp.Data3 = user.NeedUpdatePassword
 		}
 	} else if form.Type == ResponseTypeDevice {
 		authCache, ok := object.DeviceAuthMap.LoadAndDelete(form.UserCode)
@ -195,14 +195,14 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob

 		object.DeviceAuthMap.Store(authCacheCast.UserName, deviceAuthCacheDeviceCodeCast)

-		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data3: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeSaml { // saml flow
 		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
 			return
 		}
-		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]interface{}{"redirectUrl": redirectUrl, "method": method, "needUpdatePassword": user.NeedUpdatePassword}}
+		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]interface{}{"redirectUrl": redirectUrl, "method": method}, Data3: user.NeedUpdatePassword}

 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
@ -355,20 +355,27 @@ func isProxyProviderType(providerType string) bool {

 func checkMfaEnable(c *ApiController, user *object.User, organization *object.Organization, verificationType string) bool {
 	if object.IsNeedPromptMfa(organization, user) {
-		// The prompt page needs the user to be srigned in
+		// The prompt page needs the user to be signed in
 		c.SetSessionUsername(user.GetId())
 		c.ResponseOk(object.RequiredMfa)
 		return true
 	}

 	if user.IsMfaEnabled() {
+		currentTime := util.String2Time(util.GetCurrentTime())
+		mfaRememberDeadline := util.String2Time(user.MfaRememberDeadline)
+		if user.MfaRememberDeadline != "" && mfaRememberDeadline.After(currentTime) {
+			return false
+		}
 		c.setMfaUserSession(user.GetId())
 		mfaList := object.GetAllMfaProps(user, true)
 		mfaAllowList := []*object.MfaProps{}
+		mfaRememberInHours := organization.MfaRememberInHours
 		for _, prop := range mfaList {
 			if prop.MfaType == verificationType || !prop.Enabled {
 				continue
 			}
+			prop.MfaRememberInHours = mfaRememberInHours
 			mfaAllowList = append(mfaAllowList, prop)
 		}
 		if len(mfaAllowList) >= 1 {
@ -504,6 +511,8 @@ func (c *ApiController) Login() {
 					c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), authForm.CountryCode))
 					return
 				}
+			} else if verificationCodeType == object.VerifyTypeEmail {
+				checkDest = authForm.Username
 			}

 			// check result through Email or Phone
@ -553,8 +562,11 @@ func (c *ApiController) Login() {
 				c.ResponseError(c.T("auth:The login method: login with LDAP is not enabled for the application"))
 				return
 			}
+
+			clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+
 			var enableCaptcha bool
-			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); err != nil {
+			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username, clientIp); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if enableCaptcha {
@ -569,7 +581,7 @@ func (c *ApiController) Login() {
 				}

 				var isHuman bool
-				isHuman, err = captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, authForm.ClientSecret)
+				isHuman, err = captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, captchaProvider.ClientId, authForm.ClientSecret, captchaProvider.ClientId2)
 				if err != nil {
 					c.ResponseError(err.Error())
 					return
@ -867,7 +879,7 @@ func (c *ApiController) Login() {
 					}

 					var affected bool
-					affected, err = object.AddUser(user)
+					affected, err = object.AddUser(user, c.GetAcceptLanguage())
 					if err != nil {
 						c.ResponseError(err.Error())
 						return
@ -968,6 +980,28 @@ func (c *ApiController) Login() {
 			return
 		}

+		var application *object.Application
+		if authForm.ClientId == "" {
+			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
+		} else {
+			application, err = object.GetApplicationByClientId(authForm.ClientId)
+		}
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		if application == nil {
+			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
+			return
+		}
+
+		var organization *object.Organization
+		organization, err = object.GetOrganization(util.GetId("admin", application.Organization))
+		if err != nil {
+			c.ResponseError(c.T(err.Error()))
+		}
+
 		if authForm.Passcode != "" {
 			if authForm.MfaType == c.GetSession("verificationCodeType") {
 				c.ResponseError("Invalid multi-factor authentication type")
@ -994,6 +1028,17 @@ func (c *ApiController) Login() {
 				}
 			}

+			if authForm.EnableMfaRemember {
+				mfaRememberInSeconds := organization.MfaRememberInHours * 3600
+				currentTime := util.String2Time(util.GetCurrentTime())
+				duration := time.Duration(mfaRememberInSeconds) * time.Second
+				user.MfaRememberDeadline = util.Time2String(currentTime.Add(duration))
+				_, err = object.UpdateUser(user.GetId(), user, []string{"mfa_remember_deadline"}, user.IsAdmin)
+				if err != nil {
+					c.ResponseError(err.Error())
+					return
+				}
+			}
 			c.SetSession("verificationCodeType", "")
 		} else if authForm.RecoveryCode != "" {
 			err = object.MfaRecover(user, authForm.RecoveryCode)
@ -1006,22 +1051,6 @@ func (c *ApiController) Login() {
 			return
 		}

-		var application *object.Application
-		if authForm.ClientId == "" {
-			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-		} else {
-			application, err = object.GetApplicationByClientId(authForm.ClientId)
-		}
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-			return
-		}
-
 		resp = c.HandleLoggedIn(application, user, &authForm)
 		c.setMfaUserSession("")

@ -1220,27 +1249,26 @@ func (c *ApiController) GetQRCode() {
 func (c *ApiController) GetCaptchaStatus() {
 	organization := c.Input().Get("organization")
 	userId := c.Input().Get("userId")
-	user, err := object.GetUserByFields(organization, userId)
+	applicationName := c.Input().Get("application")
+
+	application, err := object.GetApplication(fmt.Sprintf("admin/%s", applicationName))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
+	if application == nil {
+		c.ResponseError("application not found")
+		return
+	}

-	captchaEnabled := false
-	if user != nil {
-		var failedSigninLimit int
-		failedSigninLimit, _, err = object.GetFailedSigninConfigByUser(user)
+	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	captchaEnabled, err := object.CheckToEnableCaptcha(application, organization, userId, clientIp)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-
-		if user.SigninWrongTimes >= failedSigninLimit {
-			captchaEnabled = true
-		}
-	}
-
 	c.ResponseOk(captchaEnabled)
+	return
 }

 // Callback
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@ -165,7 +165,7 @@ func (c *ApiController) GetPolicies() {
 			return
 		}
 		if adapter == nil {
-			c.ResponseError(fmt.Sprintf(c.T("the adapter: %s is not found"), adapterId))
+			c.ResponseError(fmt.Sprintf(c.T("enforcer:the adapter: %s is not found"), adapterId))
 			return
 		}

--- a/controllers/group_upload.go
+++ b/controllers/group_upload.go
@ -0,0 +1,56 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+func (c *ApiController) UploadGroups() {
+	userId := c.GetSessionUsername()
+	owner, user := util.GetOwnerAndNameFromId(userId)
+
+	file, header, err := c.Ctx.Request.FormFile("file")
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
+	path := util.GetUploadXlsxPath(fileId)
+	defer os.Remove(path)
+
+	err = saveFile(path, &file)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.UploadGroups(owner, path)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	if affected {
+		c.ResponseOk()
+	} else {
+		c.ResponseError(c.T("general:Failed to import groups"))
+	}
+}
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@ -58,6 +58,12 @@ func (c *ApiController) MfaSetupInitiate() {
 		return
 	}

+	organization, err := object.GetOrganizationByUser(user)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
 	mfaProps, err := MfaUtil.Initiate(user.GetId())
 	if err != nil {
 		c.ResponseError(err.Error())
@ -66,6 +72,7 @@ func (c *ApiController) MfaSetupInitiate() {

 	recoveryCode := uuid.NewString()
 	mfaProps.RecoveryCodes = []string{recoveryCode}
+	mfaProps.MfaRememberInHours = organization.MfaRememberInHours

 	resp := mfaProps
 	c.ResponseOk(resp)
--- a/controllers/organization.go
+++ b/controllers/organization.go
@ -98,6 +98,10 @@ func (c *ApiController) GetOrganization() {
 		return
 	}

+	if organization != nil && organization.MfaRememberInHours == 0 {
+		organization.MfaRememberInHours = 12
+	}
+
 	c.ResponseOk(organization)
 }

--- a/controllers/permission_upload.go
+++ b/controllers/permission_upload.go
@ -49,6 +49,6 @@ func (c *ApiController) UploadPermissions() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
+		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/controllers/product.go
+++ b/controllers/product.go
@ -182,7 +182,7 @@ func (c *ApiController) BuyProduct() {
 	paidUserName := c.Input().Get("userName")
 	owner, _ := util.GetOwnerAndNameFromId(id)
 	userId := util.GetId(owner, paidUserName)
-	if paidUserName != "" && !c.IsAdmin() {
+	if paidUserName != "" && paidUserName != c.GetSessionUsername() && !c.IsAdmin() {
 		c.ResponseError(c.T("general:Only admin user can specify user"))
 		return
 	}
--- a/controllers/role_upload.go
+++ b/controllers/role_upload.go
@ -49,6 +49,6 @@ func (c *ApiController) UploadRoles() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
+		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/controllers/service.go
+++ b/controllers/service.go
@ -140,6 +140,9 @@ func (c *ApiController) SendEmail() {
 	}
 	content = strings.Replace(content, "%{user.friendlyName}", userString, 1)

+	matchContent := object.ResetLinkReg.Find([]byte(content))
+	content = strings.Replace(content, string(matchContent), "", -1)
+
 	for _, receiver := range emailForm.Receivers {
 		err = object.SendEmail(provider, emailForm.Title, content, receiver, emailForm.Sender)
 		if err != nil {
--- a/controllers/token.go
+++ b/controllers/token.go
@ -16,6 +16,7 @@ package controllers

 import (
 	"encoding/json"
+	"fmt"
 	"time"

 	"github.com/beego/beego/utils/pagination"
@ -460,7 +461,18 @@ func (c *ApiController) IntrospectToken() {
 	}

 	if token != nil {
+		application, err = object.GetApplication(fmt.Sprintf("%s/%s", token.Owner, token.Application))
+		if err != nil {
+			c.ResponseTokenError(err.Error())
+			return
+		}
+		if application == nil {
+			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), token.Application))
+			return
+		}
+
 		introspectionResponse.TokenType = token.TokenType
+		introspectionResponse.ClientId = application.ClientId
 	}

 	c.Data["json"] = introspectionResponse
--- a/controllers/user.go
+++ b/controllers/user.go
@ -197,8 +197,8 @@ func (c *ApiController) GetUser() {
 		return
 	}

-	if user != nil {
 	var organization *object.Organization
+	if user != nil {
 		organization, err = object.GetOrganizationByUser(user)
 		if err != nil {
 			c.ResponseError(err.Error())
@ -237,6 +237,14 @@ func (c *ApiController) GetUser() {
 		return
 	}

+	if organization != nil && user != nil {
+		user, err = object.GetFilteredUser(user, c.IsAdmin(), c.IsAdminOrSelf(user), organization.AccountItems)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	}
+
 	c.ResponseOk(user)
 }

@ -282,13 +290,6 @@ func (c *ApiController) UpdateUser() {
 		return
 	}

-	if c.Input().Get("allowEmpty") == "" {
-		if user.DisplayName == "" {
-			c.ResponseError(c.T("user:Display name cannot be empty"))
-			return
-		}
-	}
-
 	if user.MfaEmailEnabled && user.Email == "" {
 		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
 		return
@ -310,7 +311,8 @@ func (c *ApiController) UpdateUser() {
 	}

 	isAdmin := c.IsAdmin()
-	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, c.GetAcceptLanguage()); !pass {
+	allowDisplayNameEmpty := c.Input().Get("allowEmpty") != ""
+	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, allowDisplayNameEmpty, c.GetAcceptLanguage()); !pass {
 		c.ResponseError(err)
 		return
 	}
@ -365,7 +367,7 @@ func (c *ApiController) AddUser() {
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
+	c.Data["json"] = wrapActionResponse(object.AddUser(&user, c.GetAcceptLanguage()))
 	c.ServeJSON()
 }

@ -545,7 +547,7 @@ func (c *ApiController) SetPassword() {
 		return
 	}
 	if organization == nil {
-		c.ResponseError(fmt.Sprintf(c.T("the organization: %s is not found"), targetUser.Owner))
+		c.ResponseError(fmt.Sprintf(c.T("auth:the organization: %s is not found"), targetUser.Owner))
 		return
 	}

@ -572,7 +574,7 @@ func (c *ApiController) SetPassword() {
 	targetUser.LastChangePasswordTime = util.GetCurrentTime()

 	if user.Ldap == "" {
-		_, err = object.UpdateUser(userId, targetUser, []string{"password", "need_update_password", "password_type", "last_change_password_time"}, false)
+		_, err = object.UpdateUser(userId, targetUser, []string{"password", "password_salt", "need_update_password", "password_type", "last_change_password_time"}, false)
 	} else {
 		if isAdmin {
 			err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage())
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@ -67,6 +67,6 @@ func (c *ApiController) UploadUsers() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
+		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -160,7 +160,7 @@ func (c *ApiController) SendVerificationCode() {
 			if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
 				c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
 				return
-			} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret); err != nil {
+			} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, provider.ClientId, vform.ClientSecret, provider.ClientId2); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if !isHuman {
@ -258,7 +258,7 @@ func (c *ApiController) SendVerificationCode() {
 			return
 		}

-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest)
+		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest, vform.Method, c.Ctx.Request.Host, application.Name)
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
@ -349,7 +349,7 @@ func (c *ApiController) VerifyCaptcha() {
 		return
 	}

-	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret)
+	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, captchaProvider.ClientId, vform.ClientSecret, captchaProvider.ClientId2)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@ -23,7 +23,7 @@ func NewArgon2idCredManager() *Argon2idCredManager {
 	return cm
 }

-func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
 	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
 	if err != nil {
 		return ""
@ -31,7 +31,7 @@ func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt strin
 	return hash
 }

-func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
 	return match
 }
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@ -9,7 +9,7 @@ func NewBcryptCredManager() *BcryptCredManager {
 	return cm
 }

-func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return ""
@ -17,7 +17,7 @@ func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string,
 	return string(bytes)
 }

-func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
 	return err == nil
 }
--- a/cred/manager.go
+++ b/cred/manager.go
@ -15,8 +15,8 @@
 package cred

 type CredManager interface {
-	GetHashedPassword(password string, userSalt string, organizationSalt string) string
-	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
+	GetHashedPassword(password string, salt string) string
+	IsPasswordCorrect(password string, passwordHash string, salt string) bool
 }

 func GetCredManager(passwordType string) CredManager {
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@ -37,14 +37,10 @@ func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
 	return cm
 }

-func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getMd5HexDigest(password)
-	if userSalt != "" {
-		res = getMd5HexDigest(res + userSalt)
-	}
-	return res
+func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
+	return getMd5HexDigest(getMd5HexDigest(password) + salt)
 }

-func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@ -28,13 +28,13 @@ func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
 	return cm
 }

-func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
 	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
-	decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
+	decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
 	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
 	return base64.StdEncoding.EncodeToString(res)
 }

-func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/pbkdf2_django.go
+++ b/cred/pbkdf2_django.go
@ -32,12 +32,8 @@ func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
 	return cm
 }

-func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
 	iterations := 260000
-	salt := userSalt
-	if salt == "" {
-		salt = organizationSalt
-	}

 	saltBytes := []byte(salt)
 	passwordBytes := []byte(password)
@ -46,7 +42,7 @@ func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt st
 	return "pbkdf2_sha256$" + strconv.Itoa(iterations) + "$" + salt + "$" + hashBase64
 }

-func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool {
+func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, _salt string) bool {
 	parts := strings.Split(passwordHash, "$")
 	if len(parts) != 4 {
 		return false
--- a/cred/plain.go
+++ b/cred/plain.go
@ -21,10 +21,10 @@ func NewPlainCredManager() *PlainCredManager {
 	return cm
 }

-func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
 	return password
 }

-func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	return hashedPwd == plainPwd
 }
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@ -37,14 +37,10 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
 	return cm
 }

-func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getSha256HexDigest(password)
-	if organizationSalt != "" {
-		res = getSha256HexDigest(res + organizationSalt)
-	}
-	return res
+func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
+	return getSha256HexDigest(getSha256HexDigest(password) + salt)
 }

-func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@ -23,12 +23,12 @@ func TestGetSaltedPassword(t *testing.T) {
 	password := "123456"
 	salt := "123"
 	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
+	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
 }

 func TestGetPassword(t *testing.T) {
 	password := "123456"
 	cm := NewSha256SaltCredManager()
 	// https://passwordsgenerator.net/sha256-hash-generator/
-	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
+	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
 }
--- a/cred/sha512-salt.go
+++ b/cred/sha512-salt.go
@ -37,14 +37,10 @@ func NewSha512SaltCredManager() *Sha512SaltCredManager {
 	return cm
 }

-func (cm *Sha512SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getSha512HexDigest(password)
-	if organizationSalt != "" {
-		res = getSha512HexDigest(res + organizationSalt)
-	}
-	return res
+func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
+	return getSha512HexDigest(getSha512HexDigest(password) + salt)
 }

-func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/form/auth.go
+++ b/form/auth.go
@ -64,6 +64,7 @@ type AuthForm struct {
 	MfaType           string `json:"mfaType"`
 	Passcode          string `json:"passcode"`
 	RecoveryCode      string `json:"recoveryCode"`
+	EnableMfaRemember bool   `json:"enableMfaRemember"`

