feat: fix issue that LDAP user address was not syncing (#3905 )

feat: add InitCleanupTokens() (#3903 )
feat: fix check bug to allow logged-in users to buy product (#3897 )
2025-07-30 08:10:29 +08:00 · 2025-06-26 09:38:16 +08:00 · 2025-06-26 09:31:59 +08:00 · 2025-06-25 10:49:20 +08:00 · 2025-06-25 09:55:02 +08:00 · 2025-06-25 09:51:40 +08:00
42 changed files with 1626 additions and 1160 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,5 @@
-*.go linguist-detectable=true
-*.js linguist-detectable=false
-# Declare files that will always have LF line endings on checkout.
-# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
+*.go linguist-detectable=true
+*.js linguist-detectable=false
+# Declare files that will always have LF line endings on checkout.
+# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
 *.sh text eol=lf
--- a/README.md
+++ b/README.md
@@ -1,102 +1,102 @@
-<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
-<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
-<p align="center">
-  <a href="#badge">
-    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
-    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/releases/latest">
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
-  </a>
-</p>
-
-<p align="center">
-  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
-    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
-    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/issues">
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="#">
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/network">
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://crowdin.com/project/casdoor-site">
-    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
-  </a>
-  <a href="https://discord.gg/5rPsrAzK7S">
-    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
-  </a>
-</p>
-
-<p align="center">
-  <sup>Sponsored by</sup>
-  <br>
-  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin">
-    <picture>
-      <source media="(prefers-color-scheme: dark)" srcset="https://cdn.casbin.org/img/stytch-white.png">
-      <source media="(prefers-color-scheme: light)" srcset="https://cdn.casbin.org/img/stytch-charcoal.png">
-      <img src="https://cdn.casbin.org/img/stytch-charcoal.png" width="275">
-    </picture>
-  </a><br/>
-  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin"><b>Build auth with fraud prevention, faster.</b><br/> Try Stytch for API-first authentication, user & org management, multi-tenant SSO, MFA, device fingerprinting, and more.</a>
-  <br>
-</p>
-
-## Online demo
-
- Read-only site: https://door.casdoor.com (any modification operation will fail)
- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
-
-## Documentation
-
-https://casdoor.org
-
-## Install
-
- By source code: https://casdoor.org/docs/basic/server-installation
- By Docker: https://casdoor.org/docs/basic/try-with-docker
- By Kubernetes Helm: https://casdoor.org/docs/basic/try-with-helm
-
-## How to connect to Casdoor?
-
-https://casdoor.org/docs/how-to-connect/overview
-
-## Casdoor Public API
-
- Docs: https://casdoor.org/docs/basic/public-api
- Swagger: https://door.casdoor.com/swagger
-
-## Integrations
-
-https://casdoor.org/docs/category/integrations
-
-## How to contact?
-
- Discord: https://discord.gg/5rPsrAzK7S
- Contact: https://casdoor.org/help
-
-## Contribute
-
-For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
-
-### I18n translation
-
-If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
-
-## License
-
-[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
+<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
+<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
+<p align="center">
+  <a href="#badge">
+    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
+  </a>
+  <a href="https://hub.docker.com/r/casbin/casdoor">
+    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
+    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/releases/latest">
+    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
+  </a>
+  <a href="https://hub.docker.com/r/casbin/casdoor">
+    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
+    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
+    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/issues">
+    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="#">
+    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/network">
+    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://crowdin.com/project/casdoor-site">
+    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
+  </a>
+  <a href="https://discord.gg/5rPsrAzK7S">
+    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
+  </a>
+</p>
+
+<p align="center">
+  <sup>Sponsored by</sup>
+  <br>
+  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="https://cdn.casbin.org/img/stytch-white.png">
+      <source media="(prefers-color-scheme: light)" srcset="https://cdn.casbin.org/img/stytch-charcoal.png">
+      <img src="https://cdn.casbin.org/img/stytch-charcoal.png" width="275">
+    </picture>
+  </a><br/>
+  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin"><b>Build auth with fraud prevention, faster.</b><br/> Try Stytch for API-first authentication, user & org management, multi-tenant SSO, MFA, device fingerprinting, and more.</a>
+  <br>
+</p>
+
+## Online demo
+
+- Read-only site: https://door.casdoor.com (any modification operation will fail)
+- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
+
+## Documentation
+
+https://casdoor.org
+
+## Install
+
+- By source code: https://casdoor.org/docs/basic/server-installation
+- By Docker: https://casdoor.org/docs/basic/try-with-docker
+- By Kubernetes Helm: https://casdoor.org/docs/basic/try-with-helm
+
+## How to connect to Casdoor?
+
+https://casdoor.org/docs/how-to-connect/overview
+
+## Casdoor Public API
+
+- Docs: https://casdoor.org/docs/basic/public-api
+- Swagger: https://door.casdoor.com/swagger
+
+## Integrations
+
+https://casdoor.org/docs/category/integrations
+
+## How to contact?
+
+- Discord: https://discord.gg/5rPsrAzK7S
+- Contact: https://casdoor.org/help
+
+## Contribute
+
+For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
+
+### I18n translation
+
+If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
+
+## License
+
+[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
--- a/captcha/aliyun.go
+++ b/captcha/aliyun.go
@@ -15,32 +15,51 @@
 package captcha