 	Plan    string `json:"plan"`
 	Pricing string `json:"pricing"`
--- a/go.mod
+++ b/go.mod
@ -7,10 +7,11 @@ require (
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
 	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4
 	github.com/alibabacloud-go/facebody-20191230/v5 v5.1.2
+	github.com/alibabacloud-go/openapi-util v0.1.0
 	github.com/alibabacloud-go/tea v1.3.2
 	github.com/alibabacloud-go/tea-utils/v2 v2.0.7
 	github.com/aws/aws-sdk-go v1.45.5
-	github.com/beego/beego v1.12.14
+	github.com/beego/beego v1.12.12
 	github.com/beevik/etree v1.1.0
 	github.com/casbin/casbin/v2 v2.77.2
 	github.com/casdoor/go-sms-sender v0.25.0
@ -90,7 +91,6 @@ require (
 	github.com/alibabacloud-go/darabonba-number v1.0.4 // indirect
 	github.com/alibabacloud-go/debug v1.0.1 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
-	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
 	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
 	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
 	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
--- a/go.sum
+++ b/go.sum
@ -201,8 +201,8 @@ github.com/baidubce/bce-sdk-go v0.9.156 h1:f++WfptxGmSp5acsjl4kUxHpWDDccoFqkIrQK
 github.com/baidubce/bce-sdk-go v0.9.156/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA=
 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
-github.com/beego/beego v1.12.14 h1:j+3z3d9NfLRcvjqM7l8LFUbwwDOv5NgOuQxImZKyZg0=
-github.com/beego/beego v1.12.14/go.mod h1:QURFL1HldOcCZAxnc1cZ7wrplsYR5dKPHFjmk6WkLAs=
+github.com/beego/beego v1.12.12 h1:ARY1sNVSS23N0mEQIhSqRDTyyDlx95JY0V3GogBbZbQ=
+github.com/beego/beego v1.12.12/go.mod h1:QURFL1HldOcCZAxnc1cZ7wrplsYR5dKPHFjmk6WkLAs=
 github.com/beego/goyaml2 v0.0.0-20130207012346-5545475820dd/go.mod h1:1b+Y/CofkYwXMUU0OhQqGvsY2Bvgr4j6jfT699wyZKQ=
 github.com/beego/x2j v0.0.0-20131220205130-a0352aadc542/go.mod h1:kSeGC/p1AbBiEp5kat81+DSQrZenVBZXklMLaELspWU=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
--- a/i18n/generate.go
+++ b/i18n/generate.go
@ -84,6 +84,10 @@ func getAllFilePathsInFolder(folder string, fileSuffix string) []string {
 				return err
 			}

+			if strings.HasSuffix(path, "node_modules") {
+				return filepath.SkipDir
+			}
+
 			if !strings.HasSuffix(info.Name(), fileSuffix) {
 				return nil
 			}
--- a/i18n/locales/ar/data.json
+++ b/i18n/locales/ar/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/cs/data.json
+++ b/i18n/locales/cs/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Metoda výzvy by měla být S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Nepodařilo se vytvořit uživatele, informace o uživateli jsou neplatné: %s",
    "Failed to login in: %s": "Nepodařilo se přihlásit: %s",
    "Invalid token": "Neplatný token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "Metoda přihlášení: přihlášení pomocí obličeje není pro aplikaci povolena",
    "The login method: login with password is not enabled for the application": "Metoda přihlášení: přihlášení pomocí hesla není pro aplikaci povolena",
    "The organization: %s does not exist": "Organizace: %s neexistuje",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Poskytovatel: %s není pro aplikaci povolen",
    "Unauthorized operation": "Neoprávněná operace",
    "Unknown authentication type (not password or provider), form = %s": "Neznámý typ autentizace (není heslo nebo poskytovatel), formulář = %s",
    "User's tag: %s is not listed in the application's tags": "Štítek uživatele: %s není uveden v štítcích aplikace",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Placený uživatel %s nemá aktivní nebo čekající předplatné a aplikace: %s nemá výchozí ceny"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Placený uživatel %s nemá aktivní nebo čekající předplatné a aplikace: %s nemá výchozí ceny",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Služba %s a %s se neshodují"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Příslušnost nemůže být prázdná",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Výchozí kód neodpovídá pravidlům pro shodu kódů",
    "DisplayName cannot be blank": "Zobrazované jméno nemůže být prázdné",
    "DisplayName is not valid real name": "Zobrazované jméno není platné skutečné jméno",
@ -41,6 +49,7 @@
    "Empty username.": "Prázdné uživatelské jméno.",
    "Face data does not exist, cannot log in": "Data obličeje neexistují, nelze se přihlásit",
    "Face data mismatch": "Neshoda dat obličeje",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Křestní jméno nemůže být prázdné",
    "Invitation code cannot be blank": "Pozvánkový kód nemůže být prázdný",
    "Invitation code exhausted": "Pozvánkový kód vyčerpán",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "Příjmení nemůže být prázdné",
    "Multiple accounts with same uid, please check your ldap server": "Více účtů se stejným uid, prosím zkontrolujte svůj ldap server",
    "Organization does not exist": "Organizace neexistuje",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Telefon již existuje",
    "Phone cannot be empty": "Telefon nemůže být prázdný",
    "Phone number is invalid": "Telefonní číslo je neplatné",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Uživatelské jméno nemůže začínat číslicí",
    "Username is too long (maximum is 255 characters).": "Uživatelské jméno je příliš dlouhé (maximálně 255 znaků).",
    "Username must have at least 2 characters": "Uživatelské jméno musí mít alespoň 2 znaky",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali jste špatné heslo nebo kód příliš mnohokrát, prosím počkejte %d minut a zkuste to znovu",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Vaše oblast neumožňuje registraci pomocí telefonu",
    "password or code is incorrect": "heslo nebo kód je nesprávné",
    "password or code is incorrect, you have %d remaining chances": "heslo nebo kód je nesprávné, máte %d zbývajících pokusů",
    "unsupported password type: %s": "nepodporovaný typ hesla: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Nepodařilo se importovat uživatele",
    "Missing parameter": "Chybějící parametr",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Prosím, přihlaste se nejprve",
    "The organization: %s should have one application at least": "Organizace: %s by měla mít alespoň jednu aplikaci",
    "The user: %s doesn't exist": "Uživatel: %s neexistuje",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "nepodporuje captchaProvider: ",
    "this operation is not allowed in demo mode": "tato operace není povolena v demo režimu",
    "this operation requires administrator to perform": "tato operace vyžaduje administrátora"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Pouze administrátor může upravit %s.",
    "The %s is immutable.": "%s je neměnný.",
-    "Unknown modify rule %s.": "Neznámé pravidlo úpravy %s."
+    "Unknown modify rule %s.": "Neznámé pravidlo úpravy %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "Oprávnění: \\\"%s\\\" neexistuje"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "objectKey: %s není povolen",
    "The provider type: %s is not supported": "typ poskytovatele: %s není podporován"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s není v této aplikaci podporován",
    "Invalid application or wrong clientSecret": "Neplatná aplikace nebo špatný clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Zobrazované jméno nemůže být prázdné",
-    "New password cannot contain blank space.": "Nové heslo nemůže obsahovat prázdné místo."
-  },
-  "user_upload": {
-    "Failed to import users": "Nepodařilo se importovat uživatele"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Nové heslo nemůže obsahovat prázdné místo.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "Pro userId: %s nebyla nalezena žádná aplikace",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Neplatný poskytovatel captcha.",
    "Phone number is invalid in your region %s": "Telefonní číslo je ve vaší oblasti %s neplatné",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "Ověřovací kód ještě nebyl odeslán!",
-    "The verification code has not been sent yet, or has already been used!": "Ověřovací kód ještě nebyl odeslán, nebo již byl použit!",
    "Turing test failed.": "Turingův test selhal.",
    "Unable to get the email modify rule.": "Nelze získat pravidlo pro úpravu emailu.",
    "Unable to get the phone modify rule.": "Nelze získat pravidlo pro úpravu telefonu.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "uživatel neexistuje, prosím nejprve se zaregistrujte"
  },
  "webauthn": {
-    "Found no credentials for this user": "Nebyly nalezeny žádné přihlašovací údaje pro tohoto uživatele",
    "Please call WebAuthnSigninBegin first": "Prosím, nejprve zavolejte WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Die Challenge-Methode sollte S256 sein",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Es konnte kein Benutzer erstellt werden, da die Benutzerinformationen ungültig sind: %s",
    "Failed to login in: %s": "Konnte nicht anmelden: %s",
    "Invalid token": "Ungültiges Token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "Die Anmeldeart \"Anmeldung mit Passwort\" ist für die Anwendung nicht aktiviert",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Der Anbieter: %s ist nicht für die Anwendung aktiviert",
    "Unauthorized operation": "Nicht autorisierte Operation",
    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s und %s stimmen nicht überein"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Zugehörigkeit darf nicht leer sein",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "Anzeigename kann nicht leer sein",
    "DisplayName is not valid real name": "DisplayName ist kein gültiger Vorname",
@ -41,6 +49,7 @@
    "Empty username.": "Leerer Benutzername.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Vorname darf nicht leer sein",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "Nachname darf nicht leer sein",
    "Multiple accounts with same uid, please check your ldap server": "Mehrere Konten mit derselben uid, bitte überprüfen Sie Ihren LDAP-Server",
    "Organization does not exist": "Organisation existiert nicht",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Telefon existiert bereits",
    "Phone cannot be empty": "Das Telefon darf nicht leer sein",
    "Phone number is invalid": "Die Telefonnummer ist ungültig",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Benutzername darf nicht mit einer Ziffer beginnen",
    "Username is too long (maximum is 255 characters).": "Benutzername ist zu lang (das Maximum beträgt 255 Zeichen).",
    "Username must have at least 2 characters": "Benutzername muss mindestens 2 Zeichen lang sein",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Sie haben zu oft das falsche Passwort oder den falschen Code eingegeben. Bitte warten Sie %d Minuten und versuchen Sie es erneut",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Ihre Region ist nicht berechtigt, sich telefonisch anzumelden",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Das Passwort oder der Code ist falsch. Du hast noch %d Versuche übrig",
    "unsupported password type: %s": "Nicht unterstützter Passworttyp: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Fehler beim Importieren von Benutzern",
    "Missing parameter": "Fehlender Parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Bitte zuerst einloggen",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "Der Benutzer %s existiert nicht",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Nur der Administrator kann das %s ändern.",
    "The %s is immutable.": "Das %s ist unveränderlich.",
-    "Unknown modify rule %s.": "Unbekannte Änderungsregel %s."
+    "Unknown modify rule %s.": "Unbekannte Änderungsregel %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "Der Objektschlüssel %s ist nicht erlaubt",
    "The provider type: %s is not supported": "Der Anbieter-Typ %s wird nicht unterstützt"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s wird von dieser Anwendung nicht unterstützt",
    "Invalid application or wrong clientSecret": "Ungültige Anwendung oder falsches clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Anzeigename darf nicht leer sein",
-    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten."
-  },
-  "user_upload": {
-    "Failed to import users": "Fehler beim Importieren von Benutzern"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "Es wurde keine Anwendung für die Benutzer-ID gefunden: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Ungültiger Captcha-Anbieter.",
    "Phone number is invalid in your region %s": "Die Telefonnummer ist in Ihrer Region %s ungültig",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing-Test fehlgeschlagen.",
    "Unable to get the email modify rule.": "Nicht in der Lage, die E-Mail-Änderungsregel zu erhalten.",
    "Unable to get the phone modify rule.": "Nicht in der Lage, die Telefon-Änderungsregel zu erhalten.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "Der Benutzer existiert nicht, bitte zuerst anmelden"
  },
  "webauthn": {
-    "Found no credentials for this user": "Es wurden keine Anmeldeinformationen für diesen Benutzer gefunden",
    "Please call WebAuthnSigninBegin first": "Bitte rufen Sie zuerst WebAuthnSigninBegin auf"
  }
 }
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "El método de desafío debe ser S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "No se pudo crear el usuario, la información del usuario es inválida: %s",
    "Failed to login in: %s": "No se ha podido iniciar sesión en: %s",
    "Invalid token": "Token inválido",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "El método de inicio de sesión: inicio de sesión con contraseña no está habilitado para la aplicación",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "El proveedor: %s no está habilitado para la aplicación",
    "Unauthorized operation": "Operación no autorizada",
    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Los servicios %s y %s no coinciden"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Afiliación no puede estar en blanco",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "El nombre de visualización no puede estar en blanco",
    "DisplayName is not valid real name": "El nombre de pantalla no es un nombre real válido",
@ -41,6 +49,7 @@
    "Empty username.": "Nombre de usuario vacío.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "El nombre no puede estar en blanco",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "El apellido no puede estar en blanco",
    "Multiple accounts with same uid, please check your ldap server": "Cuentas múltiples con el mismo uid, por favor revise su servidor ldap",
    "Organization does not exist": "La organización no existe",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "El teléfono ya existe",
    "Phone cannot be empty": "Teléfono no puede estar vacío",
    "Phone number is invalid": "El número de teléfono no es válido",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "El nombre de usuario no puede empezar con un dígito",
    "Username is too long (maximum is 255 characters).": "El nombre de usuario es demasiado largo (el máximo es de 255 caracteres).",
    "Username must have at least 2 characters": "Nombre de usuario debe tener al menos 2 caracteres",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Has ingresado la contraseña o código incorrecto demasiadas veces, por favor espera %d minutos e intenta de nuevo",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Tu región no está permitida para registrarse por teléfono",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Contraseña o código incorrecto, tienes %d intentos restantes",
    "unsupported password type: %s": "Tipo de contraseña no compatible: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Error al importar usuarios",
    "Missing parameter": "Parámetro faltante",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Por favor, inicia sesión primero",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "El usuario: %s no existe",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "No apoyo a captchaProvider",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Solo el administrador puede modificar los %s.",
    "The %s is immutable.": "El %s es inmutable.",
-    "Unknown modify rule %s.": "Regla de modificación desconocida %s."
+    "Unknown modify rule %s.": "Regla de modificación desconocida %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "El objectKey: %s no está permitido",
    "The provider type: %s is not supported": "El tipo de proveedor: %s no es compatible"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "El tipo de subvención: %s no es compatible con esta aplicación",
    "Invalid application or wrong clientSecret": "Solicitud inválida o clientSecret incorrecto",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "El nombre de pantalla no puede estar vacío",
-    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco."
-  },
-  "user_upload": {
-    "Failed to import users": "Error al importar usuarios"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No se encuentra ninguna aplicación para el Id de usuario: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Proveedor de captcha no válido.",
    "Phone number is invalid in your region %s": "El número de teléfono es inválido en tu región %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "El test de Turing falló.",
    "Unable to get the email modify rule.": "No se puede obtener la regla de modificación de correo electrónico.",
    "Unable to get the phone modify rule.": "No se pudo obtener la regla de modificación del teléfono.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "El usuario no existe, por favor regístrese primero"
  },
  "webauthn": {
-    "Found no credentials for this user": "No se encontraron credenciales para este usuario",
    "Please call WebAuthnSigninBegin first": "Por favor, llama primero a WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/fa/data.json
+++ b/i18n/locales/fa/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "روش چالش باید S256 باشد",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "عدم موفقیت در ایجاد کاربر، اطلاعات کاربر نامعتبر است: %s",
    "Failed to login in: %s": "عدم موفقیت در ورود: %s",
    "Invalid token": "توکن نامعتبر",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "روش ورود: ورود با چهره برای برنامه فعال نیست",
    "The login method: login with password is not enabled for the application": "روش ورود: ورود با رمز عبور برای برنامه فعال نیست",
    "The organization: %s does not exist": "سازمان: %s وجود ندارد",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "ارائه‌دهنده: %s برای برنامه فعال نیست",
    "Unauthorized operation": "عملیات غیرمجاز",
    "Unknown authentication type (not password or provider), form = %s": "نوع احراز هویت ناشناخته (نه رمز عبور و نه ارائه‌دهنده)، فرم = %s",
    "User's tag: %s is not listed in the application's tags": "برچسب کاربر: %s در برچسب‌های برنامه فهرست نشده است",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "کاربر پرداختی %s اشتراک فعال یا در انتظار ندارد و برنامه: %s قیمت‌گذاری پیش‌فرض ندارد"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "کاربر پرداختی %s اشتراک فعال یا در انتظار ندارد و برنامه: %s قیمت‌گذاری پیش‌فرض ندارد",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "سرویس %s و %s مطابقت ندارند"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "وابستگی نمی‌تواند خالی باشد",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "کد پیش‌فرض با قوانین تطبیق کد مطابقت ندارد",
    "DisplayName cannot be blank": "نام نمایشی نمی‌تواند خالی باشد",
    "DisplayName is not valid real name": "نام نمایشی یک نام واقعی معتبر نیست",
@ -41,6 +49,7 @@
    "Empty username.": "نام کاربری خالی است.",
    "Face data does not exist, cannot log in": "داده‌های چهره وجود ندارد، نمی‌توان وارد شد",
    "Face data mismatch": "عدم تطابق داده‌های چهره",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "نام نمی‌تواند خالی باشد",
    "Invitation code cannot be blank": "کد دعوت نمی‌تواند خالی باشد",
    "Invitation code exhausted": "کد دعوت استفاده شده است",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "نام خانوادگی نمی‌تواند خالی باشد",
    "Multiple accounts with same uid, please check your ldap server": "چندین حساب با uid یکسان، لطفاً سرور LDAP خود را بررسی کنید",
    "Organization does not exist": "سازمان وجود ندارد",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "تلفن قبلاً وجود دارد",
    "Phone cannot be empty": "تلفن نمی‌تواند خالی باشد",
    "Phone number is invalid": "شماره تلفن نامعتبر است",
@ -61,25 +71,35 @@
    "The user is forbidden to sign in, please contact the administrator": "ورود کاربر ممنوع است، لطفاً با مدیر تماس بگیرید",
    "The user: %s doesn't exist in LDAP server": "کاربر: %s در سرور LDAP وجود ندارد",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "نام کاربری فقط می‌تواند حاوی کاراکترهای الفبایی عددی، زیرخط یا خط تیره باشد، نمی‌تواند خط تیره یا زیرخط متوالی داشته باشد، و نمی‌تواند با خط تیره یا زیرخط شروع یا پایان یابد.",
-    "The value \"%s\" for account field \"%s\" doesn't match the account item regex": "مقدار \"%s\" برای فیلد حساب \"%s\" با عبارت منظم مورد حساب مطابقت ندارد",
-    "The value \"%s\" for signup field \"%s\" doesn't match the signup item regex of the application \"%s\"": "مقدار \"%s\" برای فیلد ثبت‌نام \"%s\" با عبارت منظم مورد ثبت‌نام برنامه \"%s\" مطابقت ندارد",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
    "Username already exists": "نام کاربری قبلاً وجود دارد",
    "Username cannot be an email address": "نام کاربری نمی‌تواند یک آدرس ایمیل باشد",
    "Username cannot contain white spaces": "نام کاربری نمی‌تواند حاوی فاصله باشد",
    "Username cannot start with a digit": "نام کاربری نمی‌تواند با یک رقم شروع شود",
    "Username is too long (maximum is 255 characters).": "نام کاربری بیش از حد طولانی است (حداکثر ۳۹ کاراکتر).",
    "Username must have at least 2 characters": "نام کاربری باید حداقل ۲ کاراکتر داشته باشد",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "شما رمز عبور یا کد اشتباه را بیش از حد وارد کرده‌اید، لطفاً %d دقیقه صبر کنید و دوباره تلاش کنید",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "منطقه شما اجازه ثبت‌نام با تلفن را ندارد",
    "password or code is incorrect": "رمز عبور یا کد نادرست است",
    "password or code is incorrect, you have %d remaining chances": "رمز عبور یا کد نادرست است، شما %d فرصت باقی‌مانده دارید",
    "unsupported password type: %s": "نوع رمز عبور پشتیبانی نشده: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "عدم موفقیت در وارد کردن کاربران",
    "Missing parameter": "پارامتر گمشده",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "لطفاً ابتدا وارد شوید",
    "The organization: %s should have one application at least": "سازمان: %s باید حداقل یک برنامه داشته باشد",
    "The user: %s doesn't exist": "کاربر: %s وجود ندارد",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "از captchaProvider پشتیبانی نمی‌شود: ",
    "this operation is not allowed in demo mode": "این عملیات در حالت دمو مجاز نیست",
    "this operation requires administrator to perform": "این عملیات نیاز به مدیر برای انجام دارد"
@ -98,10 +118,11 @@
  "organization": {
    "Only admin can modify the %s.": "فقط مدیر می‌تواند %s را تغییر دهد.",
    "The %s is immutable.": "%s غیرقابل تغییر است.",
-    "Unknown modify rule %s.": "قانون تغییر ناشناخته %s."
+    "Unknown modify rule %s.": "قانون تغییر ناشناخته %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
-    "The permission: \"%s\" doesn't exist": "مجوز: \"%s\" وجود ندارد"
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
  },
  "provider": {
    "Invalid application id": "شناسه برنامه نامعتبر",
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "objectKey: %s مجاز نیست",
    "The provider type: %s is not supported": "نوع ارائه‌دهنده: %s پشتیبانی نمی‌شود"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "grant_type: %s در این برنامه پشتیبانی نمی‌شود",
    "Invalid application or wrong clientSecret": "برنامه نامعتبر یا clientSecret نادرست",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "نام نمایشی نمی‌تواند خالی باشد",
-    "New password cannot contain blank space.": "رمز عبور جدید نمی‌تواند حاوی فاصله خالی باشد."
-  },
-  "user_upload": {
-    "Failed to import users": "عدم موفقیت در وارد کردن کاربران"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "رمز عبور جدید نمی‌تواند حاوی فاصله خالی باشد.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "هیچ برنامه‌ای برای userId: %s یافت نشد",
@ -148,20 +172,19 @@
  "verification": {
    "Invalid captcha provider.": "ارائه‌دهنده کپچا نامعتبر.",
    "Phone number is invalid in your region %s": "شماره تلفن در منطقه شما نامعتبر است %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "کد تأیید هنوز ارسال نشده است!",
-    "The verification code has not been sent yet, or has already been used!": "کد تأیید هنوز ارسال نشده است، یا قبلاً استفاده شده است!",
    "Turing test failed.": "تست تورینگ ناموفق بود.",
    "Unable to get the email modify rule.": "عدم توانایی در دریافت قانون تغییر ایمیل.",
    "Unable to get the phone modify rule.": "عدم توانایی در دریافت قانون تغییر تلفن.",
    "Unknown type": "نوع ناشناخته",
    "Wrong verification code!": "کد تأیید اشتباه!",
    "You should verify your code in %d min!": "شما باید کد خود را در %d دقیقه تأیید کنید!",
-    "please add a SMS provider to the \"Providers\" list for the application: %s": "لطفاً یک ارائه‌دهنده پیامک به لیست \"ارائه‌دهندگان\" برای برنامه: %s اضافه کنید",
-    "please add an Email provider to the \"Providers\" list for the application: %s": "لطفاً یک ارائه‌دهنده ایمیل به لیست \"ارائه‌دهندگان\" برای برنامه: %s اضافه کنید",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
    "the user does not exist, please sign up first": "کاربر وجود ندارد، لطفاً ابتدا ثبت‌نام کنید"
  },
  "webauthn": {
-    "Found no credentials for this user": "هیچ اعتباری برای این کاربر یافت نشد",
    "Please call WebAuthnSigninBegin first": "لطفاً ابتدا WebAuthnSigninBegin را فراخوانی کنید"
  }
 }
--- a/i18n/locales/fi/data.json
+++ b/i18n/locales/fi/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "La méthode de défi doit être S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Échec de la création de l'utilisateur, les informations utilisateur sont invalides : %s",
    "Failed to login in: %s": "Échec de la connexion : %s",
    "Invalid token": "Jeton invalide",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "La méthode de connexion : connexion avec mot de passe n'est pas activée pour l'application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Le fournisseur :%s n'est pas activé pour l'application",
    "Unauthorized operation": "Opération non autorisée",
    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s",
    "User's tag: %s is not listed in the application's tags": "Le tag de l’utilisateur %s n’est pas répertorié dans les tags de l’application",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Les services %s et %s ne correspondent pas"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation ne peut pas être vide",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "Le nom d'affichage ne peut pas être vide",
    "DisplayName is not valid real name": "DisplayName n'est pas un nom réel valide",
@ -41,6 +49,7 @@
    "Empty username.": "Nom d'utilisateur vide.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Le prénom ne peut pas être laissé vide",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "Le nom de famille ne peut pas être vide",
    "Multiple accounts with same uid, please check your ldap server": "Plusieurs comptes avec le même identifiant d'utilisateur, veuillez vérifier votre serveur LDAP",
    "Organization does not exist": "L'organisation n'existe pas",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Le téléphone existe déjà",
    "Phone cannot be empty": "Le téléphone ne peut pas être vide",
    "Phone number is invalid": "Le numéro de téléphone est invalide",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Nom d'utilisateur ne peut pas commencer par un chiffre",
    "Username is too long (maximum is 255 characters).": "Nom d'utilisateur est trop long (maximum de 255 caractères).",
    "Username must have at least 2 characters": "Le nom d'utilisateur doit comporter au moins 2 caractères",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Vous avez entré le mauvais mot de passe ou code plusieurs fois, veuillez attendre %d minutes et réessayer",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Votre région n'est pas autorisée à s'inscrire par téléphone",
    "password or code is incorrect": "mot de passe ou code invalide",
    "password or code is incorrect, you have %d remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %d chances",
    "unsupported password type: %s": "Type de mot de passe non pris en charge : %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Échec de l'importation des utilisateurs",
    "Missing parameter": "Paramètre manquant",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Veuillez d'abord vous connecter",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "L'utilisateur : %s n'existe pas",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "ne prend pas en charge captchaProvider: ",
    "this operation is not allowed in demo mode": "cette opération n’est pas autorisée en mode démo",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Seul l'administrateur peut modifier le %s.",
    "The %s is immutable.": "Le %s est immuable.",
-    "Unknown modify rule %s.": "Règle de modification inconnue %s."
+    "Unknown modify rule %s.": "Règle de modification inconnue %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "La clé d'objet : %s n'est pas autorisée",
    "The provider type: %s is not supported": "Le type de fournisseur : %s n'est pas pris en charge"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Type_de_subvention : %s n'est pas pris en charge dans cette application",
    "Invalid application or wrong clientSecret": "Application invalide ou clientSecret incorrect",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Le nom d'affichage ne peut pas être vide",
-    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace."
-  },
-  "user_upload": {
-    "Failed to import users": "Échec de l'importation des utilisateurs"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "Aucune application n'a été trouvée pour l'identifiant d'utilisateur : %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Fournisseur de captcha invalide.",
    "Phone number is invalid in your region %s": "Le numéro de téléphone n'est pas valide dans votre région %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Le test de Turing a échoué.",
    "Unable to get the email modify rule.": "Incapable d'obtenir la règle de modification de courriel.",
    "Unable to get the phone modify rule.": "Impossible d'obtenir la règle de modification de téléphone.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "L'utilisateur n'existe pas, veuillez vous inscrire d'abord"
  },
  "webauthn": {
-    "Found no credentials for this user": "Aucune référence trouvée pour cet utilisateur",
    "Please call WebAuthnSigninBegin first": "Veuillez d'abord appeler WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/he/data.json
+++ b/i18n/locales/he/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Metode tantangan harus S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Gagal membuat pengguna, informasi pengguna tidak valid: %s",
    "Failed to login in: %s": "Gagal masuk: %s",
    "Invalid token": "Token tidak valid",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "Metode login: login dengan sandi tidak diaktifkan untuk aplikasi tersebut",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
    "Unauthorized operation": "Operasi tidak sah",
    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan sandi atau penyedia), formulir = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Layanan %s dan %s tidak cocok"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Keterkaitan tidak boleh kosong",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "Nama Pengguna tidak boleh kosong",
    "DisplayName is not valid real name": "DisplayName bukanlah nama asli yang valid",
@ -41,6 +49,7 @@
    "Empty username.": "Nama pengguna kosong.",
    "Face data does not exist, cannot log in": "Data wajah tidak ada, tidak bisa login",
    "Face data mismatch": "Ketidakcocokan data wajah",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Nama depan tidak boleh kosong",
    "Invitation code cannot be blank": "Kode undangan tidak boleh kosong",
    "Invitation code exhausted": "Kode undangan habis",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "Nama belakang tidak boleh kosong",
    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server LDAP Anda",
    "Organization does not exist": "Organisasi tidak ada",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Telepon sudah ada",
    "Phone cannot be empty": "Telepon tidak boleh kosong",
    "Phone number is invalid": "Nomor telepon tidak valid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username tidak dapat dimulai dengan angka",
    "Username is too long (maximum is 255 characters).": "Nama pengguna terlalu panjang (maksimum 255 karakter).",
    "Username must have at least 2 characters": "Nama pengguna harus memiliki setidaknya 2 karakter",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan sandi atau kode yang salah terlalu sering, mohon tunggu selama %d menit lalu coba kembali",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Wilayah Anda tidak diizinkan untuk mendaftar melalui telepon",
    "password or code is incorrect": "kata sandi atau kode salah",
    "password or code is incorrect, you have %d remaining chances": "Sandi atau kode salah, Anda memiliki %d kesempatan tersisa",
    "unsupported password type: %s": "jenis sandi tidak didukung: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Gagal mengimpor pengguna",
    "Missing parameter": "Parameter hilang",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Silahkan login terlebih dahulu",
    "The organization: %s should have one application at least": "Organisasi: %s setidaknya harus memiliki satu aplikasi",
    "The user: %s doesn't exist": "Pengguna: %s tidak ada",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:",
    "this operation is not allowed in demo mode": "tindakan ini tidak diizinkan pada mode demo",
    "this operation requires administrator to perform": "tindakan ini membutuhkan peran administrator"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Hanya admin yang dapat memodifikasi %s.",
    "The %s is immutable.": "%s tidak dapat diubah.",
-    "Unknown modify rule %s.": "Aturan modifikasi tidak diketahui %s."
+    "Unknown modify rule %s.": "Aturan modifikasi tidak diketahui %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "Izin: \\\"%s\\\" tidak ada"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "Kunci objek: %s tidak diizinkan",
    "The provider type: %s is not supported": "Jenis penyedia: %s tidak didukung"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Jenis grant (grant_type) %s tidak didukung dalam aplikasi ini",
    "Invalid application or wrong clientSecret": "Aplikasi tidak valid atau clientSecret salah",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Nama tampilan tidak boleh kosong",
-    "New password cannot contain blank space.": "Sandi baru tidak boleh mengandung spasi kosong."
-  },
-  "user_upload": {
-    "Failed to import users": "Gagal mengimpor pengguna"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Sandi baru tidak boleh mengandung spasi kosong.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "Tidak ditemukan aplikasi untuk userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Penyedia captcha tidak valid.",
    "Phone number is invalid in your region %s": "Nomor telepon tidak valid di wilayah anda %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "Kode verifikasi belum terkirim!",
-    "The verification code has not been sent yet, or has already been used!": "Kode verifikasi belum dikirim atau telah digunakan!",
    "Turing test failed.": "Tes Turing gagal.",
    "Unable to get the email modify rule.": "Tidak dapat memperoleh aturan modifikasi email.",
    "Unable to get the phone modify rule.": "Tidak dapat memodifikasi aturan telepon.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "Pengguna tidak ada, silakan daftar terlebih dahulu"
  },
  "webauthn": {
-    "Found no credentials for this user": "Tidak ditemukan kredensial untuk pengguna ini",
    "Please call WebAuthnSigninBegin first": "Harap panggil WebAuthnSigninBegin terlebih dahulu"