 import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/casdoor/casdoor/util"
+	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	openapiutil "github.com/alibabacloud-go/openapi-util/service"
+	teaUtil "github.com/alibabacloud-go/tea-utils/v2/service"
+	"github.com/alibabacloud-go/tea/tea"
 )

-const AliyunCaptchaVerifyUrl = "http://afs.aliyuncs.com"
+const AliyunCaptchaVerifyUrl = "captcha.cn-shanghai.aliyuncs.com"

-type captchaSuccessResponse struct {
-	Code int    `json:"Code"`
-	Msg  string `json:"Msg"`
+type VerifyCaptchaRequest struct {
+	CaptchaVerifyParam *string `json:"CaptchaVerifyParam,omitempty" xml:"CaptchaVerifyParam,omitempty"`
+	SceneId            *string `json:"SceneId,omitempty" xml:"SceneId,omitempty"`
 }

-type captchaFailResponse struct {
-	Code    string `json:"Code"`
-	Message string `json:"Message"`
+type VerifyCaptchaResponseBodyResult struct {
+	VerifyResult *bool `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
 }

+type VerifyCaptchaResponseBody struct {
+	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
+	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
+	// Id of the request
+	RequestId *string                          `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
+	Result    *VerifyCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
+	Success   *bool                            `json:"Success,omitempty" xml:"Success,omitempty"`
+}
+
+type VerifyIntelligentCaptchaResponseBodyResult struct {
+	VerifyCode   *string `json:"VerifyCode,omitempty" xml:"VerifyCode,omitempty"`
+	VerifyResult *bool   `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
+}
+
+type VerifyIntelligentCaptchaResponseBody struct {
+	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
+	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
+	// Id of the request
+	RequestId *string                                     `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
+	Result    *VerifyIntelligentCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
+	Success   *bool                                       `json:"Success,omitempty" xml:"Success,omitempty"`
+}
+
+type VerifyIntelligentCaptchaResponse struct {
+	Headers    map[string]*string                    `json:"headers,omitempty" xml:"headers,omitempty" require:"true"`
+	StatusCode *int32                                `json:"statusCode,omitempty" xml:"statusCode,omitempty" require:"true"`
+	Body       *VerifyIntelligentCaptchaResponseBody `json:"body,omitempty" xml:"body,omitempty" require:"true"`
+}
 type AliyunCaptchaProvider struct{}

 func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
@@ -48,68 +67,69 @@ func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
 	return captcha
 }

-func contentEscape(str string) string {
-	str = strings.Replace(str, " ", "%20", -1)
-	str = url.QueryEscape(str)
-	return str
-}
+func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+	config := &openapi.Config{}

-func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
-	pathData, err := url.ParseQuery(token)
+	config.Endpoint = tea.String(AliyunCaptchaVerifyUrl)
+	config.ConnectTimeout = tea.Int(5000)
+	config.ReadTimeout = tea.Int(5000)
+	config.AccessKeyId = tea.String(clientId)
+	config.AccessKeySecret = tea.String(clientSecret)
+
+	client := new(openapi.Client)
+	err := client.Init(config)
 	if err != nil {
 		return false, err
 	}