  }
 }
--- a/i18n/locales/it/data.json
+++ b/i18n/locales/it/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "チャレンジメソッドはS256である必要があります",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "ユーザーの作成に失敗しました。ユーザー情報が無効です：%s",
    "Failed to login in: %s": "ログインできませんでした：%s",
    "Invalid token": "無効なトークン",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "ログイン方法：パスワードでのログインはアプリケーションで有効になっていません",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "プロバイダー：%sはアプリケーションでは有効化されていません",
    "Unauthorized operation": "不正操作",
    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "サービス%sと%sは一致しません"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "所属は空白にできません",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "表示名は空白にできません",
    "DisplayName is not valid real name": "表示名は有効な実名ではありません",
@ -41,6 +49,7 @@
    "Empty username.": "空のユーザー名。",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "ファーストネームは空白にできません",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "姓は空白にできません",
    "Multiple accounts with same uid, please check your ldap server": "同じuidを持つ複数のアカウントがあります。あなたのLDAPサーバーを確認してください",
    "Organization does not exist": "組織は存在しません",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "電話はすでに存在しています",
    "Phone cannot be empty": "電話は空っぽにできません",
    "Phone number is invalid": "電話番号が無効です",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "ユーザー名は数字で始めることはできません",
    "Username is too long (maximum is 255 characters).": "ユーザー名が長すぎます（最大255文字）。",
    "Username must have at least 2 characters": "ユーザー名は少なくとも2文字必要です",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "あなたは間違ったパスワードまたはコードを何度も入力しました。%d 分間待ってから再度お試しください",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "あなたの地域は電話でサインアップすることができません",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "パスワードまたはコードが間違っています。あと%d回の試行機会があります",
    "unsupported password type: %s": "サポートされていないパスワードタイプ：%s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "ユーザーのインポートに失敗しました",
    "Missing parameter": "不足しているパラメーター",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "最初にログインしてください",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "そのユーザー：%sは存在しません",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "captchaProviderをサポートしないでください",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "管理者のみが%sを変更できます。",
    "The %s is immutable.": "%sは不変です。",
-    "Unknown modify rule %s.": "未知の変更ルール%s。"
+    "Unknown modify rule %s.": "未知の変更ルール%s。",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "オブジェクトキー %s は許可されていません",
    "The provider type: %s is not supported": "プロバイダータイプ：%sはサポートされていません"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "grant_type：%sはこのアプリケーションでサポートされていません",
    "Invalid application or wrong clientSecret": "無効なアプリケーションまたは誤ったクライアントシークレットです",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "表示名は空にできません",
-    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。"
-  },
-  "user_upload": {
-    "Failed to import users": "ユーザーのインポートに失敗しました"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "ユーザーIDに対するアプリケーションが見つかりません： %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "無効なCAPTCHAプロバイダー。",
    "Phone number is invalid in your region %s": "電話番号はあなたの地域で無効です %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "チューリングテストは失敗しました。",
    "Unable to get the email modify rule.": "電子メール変更規則を取得できません。",
    "Unable to get the phone modify rule.": "電話の変更ルールを取得できません。",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "ユーザーは存在しません。まず登録してください"
  },
  "webauthn": {
-    "Found no credentials for this user": "このユーザーの資格情報が見つかりませんでした",
    "Please call WebAuthnSigninBegin first": "最初にWebAuthnSigninBeginを呼び出してください"
  }
 }
--- a/i18n/locales/kk/data.json
+++ b/i18n/locales/kk/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "도전 방식은 S256이어야 합니다",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "사용자를 만들지 못했습니다. 사용자 정보가 잘못되었습니다: %s",
    "Failed to login in: %s": "로그인에 실패했습니다.: %s",
    "Invalid token": "유효하지 않은 토큰",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "어플리케이션에서는 암호를 사용한 로그인 방법이 활성화되어 있지 않습니다",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "제공자 %s은(는) 응용 프로그램에서 활성화되어 있지 않습니다",
    "Unauthorized operation": "무단 조작",
    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "서비스 %s와 %s는 일치하지 않습니다"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "소속은 비워 둘 수 없습니다",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName는 비어 있을 수 없습니다",
    "DisplayName is not valid real name": "DisplayName는 유효한 실제 이름이 아닙니다",
@ -41,6 +49,7 @@
    "Empty username.": "빈 사용자 이름.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "이름은 공백일 수 없습니다",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "성은 비어 있을 수 없습니다",
    "Multiple accounts with same uid, please check your ldap server": "동일한 UID를 가진 여러 계정이 있습니다. LDAP 서버를 확인해주세요",
    "Organization does not exist": "조직은 존재하지 않습니다",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "전화기는 이미 존재합니다",
    "Phone cannot be empty": "전화는 비워 둘 수 없습니다",
    "Phone number is invalid": "전화번호가 유효하지 않습니다",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "사용자 이름은 숫자로 시작할 수 없습니다",
    "Username is too long (maximum is 255 characters).": "사용자 이름이 너무 깁니다 (최대 255자).",
    "Username must have at least 2 characters": "사용자 이름은 적어도 2개의 문자가 있어야 합니다",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "올바르지 않은 비밀번호나 코드를 여러 번 입력했습니다. %d분 동안 기다리신 후 다시 시도해주세요",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "당신의 지역은 전화로 가입할 수 없습니다",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "암호 또는 코드가 올바르지 않습니다. %d번의 기회가 남아 있습니다",
    "unsupported password type: %s": "지원되지 않는 암호 유형: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "사용자 가져오기를 실패했습니다",
    "Missing parameter": "누락된 매개변수",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "먼저 로그인 하십시오",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "사용자 %s는 존재하지 않습니다",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "CaptchaProvider를 지원하지 마세요",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "관리자만 %s을(를) 수정할 수 있습니다.",
    "The %s is immutable.": "%s 는 변경할 수 없습니다.",
-    "Unknown modify rule %s.": "미확인 수정 규칙 %s."
+    "Unknown modify rule %s.": "미확인 수정 규칙 %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "객체 키 : %s 는 허용되지 않습니다",
    "The provider type: %s is not supported": "제공자 유형: %s은/는 지원되지 않습니다"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "그랜트 유형: %s은(는) 이 어플리케이션에서 지원되지 않습니다",
    "Invalid application or wrong clientSecret": "잘못된 어플리케이션 또는 올바르지 않은 클라이언트 시크릿입니다",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "디스플레이 이름은 비어 있을 수 없습니다",
-    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다."
-  },
-  "user_upload": {
-    "Failed to import users": "사용자 가져오기를 실패했습니다"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "어플리케이션을 찾을 수 없습니다. userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "잘못된 captcha 제공자입니다.",
    "Phone number is invalid in your region %s": "전화 번호가 당신의 지역 %s에서 유효하지 않습니다",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "튜링 테스트 실패.",
    "Unable to get the email modify rule.": "이메일 수정 규칙을 가져올 수 없습니다.",
    "Unable to get the phone modify rule.": "전화 수정 규칙을 가져올 수 없습니다.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "사용자가 존재하지 않습니다. 먼저 회원 가입 해주세요"
  },
  "webauthn": {
-    "Found no credentials for this user": "이 사용자의 자격 증명을 찾을 수 없습니다",
    "Please call WebAuthnSigninBegin first": "WebAuthnSigninBegin을 먼저 호출해주세요"
  }
 }
--- a/i18n/locales/ms/data.json
+++ b/i18n/locales/ms/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/nl/data.json
+++ b/i18n/locales/nl/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/pl/data.json
+++ b/i18n/locales/pl/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/pt/data.json
+++ b/i18n/locales/pt/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Método de desafio deve ser S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Falha ao criar usuário, informação do usuário inválida: %s",
    "Failed to login in: %s": "Falha ao entrar em: %s",
    "Invalid token": "Token inválido",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "O nome de usuário não pode começar com um dígito",
    "Username is too long (maximum is 255 characters).": "Nome de usuário é muito longo (máximo é 255 caracteres).",
    "Username must have at least 2 characters": "Nome de usuário deve ter pelo menos 2 caracteres",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "senha ou código incorreto",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Falha ao importar usuários",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "O %s é imutável.",
-    "Unknown modify rule %s.": "Regra de modificação %s desconhecida."
+    "Unknown modify rule %s.": "Regra de modificação %s desconhecida.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Aplicativo inválido ou clientSecret errado",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Nome de exibição não pode ser vazio",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Falha ao importar usuários"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Метод проверки должен быть S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Не удалось создать пользователя, информация о пользователе недействительна: %s",
    "Failed to login in: %s": "Не удалось войти в систему: %s",
    "Invalid token": "Недействительный токен",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "Метод входа: вход с помощью лица не включен для приложения",
    "The login method: login with password is not enabled for the application": "Метод входа: вход с паролем не включен для приложения",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Провайдер: %s не включен для приложения",
    "Unauthorized operation": "Несанкционированная операция",
    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s",
    "User's tag: %s is not listed in the application's tags": "Тег пользователя: %s не указан в тэгах приложения",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Сервисы %s и %s не совпадают"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Принадлежность не может быть пустым значением",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "Имя отображения не может быть пустым",
    "DisplayName is not valid real name": "DisplayName не является действительным именем",
@ -41,6 +49,7 @@
    "Empty username.": "Пустое имя пользователя.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Имя не может быть пустым",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "Фамилия не может быть пустой",
    "Multiple accounts with same uid, please check your ldap server": "Множественные учетные записи с тем же UID. Пожалуйста, проверьте свой сервер LDAP",
    "Organization does not exist": "Организация не существует",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Телефон уже существует",
    "Phone cannot be empty": "Телефон не может быть пустым",
    "Phone number is invalid": "Номер телефона является недействительным",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Имя пользователя не может начинаться с цифры",
    "Username is too long (maximum is 255 characters).": "Имя пользователя слишком длинное (максимальная длина - 255 символов).",
    "Username must have at least 2 characters": "Имя пользователя должно содержать не менее 2 символов",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Вы ввели неправильный пароль или код слишком много раз, пожалуйста, подождите %d минут и попробуйте снова",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Ваш регион не разрешает регистрацию по телефону",
    "password or code is incorrect": "неправильный пароль или код",
    "password or code is incorrect, you have %d remaining chances": "Неправильный пароль или код, у вас осталось %d попыток",
    "unsupported password type: %s": "неподдерживаемый тип пароля: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Не удалось импортировать пользователей",
    "Missing parameter": "Отсутствующий параметр",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Пожалуйста, сначала войдите в систему",
    "The organization: %s should have one application at least": "Организация: %s должна иметь хотя бы одно приложение",
    "The user: %s doesn't exist": "Пользователь %s не существует",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "неподдерживаемый captchaProvider: ",
    "this operation is not allowed in demo mode": "эта операция не разрешена в демо-режиме",
    "this operation requires administrator to perform": "для выполнения этой операции требуется администратор"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Только администратор может изменять %s.",
    "The %s is immutable.": "%s неизменяемый.",
-    "Unknown modify rule %s.": "Неизвестное изменение правила %s."
+    "Unknown modify rule %s.": "Неизвестное изменение правила %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "Разрешение: \\\"%s\\\" не существует"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "Объект «objectKey: %s» не разрешен",
    "The provider type: %s is not supported": "Тип провайдера: %s не поддерживается"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Тип предоставления: %s не поддерживается в данном приложении",
    "Invalid application or wrong clientSecret": "Недействительное приложение или неправильный clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Отображаемое имя не может быть пустым",
-    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы."
-  },
-  "user_upload": {
-    "Failed to import users": "Не удалось импортировать пользователей"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "Не найдено заявки для пользователя с идентификатором: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Недействительный поставщик CAPTCHA.",
    "Phone number is invalid in your region %s": "Номер телефона недействителен в вашем регионе %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "Код проверки еще не отправлен!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Тест Тьюринга не удался.",
    "Unable to get the email modify rule.": "Невозможно получить правило изменения электронной почты.",
    "Unable to get the phone modify rule.": "Невозможно получить правило изменения телефона.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "Пользователь не существует, пожалуйста, сначала зарегистрируйтесь"
  },
  "webauthn": {
-    "Found no credentials for this user": "Не найдено учетных данных для этого пользователя",
    "Please call WebAuthnSigninBegin first": "Пожалуйста, сначала вызовите WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/sk/data.json
+++ b/i18n/locales/sk/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Metóda výzvy by mala byť S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Nepodarilo sa vytvoriť používateľa, informácie o používateľovi sú neplatné: %s",
    "Failed to login in: %s": "Prihlásenie zlyhalo: %s",
    "Invalid token": "Neplatný token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou tváre nie je pre aplikáciu povolená",
    "The login method: login with password is not enabled for the application": "Metóda prihlásenia: prihlásenie pomocou hesla nie je pre aplikáciu povolená",
    "The organization: %s does not exist": "Organizácia: %s neexistuje",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Poskytovateľ: %s nie je pre aplikáciu povolený",
    "Unauthorized operation": "Neautorizovaná operácia",
    "Unknown authentication type (not password or provider), form = %s": "Neznámy typ autentifikácie (nie heslo alebo poskytovateľ), forma = %s",
    "User's tag: %s is not listed in the application's tags": "Štítok používateľa: %s nie je uvedený v štítkoch aplikácie",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "platiaci používateľ %s nemá aktívne alebo čakajúce predplatné a aplikácia: %s nemá predvolenú cenovú politiku"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "platiaci používateľ %s nemá aktívne alebo čakajúce predplatné a aplikácia: %s nemá predvolenú cenovú politiku",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Služba %s a %s sa nezhodujú"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Príslušnosť nemôže byť prázdna",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Predvolený kód nezodpovedá pravidlám zodpovedania kódu",
    "DisplayName cannot be blank": "Zobrazované meno nemôže byť prázdne",
    "DisplayName is not valid real name": "Zobrazované meno nie je platné skutočné meno",
@ -41,6 +49,7 @@
    "Empty username.": "Prázdne používateľské meno.",
    "Face data does not exist, cannot log in": "Dáta o tvári neexistujú, nemožno sa prihlásiť",
    "Face data mismatch": "Nesúlad dát o tvári",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Meno nemôže byť prázdne",
    "Invitation code cannot be blank": "Kód pozvania nemôže byť prázdny",
    "Invitation code exhausted": "Kód pozvania bol vyčerpaný",
@ -50,11 +59,12 @@
    "LastName cannot be blank": "Priezvisko nemôže byť prázdne",
    "Multiple accounts with same uid, please check your ldap server": "Viacero účtov s rovnakým uid, skontrolujte svoj ldap server",
    "Organization does not exist": "Organizácia neexistuje",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Telefón už existuje",
    "Phone cannot be empty": "Telefón nemôže byť prázdny",
    "Phone number is invalid": "Telefónne číslo je neplatné",
    "Please register using the email corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou e-mailu zodpovedajúceho kódu pozvania",
-    "Please register using the phone corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou telefónu zodpovedajúceho kódu pozvania",
+    "Please register using the phone  corresponding to the invitation code": "Prosím zaregistrujte se pomocí telefonu odpovídajícího pozvánkovému kódu",
    "Please register using the username corresponding to the invitation code": "Prosím, zaregistrujte sa pomocou používateľského mena zodpovedajúceho kódu pozvania",
    "Session outdated, please login again": "Relácia je zastaraná, prosím, prihláste sa znova",
    "The invitation code has already been used": "Kód pozvania už bol použitý",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Používateľské meno nemôže začínať číslicou",
    "Username is too long (maximum is 255 characters).": "Používateľské meno je príliš dlhé (maximum je 255 znakov).",
    "Username must have at least 2 characters": "Používateľské meno musí mať aspoň 2 znaky",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali ste nesprávne heslo alebo kód príliš veľa krát, prosím, počkajte %d minút a skúste to znova",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Váš región neumožňuje registráciu cez telefón",
    "password or code is incorrect": "heslo alebo kód je nesprávne",
    "password or code is incorrect, you have %d remaining chances": "heslo alebo kód je nesprávne, máte %d zostávajúcich pokusov",
    "unsupported password type: %s": "nepodporovaný typ hesla: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Nepodarilo sa importovať používateľov",
    "Missing parameter": "Chýbajúci parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Najskôr sa prosím prihláste",
    "The organization: %s should have one application at least": "Organizácia: %s by mala mať aspoň jednu aplikáciu",
    "The user: %s doesn't exist": "Používateľ: %s neexistuje",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "nepodporuje captchaProvider: ",
    "this operation is not allowed in demo mode": "táto operácia nie je povolená v demo režime",
    "this operation requires administrator to perform": "táto operácia vyžaduje vykonanie administrátorom"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Len administrátor môže upravovať %s.",
    "The %s is immutable.": "%s je nemenný.",
-    "Unknown modify rule %s.": "Neznáme pravidlo úprav %s."
+    "Unknown modify rule %s.": "Neznáme pravidlo úprav %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "Povolenie: \\\"%s\\\" neexistuje"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "objectKey: %s nie je povolený",
    "The provider type: %s is not supported": "Typ poskytovateľa: %s nie je podporovaný"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s nie je podporovaný v tejto aplikácii",
    "Invalid application or wrong clientSecret": "Neplatná aplikácia alebo nesprávny clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Zobrazované meno nemôže byť prázdne",
-    "New password cannot contain blank space.": "Nové heslo nemôže obsahovať medzery."
-  },
-  "user_upload": {
-    "Failed to import users": "Nepodarilo sa importovať používateľov"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Nové heslo nemôže obsahovať medzery.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "Nebola nájdená žiadna aplikácia pre userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Neplatný captcha poskytovateľ.",
    "Phone number is invalid in your region %s": "Telefónne číslo je neplatné vo vašom regióne %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "Overovací kód ešte nebol odoslaný!",
-    "The verification code has not been sent yet, or has already been used!": "Overovací kód ešte nebol odoslaný, alebo bol už použitý!",
    "Turing test failed.": "Test Turinga zlyhal.",
    "Unable to get the email modify rule.": "Nepodarilo sa získať pravidlo úpravy e-mailu.",
    "Unable to get the phone modify rule.": "Nepodarilo sa získať pravidlo úpravy telefónu.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "používateľ neexistuje, prosím, zaregistrujte sa najskôr"
  },
  "webauthn": {
-    "Found no credentials for this user": "Nenašli sa žiadne prihlasovacie údaje pre tohto používateľa",
    "Please call WebAuthnSigninBegin first": "Najskôr prosím zavolajte WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/sv/data.json
+++ b/i18n/locales/sv/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/tr/data.json
+++ b/i18n/locales/tr/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Telefon numarası zaten mevcut",
    "Phone cannot be empty": "Telefon numarası boş olamaz",
    "Phone number is invalid": "Telefon numarası geçersiz",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Kullanıcı adı rakamla başlayamaz",
    "Username is too long (maximum is 255 characters).": "Kullanıcı adı çok uzun (en fazla 255 karakter olmalı).",
    "Username must have at least 2 characters": "Kullanıcı adı en az iki karakterden oluşmalı",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Çok fazla hatalı şifre denemesi yaptınız.  %d dakika kadar bekleyip yeniden giriş yapmayı deneyebilirsiniz.",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "şifre veya kod hatalı",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Görünen ad boş olamaz",
-    "New password cannot contain blank space.": "Yeni şifreniz boşluk karakteri içeremez."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Yeni şifreniz boşluk karakteri içeremez.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Telefon numaranızın bulunduğu bölgeye hizmet veremiyoruz",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/uk/data.json
+++ b/i18n/locales/uk/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
@ -41,6 +49,7 @@
    "Empty username.": "Empty username.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/vi/data.json
+++ b/i18n/locales/vi/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Phương pháp thách thức nên là S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Không thể tạo người dùng, thông tin người dùng không hợp lệ: %s",
    "Failed to login in: %s": "Đăng nhập không thành công: %s",
    "Invalid token": "Mã thông báo không hợp lệ",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "Phương thức đăng nhập: đăng nhập bằng mật khẩu không được kích hoạt cho ứng dụng",
    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Nhà cung cấp: %s không được kích hoạt cho ứng dụng",
    "Unauthorized operation": "Hoạt động không được ủy quyền",
    "Unknown authentication type (not password or provider), form = %s": "Loại xác thực không xác định (không phải mật khẩu hoặc nhà cung cấp), biểu mẫu = %s",
    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Dịch sang tiếng Việt: Dịch vụ %s và %s không khớp"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Tình trạng liên kết không thể để trống",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "Tên hiển thị không thể để trống",
    "DisplayName is not valid real name": "DisplayName không phải là tên thật hợp lệ",
@ -41,6 +49,7 @@
    "Empty username.": "Tên đăng nhập trống.",
    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Tên không được để trống",
    "Invitation code cannot be blank": "Invitation code cannot be blank",
    "Invitation code exhausted": "Invitation code exhausted",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "Họ không thể để trống",
    "Multiple accounts with same uid, please check your ldap server": "Nhiều tài khoản với cùng một uid, vui lòng kiểm tra máy chủ ldap của bạn",
    "Organization does not exist": "Tổ chức không tồn tại",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Điện thoại đã tồn tại",
    "Phone cannot be empty": "Điện thoại không thể để trống",
    "Phone number is invalid": "Số điện thoại không hợp lệ",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "Tên người dùng không thể bắt đầu bằng chữ số",
    "Username is too long (maximum is 255 characters).": "Tên đăng nhập quá dài (tối đa là 255 ký tự).",
    "Username must have at least 2 characters": "Tên đăng nhập phải có ít nhất 2 ký tự",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Bạn đã nhập sai mật khẩu hoặc mã quá nhiều lần, vui lòng đợi %d phút và thử lại",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Vùng của bạn không được phép đăng ký bằng điện thoại",
    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Mật khẩu hoặc mã không chính xác, bạn còn %d lần cơ hội",
    "unsupported password type: %s": "Loại mật khẩu không được hỗ trợ: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Không thể nhập người dùng",
    "Missing parameter": "Thiếu tham số",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Vui lòng đăng nhập trước",
    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "Người dùng: %s không tồn tại",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "không hỗ trợ captchaProvider: ",
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "Chỉ những người quản trị mới có thể sửa đổi %s.",
    "The %s is immutable.": "%s không thể thay đổi được.",
-    "Unknown modify rule %s.": "Quy tắc thay đổi không xác định %s."
+    "Unknown modify rule %s.": "Quy tắc thay đổi không xác định %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "Khóa đối tượng: %s không được phép",
    "The provider type: %s is not supported": "Loại nhà cung cấp: %s không được hỗ trợ"
  },
+  "subscription": {
+    "Error": "Error"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "Loại cấp phép: %s không được hỗ trợ trong ứng dụng này",
    "Invalid application or wrong clientSecret": "Đơn đăng ký không hợp lệ hoặc sai clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "Tên hiển thị không thể trống",
-    "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng."
-  },
-  "user_upload": {
-    "Failed to import users": "Không thể nhập người dùng"
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
  "util": {
    "No application is found for userId: %s": "Không tìm thấy ứng dụng cho ID người dùng: %s",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "Nhà cung cấp captcha không hợp lệ.",
    "Phone number is invalid in your region %s": "Số điện thoại không hợp lệ trong vùng của bạn %s",
+    "The verification code has already been used!": "The verification code has already been used!",
    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
-    "The verification code has not been sent yet, or has already been used!": "The verification code has not been sent yet, or has already been used!",
    "Turing test failed.": "Kiểm định Turing thất bại.",
    "Unable to get the email modify rule.": "Không thể lấy quy tắc sửa đổi email.",
    "Unable to get the phone modify rule.": "Không thể thay đổi quy tắc trên điện thoại.",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "Người dùng không tồn tại, vui lòng đăng ký trước"
  },
  "webauthn": {
-    "Found no credentials for this user": "Không tìm thấy thông tin xác thực cho người dùng này",
    "Please call WebAuthnSigninBegin first": "Vui lòng gọi WebAuthnSigninBegin trước"
  }
 }
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@ -7,6 +7,7 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge方法应该为S256",
+    "DeviceCode Invalid": "DeviceCode 无效",
    "Failed to create user, user information is invalid: %s": "创建用户失败，用户信息无效: %s",
    "Failed to login in: %s": "登录失败: %s",
    "Invalid token": "无效token",
@ -21,17 +22,24 @@
    "The login method: login with face is not enabled for the application": "该应用禁止采用人脸登录",
    "The login method: login with password is not enabled for the application": "该应用禁止采用密码登录方式",
    "The organization: %s does not exist": "组织: %s 不存在",
+    "The provider: %s does not exist": "提供商: %s 不存在",
    "The provider: %s is not enabled for the application": "该应用的提供商: %s未被启用",
    "Unauthorized operation": "未授权的操作",
    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s",
    "User's tag: %s is not listed in the application's tags": "用户的标签: %s不在该应用的标签列表中",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s 没有激活或正在等待订阅并且应用: %s 没有默认值"
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s 没有激活或正在等待订阅并且应用: %s 没有默认值",
+    "the application for user %s is not found": "未找到用户 %s 的应用程序",
+    "the organization: %s is not found": "组织: %s 不存在"
  },
  "cas": {
    "Service %s and %s do not match": "服务%s与%s不匹配"
  },
  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s 不符合 CIDR 的格式要求: %s",
    "Affiliation cannot be blank": "工作单位不可为空",
+    "CIDR for IP: %s should not be empty": "IP 的 CIDR 格式：%s 不能为空",
    "Default code does not match the code's matching rules": "邀请码默认值和邀请码规则不匹配",
    "DisplayName cannot be blank": "显示名称不可为空",
    "DisplayName is not valid real name": "显示名称必须是真实姓名",
@ -41,6 +49,7 @@
    "Empty username.": "用户名不可为空",
    "Face data does not exist, cannot log in": "未录入人脸数据，无法登录",
    "Face data mismatch": "人脸不匹配",
+    "Failed to parse client IP: %s": "无法解析客户端 IP 地址: %s",
    "FirstName cannot be blank": "名不可以为空",
    "Invitation code cannot be blank": "邀请码不能为空",
    "Invitation code exhausted": "邀请码使用次数已耗尽",
@ -50,6 +59,7 @@
    "LastName cannot be blank": "姓不可以为空",
    "Multiple accounts with same uid, please check your ldap server": "多个帐户具有相同的uid，请检查您的 LDAP 服务器",
    "Organization does not exist": "组织不存在",
+    "Password cannot be empty": "密码不能为空",
    "Phone already exists": "该手机号已存在",
    "Phone cannot be empty": "手机号不可为空",
    "Phone number is invalid": "无效手机号",
@ -69,17 +79,27 @@
    "Username cannot start with a digit": "用户名禁止使用数字开头",
    "Username is too long (maximum is 255 characters).": "用户名过长（最大允许长度为255个字符）",
    "Username must have at least 2 characters": "用户名至少要有2个字符",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "用户名支持电子邮件格式。此外，用户名只能包含字母数字字符、下划线或连字符，不能包含连续的连字符或下划线，也不能以连字符或下划线开头或结尾。同时请注意电子邮件格式。",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "密码错误次数已达上限，请在 %d 分后重试",
+    "Your IP address: %s has been banned according to the configuration of: ": "您的IP地址：%s 根据以下配置已被禁止： ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "您的密码已过期。请点击 \\\"忘记密码\\\" 以重置密码",
    "Your region is not allow to signup by phone": "所在地区不支持手机号注册",
    "password or code is incorrect": "密码错误",
    "password or code is incorrect, you have %d remaining chances": "密码错误，您还有 %d 次尝试的机会",
    "unsupported password type: %s": "不支持的密码类型: %s"
  },
+  "enforcer": {
+    "the adapter: %s is not found": "适配器: %s 未找到"
+  },
  "general": {
+    "Failed to import groups": "导入群组失败",
+    "Failed to import users": "导入用户失败",
    "Missing parameter": "缺少参数",
+    "Only admin user can specify user": "仅管理员用户可以指定用户",
    "Please login first": "请先登录",
    "The organization: %s should have one application at least": "组织: %s 应该拥有至少一个应用",
    "The user: %s doesn't exist": "用户: %s不存在",
+    "Wrong userId": "错误的 userId",
    "don't support captchaProvider: ": "不支持验证码提供商: ",
    "this operation is not allowed in demo mode": "demo模式下不允许该操作",
    "this operation requires administrator to perform": "只有管理员才能进行此操作"
@ -98,7 +118,8 @@
  "organization": {
    "Only admin can modify the %s.": "仅允许管理员可以修改%s",
    "The %s is immutable.": "%s 是不可变的",
-    "Unknown modify rule %s.": "未知的修改规则: %s"
+    "Unknown modify rule %s.": "未知的修改规则: %s",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "目前，向'built-in'组织添加新用户的功能已禁用。请注意：'built-in'组织中的所有用户均为Casdoor的全局管理员。请参阅文档：https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself。如果您仍希望为built-in组织创建用户，请转到该组织的设置页面并启用“特权同意”选项。"
  },
  "permission": {
    "The permission: \\\"%s\\\" doesn't exist": "权限: \\\"%s\\\" 不存在"
@ -126,6 +147,9 @@
    "The objectKey: %s is not allowed": "objectKey: %s被禁止",
    "The provider type: %s is not supported": "不支持的提供商类型: %s"
  },
+  "subscription": {
+    "Error": "错误"
+  },
  "token": {
    "Grant_type: %s is not supported in this application": "该应用不支持Grant_type: %s",
    "Invalid application or wrong clientSecret": "无效应用或错误的clientSecret",
@ -135,10 +159,10 @@
  },
  "user": {
    "Display name cannot be empty": "显示名称不可为空",
-    "New password cannot contain blank space.": "新密码不可以包含空格"
-  },
-  "user_upload": {
-    "Failed to import users": "导入用户失败"
+    "MFA email is enabled but email is empty": "MFA 电子邮件已启用，但电子邮件为空",
+    "MFA phone is enabled but phone number is empty": "MFA 电话已启用，但电话号码为空",
+    "New password cannot contain blank space.": "新密码不可以包含空格",
+    "the user's owner and name should not be empty": "用户的组织和名称不能为空"
  },
  "util": {
    "No application is found for userId: %s": "未找到用户: %s的应用",
@ -148,8 +172,8 @@
  "verification": {
    "Invalid captcha provider.": "非法的验证码提供商",
    "Phone number is invalid in your region %s": "您所在地区的电话号码无效 %s",
+    "The verification code has already been used!": "验证码已使用过!",
    "The verification code has not been sent yet!": "验证码未发送！",
-    "The verification code has not been sent yet, or has already been used!": "验证码未发送或已被使用！",
    "Turing test failed.": "验证码还未发送",
    "Unable to get the email modify rule.": "无法获取邮箱修改规则",
    "Unable to get the phone modify rule.": "无法获取手机号修改规则",
@ -161,7 +185,6 @@
    "the user does not exist, please sign up first": "用户不存在，请先注册"
  },
  "webauthn": {
-    "Found no credentials for this user": "该用户没有 WebAuthn 凭据",
    "Please call WebAuthnSigninBegin first": "请先调用WebAuthnSigninBegin函数"
  }
 }
--- a/idp/douyin.go
+++ b/idp/douyin.go
@ -190,7 +190,7 @@ func (idp *DouyinIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)

 	userInfo := UserInfo{
 		Id:          douyinUserInfo.Data.OpenId,
-		Username:    douyinUserInfo.Data.Nickname,
+		Username:    douyinUserInfo.Data.OpenId,
 		DisplayName: douyinUserInfo.Data.Nickname,
 		AvatarUrl:   douyinUserInfo.Data.Avatar,
 	}
--- a/idp/lark.go
+++ b/idp/lark.go
@ -29,14 +29,20 @@ import (
 type LarkIdProvider struct {
 	Client     *http.Client
 	Config     *oauth2.Config
+	LarkDomain string
 }

-func NewLarkIdProvider(clientId string, clientSecret string, redirectUrl string) *LarkIdProvider {
+func NewLarkIdProvider(clientId string, clientSecret string, redirectUrl string, useGlobalEndpoint bool) *LarkIdProvider {
 	idp := &LarkIdProvider{}

+	if useGlobalEndpoint {
+		idp.LarkDomain = "https://open.larksuite.com"
+	} else {
+		idp.LarkDomain = "https://open.feishu.cn"
+	}
+
 	config := idp.getConfig(clientId, clientSecret, redirectUrl)
 	idp.Config = config
-
 	return idp
 }

@ -47,7 +53,7 @@ func (idp *LarkIdProvider) SetHttpClient(client *http.Client) {
 // getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
 func (idp *LarkIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
 	endpoint := oauth2.Endpoint{
-		TokenURL: "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal",
+		TokenURL: idp.LarkDomain + "/open-apis/auth/v3/tenant_access_token/internal",
 	}

 	config := &oauth2.Config{
@ -162,6 +168,7 @@ type LarkUserInfo struct {
 	} `json:"data"`
 }

+// GetUserInfo use LarkAccessToken gotten before return LinkedInUserInf
 // GetUserInfo use LarkAccessToken gotten before return LinkedInUserInfo
 // get more detail via: https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin?context=linkedin/consumer/context
 func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
@ -175,7 +182,7 @@ func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 		return nil, err
 	}

-	req, err := http.NewRequest("POST", "https://open.feishu.cn/open-apis/authen/v1/access_token", strings.NewReader(string(data)))
+	req, err := http.NewRequest("POST", idp.LarkDomain+"/open-apis/authen/v1/access_token", strings.NewReader(string(data)))
 	if err != nil {
 		return nil, err
 	}
--- a/idp/provider.go
+++ b/idp/provider.go
@ -87,7 +87,7 @@ func GetIdProvider(idpInfo *ProviderInfo, redirectUrl string) (IdProvider, error
 			return nil, fmt.Errorf("WeCom provider subType: %s is not supported", idpInfo.SubType)
 		}
 	case "Lark":
-		return NewLarkIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil
+		return NewLarkIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.DisableSsl), nil
 	case "GitLab":
 		return NewGitlabIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil
 	case "ADFS":
--- a/main.go
+++ b/main.go
@ -45,6 +45,7 @@ func main() {
 	object.InitUserManager()
 	object.InitFromFile()
 	object.InitCasvisorConfig()
+	object.InitCleanupTokens()

 	util.SafeGoroutine(func() { object.RunSyncUsersJob() })
 	util.SafeGoroutine(func() { controllers.InitCLIDownloader() })
@ -63,6 +64,7 @@ func main() {
 	beego.InsertFilter("*", beego.BeforeRouter, routers.ApiFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.PrometheusFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.RecordMessage)
+	beego.InsertFilter("*", beego.BeforeRouter, routers.FieldValidationFilter)
 	beego.InsertFilter("*", beego.AfterExec, routers.AfterRecordMessage, false)

 	beego.BConfig.WebConfig.Session.SessionOn = true
--- a/object/check.go
+++ b/object/check.go
@ -220,10 +220,15 @@ func checkSigninErrorTimes(user *User, lang string) error {
 }

 func CheckPassword(user *User, password string, lang string, options ...bool) error {
+	if password == "" {
+		return fmt.Errorf(i18n.Translate(lang, "check:Password cannot be empty"))
+	}
+
 	enableCaptcha := false
 	if len(options) > 0 {
 		enableCaptcha = options[0]
 	}
+
 	// check the login error times
 	if !enableCaptcha {
 		err := checkSigninErrorTimes(user, lang)
@ -236,35 +241,41 @@ func CheckPassword(user *User, password string, lang string, options ...bool) er
 	if err != nil {
 		return err
 	}
-
 	if organization == nil {
 		return fmt.Errorf(i18n.Translate(lang, "check:Organization does not exist"))
 	}

-	if password == "" {
-		return fmt.Errorf(i18n.Translate(lang, "check:Password cannot be empty"))
-	}
-
 	passwordType := user.PasswordType
 	if passwordType == "" {
 		passwordType = organization.PasswordType
 	}
+
 	credManager := cred.GetCredManager(passwordType)
-	if credManager != nil {
+	if credManager == nil {
+		return fmt.Errorf(i18n.Translate(lang, "check:unsupported password type: %s"), passwordType)
+	}
+
 	if organization.MasterPassword != "" {
-			if password == organization.MasterPassword || credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
+		if password == organization.MasterPassword || credManager.IsPasswordCorrect(password, organization.MasterPassword, organization.PasswordSalt) {
 			return resetUserSigninErrorTimes(user)
 		}
 	}

-		if credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt, organization.PasswordSalt) {
-			return resetUserSigninErrorTimes(user)
-		}
-
+	if !credManager.IsPasswordCorrect(password, user.Password, organization.PasswordSalt) && !credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt) {
 		return recordSigninErrorInfo(user, lang, enableCaptcha)
-	} else {
-		return fmt.Errorf(i18n.Translate(lang, "check:unsupported password type: %s"), organization.PasswordType)
 	}
+
+	isOutdated := passwordType != organization.PasswordType
+	if isOutdated {
+		user.Password = password
+		user.UpdateUserPassword(organization)
+		_, err = UpdateUser(user.GetId(), user, []string{"password", "password_type", "password_salt"}, true)
+		if err != nil {
+			return err
+		}
+	}
+
+	return resetUserSigninErrorTimes(user)
 }

 func CheckPasswordComplexityByOrg(organization *Organization, password string) string {
@ -593,31 +604,41 @@ func CheckUpdateUser(oldUser, user *User, lang string) string {
 	return ""
 }

-func CheckToEnableCaptcha(application *Application, organization, username string) (bool, error) {
+func CheckToEnableCaptcha(application *Application, organization, username string, clientIp string) (bool, error) {
 	if len(application.Providers) == 0 {
 		return false, nil
 	}

 	for _, providerItem := range application.Providers {
-		if providerItem.Provider == nil {
+		if providerItem.Provider == nil || providerItem.Provider.Category != "Captcha" {
 			continue
 		}
-		if providerItem.Provider.Category == "Captcha" {
+
+		if providerItem.Rule == "Internet-Only" {
+			if util.IsInternetIp(clientIp) {
+				return true, nil
+			}
+		}
+
 		if providerItem.Rule == "Dynamic" {
 			user, err := GetUserByFields(organization, username)
 			if err != nil {
 				return false, err
 			}

-				failedSigninLimit := application.FailedSigninLimit
-				if failedSigninLimit == 0 {
-					failedSigninLimit = DefaultFailedSigninLimit
+			if user != nil {
+				failedSigninLimit, _, err := GetFailedSigninConfigByUser(user)
+				if err != nil {
+					return false, err
 				}