-	pathData["Action"] = []string{"AuthenticateSig"}
-	pathData["Format"] = []string{"json"}
-	pathData["SignatureMethod"] = []string{"HMAC-SHA1"}
-	pathData["SignatureNonce"] = []string{strconv.FormatInt(time.Now().UnixNano(), 10)}
-	pathData["SignatureVersion"] = []string{"1.0"}
-	pathData["Timestamp"] = []string{time.Now().UTC().Format("2006-01-02T15:04:05Z")}
-	pathData["Version"] = []string{"2018-01-12"}
+	request := VerifyCaptchaRequest{CaptchaVerifyParam: tea.String(token), SceneId: tea.String(clientId2)}

-	var keys []string
-	for k := range pathData {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-
-	sortQuery := ""
-	for _, k := range keys {
-		sortQuery += k + "=" + contentEscape(pathData[k][0]) + "&"
-	}
-	sortQuery = strings.TrimSuffix(sortQuery, "&")
-
-	stringToSign := fmt.Sprintf("GET&%s&%s", url.QueryEscape("/"), url.QueryEscape(sortQuery))
-
-	signature := util.GetHmacSha1(clientSecret+"&", stringToSign)
-
-	resp, err := http.Get(fmt.Sprintf("%s?%s&Signature=%s", AliyunCaptchaVerifyUrl, sortQuery, url.QueryEscape(signature)))
+	err = teaUtil.ValidateModel(&request)
 	if err != nil {
 		return false, err
 	}

-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
+	runtime := &teaUtil.RuntimeOptions{}
+
+	body := map[string]interface{}{}
+	if !tea.BoolValue(teaUtil.IsUnset(request.CaptchaVerifyParam)) {
+		body["CaptchaVerifyParam"] = request.CaptchaVerifyParam
+	}
+
+	if !tea.BoolValue(teaUtil.IsUnset(request.SceneId)) {
+		body["SceneId"] = request.SceneId
+	}
+
+	req := &openapi.OpenApiRequest{
+		Body: openapiutil.ParseToMap(body),
+	}
+	params := &openapi.Params{
+		Action:      tea.String("VerifyIntelligentCaptcha"),
+		Version:     tea.String("2023-03-05"),
+		Protocol:    tea.String("HTTPS"),
+		Pathname:    tea.String("/"),
+		Method:      tea.String("POST"),
+		AuthType:    tea.String("AK"),
+		Style:       tea.String("RPC"),
+		ReqBodyType: tea.String("formData"),
+		BodyType:    tea.String("json"),
+	}
+
+	res := &VerifyIntelligentCaptchaResponse{}
+
+	resBody, err := client.CallApi(params, req, runtime)
 	if err != nil {
 		return false, err
 	}

-	return handleCaptchaResponse(body)
-}
-
-func handleCaptchaResponse(body []byte) (bool, error) {
-	captchaResp := &captchaSuccessResponse{}
-	err := json.Unmarshal(body, captchaResp)
+	err = tea.Convert(resBody, &res)
 	if err != nil {
-		captchaFailResp := &captchaFailResponse{}
-		err = json.Unmarshal(body, captchaFailResp)
-		if err != nil {
-			return false, err
-		}
-
-		return false, errors.New(captchaFailResp.Message)
+		return false, err
 	}

-	return true, nil
+	if res.Body.Result.VerifyResult != nil && *res.Body.Result.VerifyResult {
+		return true, nil
+	}
+
+	return false, nil
 }
--- a/captcha/default.go
+++ b/captcha/default.go
@@ -23,6 +23,6 @@ func NewDefaultCaptchaProvider() *DefaultCaptchaProvider {
 	return captcha
 }

-func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	return object.VerifyCaptcha(clientSecret, token), nil
 }
--- a/captcha/geetest.go
+++ b/captcha/geetest.go
@@ -35,7 +35,7 @@ func NewGEETESTCaptchaProvider() *GEETESTCaptchaProvider {
 	return captcha
 }