-				return user != nil && user.SigninWrongTimes >= failedSigninLimit, nil
-			}
-			return providerItem.Rule == "Always", nil
-		}
+				return user.SigninWrongTimes >= failedSigninLimit, nil
+			}
+
+			return false, nil
+		}
+
+		return providerItem.Rule == "Always", nil
 	}

 	return false, nil
--- a/object/get-dashboard.go
+++ b/object/get-dashboard.go
@ -103,7 +103,7 @@ func GetDashboard(owner string) (*map[string][]int64, error) {
 func countCreatedBefore(dashboardMapItem DashboardMapItem, before time.Time) int64 {
 	count := dashboardMapItem.itemCount
 	for _, e := range dashboardMapItem.dashboardDateItems {
-		createdTime, _ := time.Parse("2006-01-02T15:04:05-07:00", e.CreatedTime)
+		createdTime, _ := time.Parse(time.RFC3339, e.CreatedTime)
 		if createdTime.Before(before) {
 			count++
 		}
--- a/object/group.go
+++ b/object/group.go
@ -181,6 +181,41 @@ func AddGroups(groups []*Group) (bool, error) {
 	return affected != 0, nil
 }

+func AddGroupsInBatch(groups []*Group) (bool, error) {
+	if len(groups) == 0 {
+		return false, nil
+	}
+
+	session := ormer.Engine.NewSession()
+	defer session.Close()
+	err := session.Begin()
+	if err != nil {
+		return false, err
+	}
+
+	for _, group := range groups {
+		err = checkGroupName(group.Name)
+		if err != nil {
+			return false, err
+		}
+
+		affected, err := session.Insert(group)
+		if err != nil {
+			return false, err
+		}
+		if affected == 0 {
+			return false, nil
+		}
+	}
+
+	err = session.Commit()
+	if err != nil {
+		return false, err
+	}
+
+	return true, nil
+}
+
 func deleteGroup(group *Group) (bool, error) {
 	affected, err := ormer.Engine.ID(core.PK{group.Owner, group.Name}).Delete(&Group{})
 	if err != nil {
--- a/object/group_upload.go
+++ b/object/group_upload.go
@ -0,0 +1,61 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"github.com/casdoor/casdoor/xlsx"
+)
+
+func getGroupMap(owner string) (map[string]*Group, error) {
+	m := map[string]*Group{}
+
+	groups, err := GetGroups(owner)
+	if err != nil {
+		return m, err
+	}
+
+	for _, group := range groups {
+		m[group.GetId()] = group
+	}
+
+	return m, nil
+}
+
+func UploadGroups(owner string, path string) (bool, error) {
+	table := xlsx.ReadXlsxFile(path)
+
+	oldGroupMap, err := getGroupMap(owner)
+	if err != nil {
+		return false, err
+	}
+
+	transGroups, err := StringArrayToStruct[Group](table)
+	if err != nil {
+		return false, err
+	}
+
+	newGroups := []*Group{}
+	for _, group := range transGroups {
+		if _, ok := oldGroupMap[group.GetId()]; !ok {
+			newGroups = append(newGroups, group)
+		}
+	}
+
+	if len(newGroups) == 0 {
+		return false, nil
+	}
+
+	return AddGroupsInBatch(newGroups)
+}
--- a/object/init.go
+++ b/object/init.go
@ -154,7 +154,7 @@ func initBuiltInUser() {
 		CreatedIp:         "127.0.0.1",
 		Properties:        make(map[string]string),
 	}
-	_, err = AddUser(user)
+	_, err = AddUser(user, "en")
 	if err != nil {
 		panic(err)
 	}
--- a/object/init_data.go
+++ b/object/init_data.go
@ -342,7 +342,7 @@ func initDefinedUser(user *User) {
 	if user.Properties == nil {
 		user.Properties = make(map[string]string)
 	}
-	_, err = AddUser(user)
+	_, err = AddUser(user, "en")
 	if err != nil {
 		panic(err)
 	}
--- a/object/init_data_dump_test.go
+++ b/object/init_data_dump_test.go
@ -20,6 +20,7 @@ package object
 import "testing"

 func TestDumpToFile(t *testing.T) {
+	createDatabase = false
 	InitConfig()

 	err := DumpToFile("./init_data_dump.json")
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@ -268,7 +268,7 @@ func AutoAdjustLdapUser(users []LdapUser) []LdapUser {
 			DisplayName: user.DisplayName,
 			Email:       util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
 			Mobile:      util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
-			RegisteredAddress: util.ReturnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
+			Address:     util.ReturnAnyNotEmpty(user.Address, user.PostalAddress, user.RegisteredAddress),
 		}
 	}
 	return res
@ -351,7 +351,7 @@ func SyncLdapUsers(owner string, syncUsers []LdapUser, ldapId string) (existUser
 				newUser.Groups = []string{ldap.DefaultGroup}
 			}

-			affected, err := AddUser(newUser)
+			affected, err := AddUser(newUser, "en")
 			if err != nil {
 				return nil, nil, err
 			}
--- a/object/mfa.go
+++ b/object/mfa.go
@ -28,6 +28,7 @@ type MfaProps struct {
 	CountryCode        string   `json:"countryCode,omitempty"`
 	URL                string   `json:"url,omitempty"`
 	RecoveryCodes      []string `json:"recoveryCodes,omitempty"`
+	MfaRememberInHours int      `json:"mfaRememberInHours"`
 }

 type MfaInterface interface {
--- a/object/organization.go
+++ b/object/organization.go
@ -57,6 +57,7 @@ type Organization struct {
 	Logo                   string     `xorm:"varchar(200)" json:"logo"`
 	LogoDark               string     `xorm:"varchar(200)" json:"logoDark"`
 	Favicon                string     `xorm:"varchar(200)" json:"favicon"`
+	HasPrivilegeConsent    bool       `xorm:"bool" json:"hasPrivilegeConsent"`
 	PasswordType           string     `xorm:"varchar(100)" json:"passwordType"`
 	PasswordSalt           string     `xorm:"varchar(100)" json:"passwordSalt"`
 	PasswordOptions        []string   `xorm:"varchar(100)" json:"passwordOptions"`
@ -84,6 +85,7 @@ type Organization struct {
 	WidgetItems            []string   `xorm:"varchar(1000)" json:"widgetItems"`

 	MfaItems           []*MfaItem     `xorm:"varchar(300)" json:"mfaItems"`
+	MfaRememberInHours int            `json:"mfaRememberInHours"`
 	AccountItems       []*AccountItem `xorm:"varchar(5000)" json:"accountItems"`
 }

@ -221,7 +223,7 @@ func UpdateOrganization(id string, organization *Organization, isGlobalAdmin boo
 	if organization.MasterPassword != "" && organization.MasterPassword != "***" {
 		credManager := cred.GetCredManager(organization.PasswordType)
 		if credManager != nil {
-			hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, "", organization.PasswordSalt)
+			hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, organization.PasswordSalt)
 			organization.MasterPassword = hashedPassword
 		}
 	}
@ -535,7 +537,13 @@ func IsNeedPromptMfa(org *Organization, user *User) bool {
 	if org == nil || user == nil {
 		return false
 	}
-	for _, item := range org.MfaItems {
+
+	mfaItems := org.MfaItems
+
+	if len(user.MfaItems) > 0 {
+		mfaItems = user.MfaItems
+	}
+	for _, item := range mfaItems {
 		if item.Rule == "Required" {
 			if item.Name == EmailType && !user.MfaEmailEnabled {
 				return true
--- a/object/plan.go
+++ b/object/plan.go
@ -49,17 +49,21 @@ func (plan *Plan) GetId() string {
 	return fmt.Sprintf("%s/%s", plan.Owner, plan.Name)
 }

-func GetDuration(period string) (startTime time.Time, endTime time.Time) {
+func getDuration(period string) (string, string, error) {
+	startTime := time.Now()
+	var endTime time.Time
+
 	if period == PeriodYearly {
-		startTime = time.Now()
 		endTime = startTime.AddDate(1, 0, 0)
 	} else if period == PeriodMonthly {
-		startTime = time.Now()
 		endTime = startTime.AddDate(0, 1, 0)
 	} else {
-		panic(fmt.Sprintf("invalid period: %s", period))
+		return "", "", fmt.Errorf("invalid period: %s", period)
 	}
-	return
+
+	startTimeString := startTime.Format(time.RFC3339)
+	endTimeString := endTime.Format(time.RFC3339)
+	return startTimeString, endTimeString, nil
 }

 func GetPlanCount(owner, field, value string) (int64, error) {
--- a/object/product.go
+++ b/object/product.go
@ -42,6 +42,7 @@ type Product struct {
 	IsRecharge  bool     `json:"isRecharge"`
 	Providers   []string `xorm:"varchar(255)" json:"providers"`
 	ReturnUrl   string   `xorm:"varchar(1000)" json:"returnUrl"`
+	SuccessUrl  string   `xorm:"varchar(1000)" json:"successUrl"`

 	State string `xorm:"varchar(100)" json:"state"`

@ -205,14 +206,24 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 			if plan == nil {
 				return nil, nil, fmt.Errorf("the plan: %s does not exist", planName)
 			}
-			sub := NewSubscription(owner, user.Name, plan.Name, paymentName, plan.Period)
+
+			sub, err := NewSubscription(owner, user.Name, plan.Name, paymentName, plan.Period)
+			if err != nil {
+				return nil, nil, err
+			}
+
 			_, err = AddSubscription(sub)
 			if err != nil {
 				return nil, nil, err
 			}
+
 			returnUrl = fmt.Sprintf("%s/buy-plan/%s/%s/result?subscription=%s", originFrontend, owner, pricingName, sub.Name)
 		}
 	}
+
+	if product.SuccessUrl != "" {
+		returnUrl = fmt.Sprintf("%s?transactionOwner=%s&transactionName=%s", product.SuccessUrl, owner, paymentName)
+	}
 	// Create an order
 	payReq := &pp.PayReq{
 		ProviderName:       providerName,
--- a/object/subscription.go
+++ b/object/subscription.go
@ -48,8 +48,8 @@ type Subscription struct {
 	Plan    string `xorm:"varchar(100)" json:"plan"`
 	Payment string `xorm:"varchar(100)" json:"payment"`

-	StartTime time.Time         `json:"startTime"`
-	EndTime   time.Time         `json:"endTime"`
+	StartTime string            `xorm:"varchar(100)" json:"startTime"`
+	EndTime   string            `xorm:"varchar(100)" json:"endTime"`
 	Period    string            `xorm:"varchar(100)" json:"period"`
 	State     SubscriptionState `xorm:"varchar(100)" json:"state"`
 }
@ -84,9 +84,19 @@ func (sub *Subscription) UpdateState() error {
 	}

 	if sub.State == SubStateActive || sub.State == SubStateUpcoming || sub.State == SubStateExpired {
-		if sub.EndTime.Before(time.Now()) {
+		startTime, err := time.Parse(time.RFC3339, sub.StartTime)
+		if err != nil {
+			return err
+		}
+
+		endTime, err := time.Parse(time.RFC3339, sub.EndTime)
+		if err != nil {
+			return err
+		}
+
+		if endTime.Before(time.Now()) {
 			sub.State = SubStateExpired
-		} else if sub.StartTime.After(time.Now()) {
+		} else if startTime.After(time.Now()) {
 			sub.State = SubStateUpcoming
 		} else {
 			sub.State = SubStateActive
@ -103,10 +113,15 @@ func (sub *Subscription) UpdateState() error {
 	return nil
 }

-func NewSubscription(owner, userName, planName, paymentName, period string) *Subscription {
-	startTime, endTime := GetDuration(period)
+func NewSubscription(owner, userName, planName, paymentName, period string) (*Subscription, error) {
+	startTime, endTime, err := getDuration(period)
+	if err != nil {
+		return nil, err
+	}
+
 	id := util.GenerateId()[:6]
-	return &Subscription{
+
+	res := &Subscription{
 		Owner:       owner,
 		Name:        "sub_" + id,
 		DisplayName: "New Subscription - " + id,
@ -121,6 +136,7 @@ func NewSubscription(owner, userName, planName, paymentName, period string) *Sub
 		Period:    period,
 		State:     SubStatePending, // waiting for payment complete
 	}
+	return res, nil
 }

 func GetSubscriptionCount(owner, field, value string) (int64, error) {
--- a/object/token_cleanup.go
+++ b/object/token_cleanup.go
@ -0,0 +1,93 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/robfig/cron/v3"
+)
+
+func CleanupTokens(tokenRetentionIntervalAfterExpiry int) error {
+	var sessions []*Token
+	err := ormer.Engine.Find(&sessions)
+	if err != nil {
+		return fmt.Errorf("failed to query expired tokens: %w", err)
+	}
+
+	currentTime := time.Now()
+	deletedCount := 0
+
+	for _, session := range sessions {
+		tokenString := session.AccessToken
+		token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
+		if err != nil {
+			fmt.Printf("Failed to parse token %s: %v\n", session.Name, err)
+			continue
+		}
+
+		if claims, ok := token.Claims.(jwt.MapClaims); ok {
+			exp, ok := claims["exp"].(float64)
+			if !ok {
+				fmt.Printf("Token %s does not have an 'exp' claim\n", session.Name)
+				continue
+			}
+			expireTime := time.Unix(int64(exp), 0)
+			tokenAfterExpiry := currentTime.Sub(expireTime).Seconds()
+			if tokenAfterExpiry > float64(tokenRetentionIntervalAfterExpiry) {
+				_, err = ormer.Engine.Delete(session)
+				if err != nil {
+					return fmt.Errorf("failed to delete expired token %s: %w", session.Name, err)
+				}
+				fmt.Printf("[%d] Deleted expired token: %s | Created: %s | Org: %s | App: %s | User: %s\n",
+					deletedCount, session.Name, session.CreatedTime, session.Organization, session.Application, session.User)
+				deletedCount++
+			}
+		} else {
+			fmt.Printf("Token %s is not valid\n", session.Name)
+		}
+	}
+	return nil
+}
+
+func getTokenRetentionInterval(days int) int {
+	if days <= 0 {
+		days = 30
+	}
+	return days * 24 * 3600
+}
+
+func InitCleanupTokens() {
+	schedule := "0 0 * * *"
+	interval := getTokenRetentionInterval(30)
+
+	if err := CleanupTokens(interval); err != nil {
+		fmt.Printf("Error cleaning up tokens at startup: %v\n", err)
+	}
+
+	cronJob := cron.New()
+	_, err := cronJob.AddFunc(schedule, func() {
+		if err := CleanupTokens(interval); err != nil {
+			fmt.Printf("Error cleaning up tokens: %v\n", err)
+		}
+	})
+	if err != nil {
+		fmt.Printf("Error scheduling token cleanup: %v\n", err)
+		return
+	}
+	cronJob.Start()
+}
--- a/object/token_oauth.go
+++ b/object/token_oauth.go
@ -764,7 +764,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 				UserPropertiesWechatUnionId: unionId,
 			},
 		}
-		_, err = AddUser(user)
+		_, err = AddUser(user, "en")
 		if err != nil {
 			return nil, nil, err
 		}
--- a/object/user.go
+++ b/object/user.go
@ -25,6 +25,7 @@ import (

 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/faceId"
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/util"
 	"github.com/go-webauthn/webauthn/webauthn"
@ -211,6 +212,8 @@ type User struct {

 	ManagedAccounts     []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
 	MfaAccounts         []MfaAccount     `xorm:"mfaAccounts blob" json:"mfaAccounts"`
+	MfaItems            []*MfaItem       `xorm:"varchar(300)" json:"mfaItems"`
+	MfaRememberDeadline string           `xorm:"varchar(100)" json:"mfaRememberDeadline"`
 	NeedUpdatePassword  bool             `json:"needUpdatePassword"`
 	IpWhitelist         string           `xorm:"varchar(200)" json:"ipWhitelist"`
 }
@ -660,6 +663,62 @@ func GetMaskedUser(user *User, isAdminOrSelf bool, errs ...error) (*User, error)
 	return user, nil
 }

+func GetFilteredUser(user *User, isAdmin bool, isAdminOrSelf bool, accountItems []*AccountItem) (*User, error) {
+	if accountItems == nil || len(accountItems) == 0 {
+		return user, nil
+	}
+
+	userFieldMap := map[string]int{}
+
+	reflectedUserField := reflect.TypeOf(User{})
+	for i := 0; i < reflectedUserField.NumField(); i++ {
+		userFieldMap[strings.ToLower(reflectedUserField.Field(i).Name)] = i
+	}
+
+	reflectedUser := reflect.ValueOf(user).Elem()
+
+	for _, accountItem := range accountItems {
+		if accountItem.ViewRule == "Public" {
+			continue
+		} else if accountItem.ViewRule == "Self" && isAdminOrSelf {
+			continue
+		} else if accountItem.ViewRule == "Admin" && isAdmin {
+			continue
+		}
+
+		lowerCaseAccountItemName := strings.ToLower(accountItem.Name)
+		lowerCaseAccountItemName = strings.ReplaceAll(lowerCaseAccountItemName, " ", "")
+
+		switch accountItem.Name {
+		case "Multi-factor authentication":
+			lowerCaseAccountItemName = strings.ToLower("PreferredMfaType")
+		case "User type":
+			lowerCaseAccountItemName = "type"
+		case "Country/Region":
+			lowerCaseAccountItemName = "region"
+		case "ID card info":
+			{
+				infoKeys := []string{"idCardWithPerson", "idCardFront", "idCardWithPerson"}
+				for _, infoKey := range infoKeys {
+					if _, ok := user.Properties[infoKey]; ok {
+						user.Properties[infoKey] = ""
+					}
+				}
+				continue
+			}
+		}
+
+		fieldIdx, ok := userFieldMap[lowerCaseAccountItemName]
+		if !ok {
+			continue
+		}
+
+		reflectedUser.Field(fieldIdx).SetZero()
+	}
+
+	return user, nil
+}
+
 func GetMaskedUsers(users []*User, errs ...error) ([]*User, error) {
 	if len(errs) > 0 && errs[0] != nil {
 		return nil, errs[0]
@ -734,11 +793,11 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 			"eveonline", "fitbit", "gitea", "heroku", "influxcloud", "instagram", "intercom", "kakao", "lastfm", "mailru", "meetup",
 			"microsoftonline", "naver", "nextcloud", "onedrive", "oura", "patreon", "paypal", "salesforce", "shopify", "soundcloud",
 			"spotify", "strava", "stripe", "type", "tiktok", "tumblr", "twitch", "twitter", "typetalk", "uber", "vk", "wepay", "xero", "yahoo",
-			"yammer", "yandex", "zoom", "custom", "need_update_password", "ip_whitelist",
+			"yammer", "yandex", "zoom", "custom", "need_update_password", "ip_whitelist", "mfa_items", "mfa_remember_deadline",
 		}
 	}
 	if isAdmin {
-		columns = append(columns, "name", "id", "email", "phone", "country_code", "type", "balance")
+		columns = append(columns, "name", "id", "email", "phone", "country_code", "type", "balance", "mfa_items")
 	}

 	columns = append(columns, "updated_time")
@ -818,7 +877,7 @@ func UpdateUserForAllFields(id string, user *User) (bool, error) {
 	return affected != 0, nil
 }

-func AddUser(user *User) (bool, error) {
+func AddUser(user *User, lang string) (bool, error) {
 	if user.Id == "" {
 		application, err := GetApplicationByUser(user)
 		if err != nil {
@ -834,7 +893,7 @@ func AddUser(user *User) (bool, error) {
 	}

 	if user.Owner == "" || user.Name == "" {
-		return false, fmt.Errorf("the user's owner and name should not be empty")
+		return false, fmt.Errorf(i18n.Translate(lang, "user:the user's owner and name should not be empty"))
 	}

 	if CheckUsernameWithEmail(user.Name, "en") != "" {
@ -846,7 +905,7 @@ func AddUser(user *User) (bool, error) {
 		return false, err
 	}
 	if organization == nil {
-		return false, fmt.Errorf("the organization: %s is not found", user.Owner)
+		return false, fmt.Errorf(i18n.Translate(lang, "auth:the organization: %s is not found"), user.Owner)
 	}

 	if user.Owner != "built-in" {
@ -855,10 +914,14 @@ func AddUser(user *User) (bool, error) {
 			return false, err
 		}
 		if applicationCount == 0 {
-			return false, fmt.Errorf("The organization: %s should have one application at least", organization.Owner)
+			return false, fmt.Errorf(i18n.Translate(lang, "general:The organization: %s should have one application at least"), organization.Owner)
 		}
 	}

+	if organization.Name == "built-in" && !organization.HasPrivilegeConsent && user.Name != "admin" {
+		return false, fmt.Errorf(i18n.Translate(lang, "organization:adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."))
+	}
+
 	if organization.DefaultPassword != "" && user.Password == "123" {
 		user.Password = organization.DefaultPassword
 	}
--- a/object/user_cred.go
+++ b/object/user_cred.go
@ -42,8 +42,9 @@ func (user *User) UpdateUserHash() error {
 func (user *User) UpdateUserPassword(organization *Organization) {
 	credManager := cred.GetCredManager(organization.PasswordType)
 	if credManager != nil {
-		hashedPassword := credManager.GetHashedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
+		hashedPassword := credManager.GetHashedPassword(user.Password, organization.PasswordSalt)
 		user.Password = hashedPassword
 		user.PasswordType = organization.PasswordType
+		user.PasswordSalt = organization.PasswordSalt
 	}
 }
--- a/object/user_upload.go
+++ b/object/user_upload.go
@ -81,7 +81,7 @@ func UploadUsers(owner string, path string) (bool, error) {
 		return false, err
 	}

-	transUsers, err := StringArrayToUser(table)
+	transUsers, err := StringArrayToStruct[User](table)
 	if err != nil {
 		return false, err
 	}
--- a/object/user_util.go
+++ b/object/user_util.go
@ -263,7 +263,19 @@ func ClearUserOAuthProperties(user *User, providerType string) (bool, error) {
 	return affected != 0, nil
 }

-func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang string) (bool, string) {
+func userVisible(isAdmin bool, item *AccountItem) bool {
+	if item == nil {
+		return false
+	}
+
+	if item.ViewRule == "Admin" && !isAdmin {
+		return false
+	}
+
+	return true
+}
+
+func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, allowDisplayNameEmpty bool, lang string) (bool, string) {
 	organization, err := GetOrganizationByUser(oldUser)
 	if err != nil {
 		return false, err.Error()
@ -273,7 +285,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Owner != newUser.Owner {
 		item := GetAccountItemByName("Organization", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Owner = oldUser.Owner
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -281,7 +293,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Name != newUser.Name {
 		item := GetAccountItemByName("Name", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Name = oldUser.Name
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -289,7 +301,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Id != newUser.Id {
 		item := GetAccountItemByName("ID", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Id = oldUser.Id
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -297,15 +309,19 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.DisplayName != newUser.DisplayName {
 		item := GetAccountItemByName("Display name", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.DisplayName = oldUser.DisplayName
 		} else {
+			if !allowDisplayNameEmpty && newUser.DisplayName == "" {
+				return false, i18n.Translate(lang, "user:Display name cannot be empty")
+			}
+
 			itemsChanged = append(itemsChanged, item)
 		}
 	}
 	if oldUser.Avatar != newUser.Avatar {
 		item := GetAccountItemByName("Avatar", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Avatar = oldUser.Avatar
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -313,7 +329,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Type != newUser.Type {
 		item := GetAccountItemByName("User type", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Type = oldUser.Type
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -322,7 +338,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	// The password is *** when not modified
 	if oldUser.Password != newUser.Password && newUser.Password != "***" {
 		item := GetAccountItemByName("Password", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Password = oldUser.Password
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -330,7 +346,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Email != newUser.Email {
 		item := GetAccountItemByName("Email", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Email = oldUser.Email
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -338,7 +354,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Phone != newUser.Phone {
 		item := GetAccountItemByName("Phone", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Phone = oldUser.Phone
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -346,7 +362,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.CountryCode != newUser.CountryCode {
 		item := GetAccountItemByName("Country code", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.CountryCode = oldUser.CountryCode
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -354,7 +370,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Region != newUser.Region {
 		item := GetAccountItemByName("Country/Region", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Region = oldUser.Region
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -362,7 +378,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Location != newUser.Location {
 		item := GetAccountItemByName("Location", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Location = oldUser.Location
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -370,7 +386,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Affiliation != newUser.Affiliation {
 		item := GetAccountItemByName("Affiliation", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Affiliation = oldUser.Affiliation
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -378,7 +394,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Title != newUser.Title {
 		item := GetAccountItemByName("Title", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Title = oldUser.Title
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -386,7 +402,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Homepage != newUser.Homepage {
 		item := GetAccountItemByName("Homepage", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Homepage = oldUser.Homepage
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -394,7 +410,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Bio != newUser.Bio {
 		item := GetAccountItemByName("Bio", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Bio = oldUser.Bio
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -402,7 +418,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Tag != newUser.Tag {
 		item := GetAccountItemByName("Tag", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Tag = oldUser.Tag
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -410,7 +426,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.SignupApplication != newUser.SignupApplication {
 		item := GetAccountItemByName("Signup application", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.SignupApplication = oldUser.SignupApplication
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -419,7 +435,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Gender != newUser.Gender {
 		item := GetAccountItemByName("Gender", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Gender = oldUser.Gender
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -428,7 +444,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Birthday != newUser.Birthday {
 		item := GetAccountItemByName("Birthday", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Birthday = oldUser.Birthday
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -437,7 +453,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Education != newUser.Education {
 		item := GetAccountItemByName("Education", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Education = oldUser.Education
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -446,7 +462,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.IdCard != newUser.IdCard {
 		item := GetAccountItemByName("ID card", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IdCard = oldUser.IdCard
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -455,7 +471,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.IdCardType != newUser.IdCardType {
 		item := GetAccountItemByName("ID card type", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IdCardType = oldUser.IdCardType
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -463,10 +479,13 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}

 	oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
+	if newUser.Properties == nil {
+		newUser.Properties = make(map[string]string)
+	}
 	newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
 	if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
 		item := GetAccountItemByName("Properties", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Properties = oldUser.Properties
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -475,7 +494,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.PreferredMfaType != newUser.PreferredMfaType {
 		item := GetAccountItemByName("Multi-factor authentication", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.PreferredMfaType = oldUser.PreferredMfaType
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -486,13 +505,14 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		oldUser.Groups = []string{}
 	}
 	oldUserGroupsJson, _ := json.Marshal(oldUser.Groups)
+
 	if newUser.Groups == nil {
 		newUser.Groups = []string{}
 	}
 	newUserGroupsJson, _ := json.Marshal(newUser.Groups)
 	if string(oldUserGroupsJson) != string(newUserGroupsJson) {
 		item := GetAccountItemByName("Groups", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Groups = oldUser.Groups
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -510,7 +530,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	newUserAddressJson, _ := json.Marshal(newUser.Address)
 	if string(oldUserAddressJson) != string(newUserAddressJson) {
 		item := GetAccountItemByName("Address", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Address = oldUser.Address
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -519,7 +539,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if newUser.FaceIds != nil {
 		item := GetAccountItemByName("Face ID", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.FaceIds = oldUser.FaceIds
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -528,7 +548,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.IsAdmin != newUser.IsAdmin {
 		item := GetAccountItemByName("Is admin", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IsAdmin = oldUser.IsAdmin
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -537,7 +557,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.IsForbidden != newUser.IsForbidden {
 		item := GetAccountItemByName("Is forbidden", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IsForbidden = oldUser.IsForbidden
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -545,7 +565,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.IsDeleted != newUser.IsDeleted {
 		item := GetAccountItemByName("Is deleted", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IsDeleted = oldUser.IsDeleted
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -553,7 +573,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.NeedUpdatePassword != newUser.NeedUpdatePassword {
 		item := GetAccountItemByName("Need update password", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.NeedUpdatePassword = oldUser.NeedUpdatePassword
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -561,7 +581,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.IpWhitelist != newUser.IpWhitelist {
 		item := GetAccountItemByName("IP whitelist", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IpWhitelist = oldUser.IpWhitelist
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -570,7 +590,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Balance != newUser.Balance {
 		item := GetAccountItemByName("Balance", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Balance = oldUser.Balance
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -579,7 +599,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Score != newUser.Score {
 		item := GetAccountItemByName("Score", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Score = oldUser.Score
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -588,7 +608,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Karma != newUser.Karma {
 		item := GetAccountItemByName("Karma", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Karma = oldUser.Karma
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -597,7 +617,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Language != newUser.Language {
 		item := GetAccountItemByName("Language", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Language = oldUser.Language
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -606,7 +626,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Ranking != newUser.Ranking {
 		item := GetAccountItemByName("Ranking", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Ranking = oldUser.Ranking
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -615,7 +635,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Currency != newUser.Currency {
 		item := GetAccountItemByName("Currency", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Currency = oldUser.Currency
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -624,7 +644,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Hash != newUser.Hash {
 		item := GetAccountItemByName("Hash", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Hash = oldUser.Hash
 		} else {
 			itemsChanged = append(itemsChanged, item)
@ -704,14 +724,14 @@ func setReflectAttr[T any](fieldValue *reflect.Value, fieldString string) error
 	return nil
 }

-func StringArrayToUser(stringArray [][]string) ([]*User, error) {
+func StringArrayToStruct[T any](stringArray [][]string) ([]*T, error) {
 	fieldNames := stringArray[0]
 	excelMap := []map[string]string{}
-	userFieldMap := map[string]int{}
+	structFieldMap := map[string]int{}

-	reflectedUser := reflect.TypeOf(User{})
-	for i := 0; i < reflectedUser.NumField(); i++ {
-		userFieldMap[strings.ToLower(reflectedUser.Field(i).Name)] = i
+	reflectedStruct := reflect.TypeOf(*new(T))
+	for i := 0; i < reflectedStruct.NumField(); i++ {
+		structFieldMap[strings.ToLower(reflectedStruct.Field(i).Name)] = i
 	}

 	for idx, field := range stringArray {
@ -726,22 +746,23 @@ func StringArrayToUser(stringArray [][]string) ([]*User, error) {
 		excelMap = append(excelMap, tempMap)
 	}

-	users := []*User{}
+	instances := []*T{}
 	var err error

-	for _, u := range excelMap {
-		user := User{}
-		reflectedUser := reflect.ValueOf(&user).Elem()
-		for k, v := range u {
+	for _, m := range excelMap {
+		instance := new(T)
+		reflectedInstance := reflect.ValueOf(instance).Elem()
+
+		for k, v := range m {
 			if v == "" || v == "null" || v == "[]" || v == "{}" {
 				continue
 			}
 			fName := strings.ToLower(strings.ReplaceAll(k, "_", ""))
-			fieldIdx, ok := userFieldMap[fName]
+			fieldIdx, ok := structFieldMap[fName]
 			if !ok {
 				continue
 			}
-			fv := reflectedUser.Field(fieldIdx)
+			fv := reflectedInstance.Field(fieldIdx)
 			if !fv.IsValid() {
 				continue
 			}
@ -786,8 +807,8 @@ func StringArrayToUser(stringArray [][]string) ([]*User, error) {
 				return nil, err
 			}
 		}
-		users = append(users, &user)
+		instances = append(instances, instance)
 	}

-	return users, nil
+	return instances, nil
 }
--- a/object/verification.go
+++ b/object/verification.go
@ -19,6 +19,8 @@ import (
 	"fmt"
 	"math"
 	"math/rand"
+	"net/url"
+	"regexp"
 	"strings"
 	"time"

@ -33,6 +35,8 @@ type VerifyResult struct {
 	Msg  string
 }

+var ResetLinkReg *regexp.Regexp
+
 const (
 	VerificationSuccess = iota
 	wrongCodeError
@ -45,6 +49,10 @@ const (
 	VerifyTypeEmail = "email"
 )

+func init() {
+	ResetLinkReg = regexp.MustCompile("(?s)<reset-link>(.*?)</reset-link>")
+}
+
 type VerificationRecord struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@ -81,7 +89,7 @@ func IsAllowSend(user *User, remoteAddr, recordType string) error {
 	return nil
 }

-func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string, method string, host string, applicationName string) error {
 	sender := organization.DisplayName
 	title := provider.Title

@ -93,6 +101,23 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
 	content := strings.Replace(provider.Content, "%s", code, 1)

+	if method == "forget" {
+		originFrontend, _ := getOriginFromHost(host)
+
+		query := url.Values{}
+		query.Add("code", code)
+		query.Add("username", user.Name)
+		query.Add("dest", util.GetMaskedEmail(dest))
+		forgetURL := originFrontend + "/forget/" + applicationName + "?" + query.Encode()
+
+		content = strings.Replace(content, "%link", forgetURL, -1)
+		content = strings.Replace(content, "<reset-link>", "", -1)
+		content = strings.Replace(content, "</reset-link>", "", -1)
+	} else {
+		matchContent := ResetLinkReg.Find([]byte(content))
+		content = strings.Replace(content, string(matchContent), "", -1)
+	}
+
 	userString := "Hi"
 	if user != nil {
 		userString = user.GetFriendlyName()
--- a/routers/auto_signin_filter.go
+++ b/routers/auto_signin_filter.go
@ -66,6 +66,10 @@ func AutoSigninFilter(ctx *context.Context) {
 			responseError(ctx, err.Error())
 			return
 		}
+		if application == nil {
+			responseError(ctx, fmt.Sprintf("No application is found for userId: app/%s", token.Application))
+			return
+		}

 		setSessionUser(ctx, userId)
 		setSessionOidc(ctx, token.Scope, application.ClientId)
--- a/routers/base.go
+++ b/routers/base.go
@ -185,17 +185,3 @@ func removePort(s string) string {
 	}
 	return ipStr
 }
-
-func isHostIntranet(s string) bool {
-	ipStr, _, err := net.SplitHostPort(s)
-	if err != nil {
-		ipStr = s
-	}
-
-	ip := net.ParseIP(ipStr)
-	if ip == nil {
-		return false
-	}
-
-	return ip.IsPrivate() || ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast()
-}
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@ -83,7 +83,7 @@ func CorsFilter(ctx *context.Context) {
 			setCorsHeaders(ctx, origin)
 		} else if originHostname == host {
 			setCorsHeaders(ctx, origin)
-		} else if isHostIntranet(host) {
+		} else if util.IsHostIntranet(host) {
 			setCorsHeaders(ctx, origin)
 		} else {
 			ok, err := object.IsOriginAllowed(origin)
--- a/routers/field_validation_filter.go
+++ b/routers/field_validation_filter.go
@ -0,0 +1,56 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package routers
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/beego/beego/context"
+)
+
+var forbiddenChars = `/?:#&%=+;`
+
+func FieldValidationFilter(ctx *context.Context) {
+	if ctx.Input.Method() != "POST" {
+		return
+	}
+
+	urlPath := ctx.Request.URL.Path
+	if !(strings.HasPrefix(urlPath, "/api/add-") || strings.HasPrefix(urlPath, "/api/update-")) {
+		return
+	}
+
+	bodyBytes, err := io.ReadAll(ctx.Request.Body)
+	if err != nil || len(bodyBytes) == 0 {
+		return
+	}
+
+	ctx.Request.Body = io.NopCloser(strings.NewReader(string(bodyBytes)))
+
+	var requestData map[string]interface{}
+	if err := json.Unmarshal(bodyBytes, &requestData); err != nil {
+		return
+	}
+
+	if value, ok := requestData["name"].(string); ok {
+		if strings.ContainsAny(value, forbiddenChars) {
+			responseError(ctx, fmt.Sprintf("Field 'name' contains forbidden characters: %q", forbiddenChars))
+			return
+		}
+	}
+}
--- a/routers/router.go
+++ b/routers/router.go
@ -81,6 +81,7 @@ func initAPI() {
 	beego.Router("/api/update-group", &controllers.ApiController{}, "POST:UpdateGroup")
 	beego.Router("/api/add-group", &controllers.ApiController{}, "POST:AddGroup")
 	beego.Router("/api/delete-group", &controllers.ApiController{}, "POST:DeleteGroup")
+	beego.Router("/api/upload-groups", &controllers.ApiController{}, "POST:UploadGroups")

 	beego.Router("/api/get-global-users", &controllers.ApiController{}, "GET:GetGlobalUsers")
 	beego.Router("/api/get-users", &controllers.ApiController{}, "GET:GetUsers")
--- a/scim/user_handler.go
+++ b/scim/user_handler.go
@ -132,7 +132,7 @@ func AddScimUser(r *scim.Resource) error {
 		return errors.ScimErrorUniqueness
 	}