-func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	pathData, err := url.ParseQuery(token)
 	if err != nil {
 		return false, err
--- a/captcha/hcaptcha.go
+++ b/captcha/hcaptcha.go
@@ -32,7 +32,7 @@ func NewHCaptchaProvider() *HCaptchaProvider {
 	return captcha
 }

-func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/captcha/provider.go
+++ b/captcha/provider.go
@@ -17,7 +17,7 @@ package captcha
 import "fmt"

 type CaptchaProvider interface {
-	VerifyCaptcha(token, clientSecret string) (bool, error)
+	VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error)
 }

 func GetCaptchaProvider(captchaType string) CaptchaProvider {
@@ -43,11 +43,11 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 	return nil
 }

-func VerifyCaptchaByCaptchaType(captchaType, token, clientSecret string) (bool, error) {
+func VerifyCaptchaByCaptchaType(captchaType, token, clientId, clientSecret, clientId2 string) (bool, error) {
 	provider := GetCaptchaProvider(captchaType)
 	if provider == nil {
 		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
 	}

-	return provider.VerifyCaptcha(token, clientSecret)
+	return provider.VerifyCaptcha(token, clientId, clientSecret, clientId2)
 }
--- a/captcha/recaptcha.go
+++ b/captcha/recaptcha.go
@@ -32,7 +32,7 @@ func NewReCaptchaProvider() *ReCaptchaProvider {
 	return captcha
 }

-func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@@ -32,7 +32,7 @@ func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
 	return captcha
 }

-func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -504,6 +504,8 @@ func (c *ApiController) Login() {
 					c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), authForm.CountryCode))
 					return
 				}
+			} else if verificationCodeType == object.VerifyTypeEmail {
+				checkDest = authForm.Username
 			}

 			// check result through Email or Phone
@@ -569,7 +571,7 @@ func (c *ApiController) Login() {
 				}

 				var isHuman bool
-				isHuman, err = captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, authForm.ClientSecret)
+				isHuman, err = captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, captchaProvider.ClientId, authForm.ClientSecret, captchaProvider.ClientId2)
 				if err != nil {
 					c.ResponseError(err.Error())
 					return
--- a/controllers/group_upload.go
+++ b/controllers/group_upload.go
@@ -0,0 +1,56 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+func (c *ApiController) UploadGroups() {
+	userId := c.GetSessionUsername()
+	owner, user := util.GetOwnerAndNameFromId(userId)
+
+	file, header, err := c.Ctx.Request.FormFile("file")
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
+	path := util.GetUploadXlsxPath(fileId)
+	defer os.Remove(path)
+
+	err = saveFile(path, &file)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.UploadGroups(owner, path)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	if affected {
+		c.ResponseOk()
+	} else {
+		c.ResponseError(c.T("group_upload:Failed to import groups"))
+	}
+}
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -182,7 +182,7 @@ func (c *ApiController) BuyProduct() {
 	paidUserName := c.Input().Get("userName")
 	owner, _ := util.GetOwnerAndNameFromId(id)
 	userId := util.GetId(owner, paidUserName)
-	if paidUserName != "" && !c.IsAdmin() {
+	if paidUserName != "" && paidUserName != c.GetSessionUsername() && !c.IsAdmin() {
 		c.ResponseError(c.T("general:Only admin user can specify user"))
 		return
 	}
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -197,8 +197,8 @@ func (c *ApiController) GetUser() {
 		return
 	}

+	var organization *object.Organization
 	if user != nil {
-		var organization *object.Organization
 		organization, err = object.GetOrganizationByUser(user)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -237,6 +237,14 @@ func (c *ApiController) GetUser() {
 		return
 	}

+	if organization != nil && user != nil {
+		user, err = object.GetFilteredUser(user, c.IsAdmin(), c.IsAdminOrSelf(user), organization.AccountItems)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	}
+
 	c.ResponseOk(user)
 }