-	affect, err := object.AddUser(newUser)
+	affect, err := object.AddUser(newUser, "en")
 	if err != nil {
 		return err
 	}
--- a/util/network.go
+++ b/util/network.go
@ -0,0 +1,47 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"net"
+)
+
+func IsInternetIp(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return !parsedIP.IsPrivate() && !parsedIP.IsLoopback() && !parsedIP.IsMulticast() && !parsedIP.IsUnspecified()
+}
+
+func IsHostIntranet(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return parsedIP.IsPrivate() || parsedIP.IsLoopback() || parsedIP.IsLinkLocalUnicast() || parsedIP.IsLinkLocalMulticast()
+}
--- a/util/system.go
+++ b/util/system.go
@ -30,6 +30,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/shirou/gopsutil/cpu"
 	"github.com/shirou/gopsutil/mem"
+	"github.com/shirou/gopsutil/process"
 )

 type SystemInfo struct {
@ -60,7 +61,17 @@ func getMemoryUsage() (uint64, uint64, error) {
 	var m runtime.MemStats
 	runtime.ReadMemStats(&m)

-	return m.Alloc, virtualMem.Total, nil
+	proc, err := process.NewProcess(int32(os.Getpid()))
+	if err != nil {
+		return 0, 0, err
+	}
+
+	memInfo, err := proc.MemoryInfo()
+	if err != nil {
+		return 0, 0, err
+	}
+
+	return memInfo.RSS, virtualMem.Total, nil
 }

 func GetSystemInfo() (*SystemInfo, error) {
--- a/web/src/App.js
+++ b/web/src/App.js
@ -404,6 +404,7 @@ class App extends Component {
                      account={this.state.account}
                      theme={this.state.themeData}
                      themeAlgorithm={this.state.themeAlgorithm}
+                      requiredEnableMfa={this.state.requiredEnableMfa}
                      updateApplication={(application) => {
                        this.setState({
                          application: application,
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, ConfigProvider, Input, InputNumber, Popover, Radio, Result, Row, Select, Space, Switch, Upload} from "antd";
+import {Button, Card, Col, ConfigProvider, Input, InputNumber, Popover, Radio, Result, Row, Select, Space, Switch, Upload, message} from "antd";
 import {CopyOutlined, HolderOutlined, LinkOutlined, UploadOutlined, UsergroupAddOutlined} from "@ant-design/icons";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as CertBackend from "./backend/CertBackend";
@ -279,6 +279,13 @@ class ApplicationEditPage extends React.Component {
          </Col>
          <Col span={22} >
            <Input value={this.state.application.name} disabled={this.state.application.name === "app-built-in"} onChange={e => {
+              const value = e.target.value;
+              if (/[/?:@#&%=+;]/.test(value)) {
+                const invalidChars = "/ ? : @ # & % = + ;";
+                const messageText = i18next.t("application:Invalid characters in application name") + ":" + " " + invalidChars;
+                message.error(messageText);
+                return;
+              }
              this.updateApplicationField("name", e.target.value);
            }} />
          </Col>
--- a/web/src/GroupListPage.js
+++ b/web/src/GroupListPage.js
@ -14,7 +14,8 @@

 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Table, Tooltip} from "antd";
+import {Button, Table, Tooltip, Upload} from "antd";
+import {UploadOutlined} from "@ant-design/icons";
 import moment from "moment";
 import * as Setting from "./Setting";
 import * as GroupBackend from "./backend/GroupBackend";
@ -87,6 +88,42 @@ class GroupListPage extends BaseListPage {
      });
  }

+  uploadFile(info) {
+    const {status, response: res} = info.file;
+    if (status === "done") {
+      if (res.status === "ok") {
+        Setting.showMessage("success", "Groups uploaded successfully, refreshing the page");
+        const {pagination} = this.state;
+        this.fetch({pagination});
+      } else {
+        Setting.showMessage("error", `Groups failed to upload: ${res.msg}`);
+      }
+    } else if (status === "error") {
+      Setting.showMessage("error", "File failed to upload");
+    }
+  }
+
+  renderUpload() {
+    const props = {
+      name: "file",
+      accept: ".xlsx",
+      method: "post",
+      action: `${Setting.ServerUrl}/api/upload-groups`,
+      withCredentials: true,
+      onChange: (info) => {
+        this.uploadFile(info);
+      },
+    };
+
+    return (
+      <Upload {...props}>
+        <Button icon={<UploadOutlined />} id="upload-button" type="primary" size="small">
+          {i18next.t("group:Upload (.xlsx)")}
+        </Button>
+      </Upload>
+    );
+  }
+
  renderTable(data) {
    const columns = [
      {
@ -231,7 +268,10 @@ class GroupListPage extends BaseListPage {
          title={() => (
            <div>
              {i18next.t("general:Groups")}&nbsp;&nbsp;&nbsp;&nbsp;
-              <Button type="primary" size="small" onClick={this.addGroup.bind(this)}>{i18next.t("general:Add")}</Button>
+              <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={this.addGroup.bind(this)}>{i18next.t("general:Add")}</Button>
+              {
+                this.renderUpload()
+              }
            </div>
          )}
          loading={this.state.loading}
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Radio, Row, Select, Switch} from "antd";
+import {Button, Card, Col, Input, InputNumber, Popconfirm, Radio, Row, Select, Switch} from "antd";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as LdapBackend from "./backend/LdapBackend";
@ -270,6 +270,31 @@ class OrganizationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        {
+          this.state.organization.name === "built-in" ? (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
+                {Setting.getLabel(i18next.t("organization:Has privilege consent"), i18next.t("organization:Has privilege consent - Tooltip"))} :
+              </Col>
+              <Col span={1} >
+                {
+                  !this.state.organization.hasPrivilegeConsent ? (
+                    <Popconfirm
+                      title={i18next.t("organization:Has privilege consent warning")}
+                      onConfirm={() => {this.updateOrganizationField("hasPrivilegeConsent", !this.state.organization.hasPrivilegeConsent);}}
+                      okText={i18next.t("general:OK")}
+                      cancelText={i18next.t("general:Cancel")}
+                      styles={{root: {width: "800px"}}}
+                    >
+                      <Switch checked={this.state.organization.hasPrivilegeConsent} />
+                    </Popconfirm>
+                  ) :
+                    <Switch checked={this.state.organization.hasPrivilegeConsent} onChange={() => {this.updateOrganizationField("hasPrivilegeConsent", !this.state.organization.hasPrivilegeConsent);}} />
+                }
+              </Col>
+            </Row>
+          ) : null
+        }
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Password type"), i18next.t("general:Password type - Tooltip"))} :
@ -578,6 +603,16 @@ class OrganizationEditPage extends React.Component {
            />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:MFA remember time"), i18next.t("application:MFA remember time - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber style={{width: "150px"}} value={this.state.organization.mfaRememberInHours} min={1} step={1} precision={0} addonAfter="Hours" onChange={value => {
+              this.updateOrganizationField("mfaRememberInHours", value);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:MFA items"), i18next.t("general:MFA items - Tooltip"))} :
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@ -25,6 +25,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class OrganizationListPage extends BaseListPage {
  newOrganization() {
    const randomName = Setting.getRandomName();
+    const DefaultMfaRememberInHours = 12;
    return {
      owner: "admin", // this.props.account.organizationname,
      name: `organization_${randomName}`,
@ -48,6 +49,7 @@ class OrganizationListPage extends BaseListPage {
      enableSoftDeletion: false,
      isProfilePublic: true,
      enableTour: true,
+      mfaRememberInHours: DefaultMfaRememberInHours,
      accountItems: [
        {name: "Organization", visible: true, viewRule: "Public", modifyRule: "Admin"},
        {name: "ID", visible: true, viewRule: "Public", modifyRule: "Immutable"},
--- a/web/src/ProductEditPage.js
+++ b/web/src/ProductEditPage.js
@ -288,6 +288,16 @@ class ProductEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("product:Success URL"), i18next.t("product:Success URL - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={this.state.product.successUrl} onChange={e => {
+              this.updateProductField("successUrl", e.target.value);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:State"), i18next.t("general:State - Tooltip"))} :
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@ -371,11 +371,6 @@ class ProviderEditPage extends React.Component {
          {id: "Third-party", name: i18next.t("provider:Third-party")},
        ]
      );
-    } else if (type === "Aliyun Captcha") {
-      return [
-        {id: "nc", name: i18next.t("provider:Sliding Validation")},
-        {id: "ic", name: i18next.t("provider:Intelligent Validation")},
-      ];
    } else {
      return [];
    }
@ -674,7 +669,7 @@ class ProviderEditPage extends React.Component {
          </Col>
        </Row>
        {
-          this.state.provider.type !== "WeCom" && this.state.provider.type !== "Infoflow" && this.state.provider.type !== "Aliyun Captcha" ? null : (
+          this.state.provider.type !== "WeCom" && this.state.provider.type !== "Infoflow" ? null : (
            <React.Fragment>
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
@ -936,10 +931,12 @@ class ProviderEditPage extends React.Component {
          )
        }
        {
-          this.state.provider.type !== "Google" ? null : (
+          this.state.provider.type !== "Google" && this.state.provider.type !== "Lark" ? null : (
            <Row style={{marginTop: "20px"}} >
              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {Setting.getLabel(i18next.t("provider:Get phone number"), i18next.t("provider:Get phone number - Tooltip"))} :
+                {this.state.provider.type === "Google" ?
+                  Setting.getLabel(i18next.t("provider:Get phone number"), i18next.t("provider:Get phone number - Tooltip"))
+                  : Setting.getLabel(i18next.t("provider:Use global endpoint"), i18next.t("provider:Use global endpoint - Tooltip"))} :
              </Col>
              <Col span={1} >
                <Switch disabled={!this.state.provider.clientId} checked={this.state.provider.disableSsl} onChange={checked => {
@ -1232,7 +1229,7 @@ class ProviderEditPage extends React.Component {
                </Col>
                <Col span={22} >
                  <Row style={{marginTop: "20px"}} >
-                    <Button style={{marginLeft: "10px", marginBottom: "5px"}} onClick={() => this.updateProviderField("content", "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes.")} >
+                    <Button style={{marginLeft: "10px", marginBottom: "5px"}} onClick={() => this.updateProviderField("content", "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes. <reset-link>Or click %link to reset</reset-link>")} >
                      {i18next.t("provider:Reset to Default Text")}
                    </Button>
                    <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary" onClick={() => this.updateProviderField("content", Setting.getDefaultHtmlEmailContent())} >
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
DacongDA	835273576b	feat: add Lark OAuth provider (#3956 )	2025-07-13 19:51:45 +08:00
raiki02	7fdc264ff6	feat: check if MFA is verified when required (#3954 )	2025-07-12 15:20:44 +08:00
DacongDA	a120734bb1	feat: support links in email to reset password (#3939 )	2025-07-12 00:18:56 +08:00
Vickko	edd0b30e08	feat: Supports smooth migration of password hash (#3940 )	2025-07-11 19:57:55 +08:00
Attack825	2da597b26f	feat: add support for per-account MFA validity period in org setting to reduce repeated prompts (#3917 )	2025-07-11 00:24:33 +08:00
DacongDA	ef14c84edc	feat: show the popover on the top when window's width too small and close popover when password options is empty (#3952 )	2025-07-10 19:56:05 +08:00
Yang Luo	cb5c7667b5	feat: change Subscription's StartTime and EndTime to string	2025-07-10 14:11:40 +08:00
Yang Luo	920ed87f75	fix: refactor the code in CheckPassword()	2025-07-10 00:49:13 +08:00
raiki02	6598f0ccdf	feat: use token's client ID instead in IntrospectToken() API (#3948 )	2025-07-09 22:07:44 +08:00
Yang Luo	8e71e23d75	feat: improve error message for GetConfigInt64()	2025-07-09 00:32:00 +08:00
Yang Luo	146a369f80	feat: improve error handling in AutoSigninFilter	2025-07-08 23:47:14 +08:00
raiki02	9bbe5afb7c	feat: use only one salt arg in CredManager.IsPasswordCorrect() (#3936 )	2025-07-07 17:56:25 +08:00
DacongDA	b42391c6ce	feat: move needUpdatePassword to response's Data3 field to avoid refresh token conflict (#3931 )	2025-07-05 22:48:44 +08:00
Raiki	fb035a5353	feat: CredManager.GetHashedPassword() only contains one salt arg now (#3928 )	2025-07-05 18:41:37 +08:00
Raiki	b1f68a60a4	feat: set createDatabase to false in TestDumpToFile() (#3924 )	2025-07-03 22:50:23 +08:00
Robin Ye	201d704a31	feat: improve TikTok username generation logic (#3923 )	2025-07-03 20:53:15 +08:00
Robin Ye	bf91ad6c97	feat: add Internet-Only captcha rule (#3919 )	2025-07-03 02:39:06 +08:00
Yang Luo	3ccc0339c7	feat: improve CheckToEnableCaptcha() logic	2025-07-03 02:32:07 +08:00
DacongDA	1f2b0a3587	feat: add user's MFA items (#3921 )	2025-07-02 23:05:07 +08:00
DacongDA	0b3feb0d5f	feat: use Input.OTP to input totp code (#3922 )	2025-07-02 18:22:59 +08:00
DacongDA	568c0e2c3d	feat: show Organization.PasswordOptions in login UI (#3913 )	2025-06-28 22:13:00 +08:00
Yang Luo	f4ad2b4034	feat: remove "@" from name's forbidden chars	2025-06-27 18:41:50 +08:00
Attack825	c9f8727890	feat: fix bug in InitCleanupTokens() (#3910 )	2025-06-27 02:08:18 +08:00
DacongDA	e2e3c1fbb8	feat: support Product.SuccessUrl (#3908 )	2025-06-26 22:52:07 +08:00
David	73915ac0a0	feat: fix issue that LDAP user address was not syncing (#3905 )	2025-06-26 09:38:16 +08:00
Attack825	bf9d55ff40	feat: add InitCleanupTokens() (#3903 )	2025-06-26 09:31:59 +08:00
XiangYe	b36fb50239	feat: fix check bug to allow logged-in users to buy product (#3897 )	2025-06-25 10:49:20 +08:00
Øßfusion	4307baa759	feat: fix Tumblr OAuth's wrong scope (#3898 )	2025-06-25 09:55:02 +08:00
David	3964bae1df	feat: fix org's LDAP table wrong link (#3900 )	2025-06-25 09:51:40 +08:00
Yang Luo	d9b97d70be	feat: change CRLF to LF for some files	2025-06-24 09:55:00 +08:00
Attack825	ca224fdd4c	feat: add group xlsx upload button (#3885 )	2025-06-17 23:43:38 +08:00
千石	37daea2bbc	feat: improve error message in ApplicationEditPage (#3886 )	2025-06-17 20:06:52 +08:00
千石	af231bf946	feat: add FieldValidationFilter to check object names (#3877 )	2025-06-17 16:11:35 +08:00
DacongDA	6dc7b4d533	feat: get-user API respects org's account item's view rules now (#3882 )	2025-06-16 20:09:21 +08:00
DacongDA	12cc0f429e	feat: remove support for Non trace verification for Alibaba cloud captcha verification (#3881 )	2025-06-13 00:36:29 +08:00
DacongDA	8cc22dec91	feat: upgrade Alibaba cloud captcha provider from v1 to v2 (#3879 )	2025-06-12 23:02:36 +08:00
千石	0c08ae5365	feat: Add support for email verification logic (#3875 )	2025-06-11 19:17:16 +08:00
Yang Luo	c3485268d3	feat: fix "Display name cannot be empty" in /update-user API	2025-06-11 00:32:05 +08:00
Yang Luo	64a4956c42	feat: improve getMemoryUsage()	2025-06-09 20:08:55 +08:00
DacongDA	855bdf47e8	feat: fix memory usage in sysinfo page (#3870 )	2025-06-09 00:31:34 +08:00
DacongDA	de7e322fbb	feat: limit the width of the organization.hasPrivilegeConsent popconfirm (#3869 )	2025-06-07 00:30:41 +08:00
DacongDA	4cb0cd7c5a	feat: add Organization.HasPrivilegeConsent to block add-user API for the "built-in" org (#3864 )	2025-06-06 23:05:01 +08:00
DacongDA	c6a50349cc	feat: add missing backend i18n texts (#3863 )	2025-06-06 00:03:04 +08:00
DacongDA	8a098a4b6e	feat: skip node_modules folder when generating i18n (#3862 )	2025-06-05 20:51:14 +08:00
Yang Luo	09f98fd24a	feat: rollback to Beego 1.12.12 to fix Redis session issue	2025-06-04 22:40:54 +08:00