@@ -282,13 +290,6 @@ func (c *ApiController) UpdateUser() {
 		return
 	}

-	if c.Input().Get("allowEmpty") == "" {
-		if user.DisplayName == "" {
-			c.ResponseError(c.T("user:Display name cannot be empty"))
-			return
-		}
-	}
-
 	if user.MfaEmailEnabled && user.Email == "" {
 		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
 		return
@@ -310,7 +311,8 @@ func (c *ApiController) UpdateUser() {
 	}

 	isAdmin := c.IsAdmin()
-	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, c.GetAcceptLanguage()); !pass {
+	allowDisplayNameEmpty := c.Input().Get("allowEmpty") != ""
+	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, allowDisplayNameEmpty, c.GetAcceptLanguage()); !pass {
 		c.ResponseError(err)
 		return
 	}
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -160,7 +160,7 @@ func (c *ApiController) SendVerificationCode() {
 			if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
 				c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
 				return
-			} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret); err != nil {
+			} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, provider.ClientId, vform.ClientSecret, provider.ClientId2); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if !isHuman {
@@ -349,7 +349,7 @@ func (c *ApiController) VerifyCaptcha() {
 		return
 	}

-	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret)
+	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, captchaProvider.ClientId, vform.ClientSecret, captchaProvider.ClientId2)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
 	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4
 	github.com/alibabacloud-go/facebody-20191230/v5 v5.1.2
+	github.com/alibabacloud-go/openapi-util v0.1.0
 	github.com/alibabacloud-go/tea v1.3.2
 	github.com/alibabacloud-go/tea-utils/v2 v2.0.7
 	github.com/aws/aws-sdk-go v1.45.5
@@ -90,7 +91,6 @@ require (
 	github.com/alibabacloud-go/darabonba-number v1.0.4 // indirect
 	github.com/alibabacloud-go/debug v1.0.1 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
-	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
 	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
 	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
 	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
--- a/main.go
+++ b/main.go
@@ -45,6 +45,7 @@ func main() {
 	object.InitUserManager()
 	object.InitFromFile()
 	object.InitCasvisorConfig()
+	object.InitCleanupTokens()

 	util.SafeGoroutine(func() { object.RunSyncUsersJob() })
 	util.SafeGoroutine(func() { controllers.InitCLIDownloader() })
@@ -63,6 +64,7 @@ func main() {
 	beego.InsertFilter("*", beego.BeforeRouter, routers.ApiFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.PrometheusFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.RecordMessage)
+	beego.InsertFilter("*", beego.BeforeRouter, routers.FieldValidationFilter)
 	beego.InsertFilter("*", beego.AfterExec, routers.AfterRecordMessage, false)

 	beego.BConfig.WebConfig.Session.SessionOn = true
--- a/object/group.go
+++ b/object/group.go
@@ -181,6 +181,41 @@ func AddGroups(groups []*Group) (bool, error) {
 	return affected != 0, nil
 }

+func AddGroupsInBatch(groups []*Group) (bool, error) {
+	if len(groups) == 0 {
+		return false, nil
+	}
+
+	session := ormer.Engine.NewSession()
+	defer session.Close()
+	err := session.Begin()
+	if err != nil {
+		return false, err
+	}
+
+	for _, group := range groups {
+		err = checkGroupName(group.Name)
+		if err != nil {
+			return false, err
+		}
+
+		affected, err := session.Insert(group)
+		if err != nil {
+			return false, err
+		}
+		if affected == 0 {
+			return false, nil
+		}
+	}
+
+	err = session.Commit()
+	if err != nil {
+		return false, err
+	}
+
+	return true, nil
+}
+
 func deleteGroup(group *Group) (bool, error) {
 	affected, err := ormer.Engine.ID(core.PK{group.Owner, group.Name}).Delete(&Group{})
 	if err != nil {
--- a/object/group_upload.go
+++ b/object/group_upload.go
@@ -0,0 +1,61 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"github.com/casdoor/casdoor/xlsx"
+)
+
+func getGroupMap(owner string) (map[string]*Group, error) {
+	m := map[string]*Group{}
+
+	groups, err := GetGroups(owner)
+	if err != nil {
+		return m, err
+	}
+
+	for _, group := range groups {
+		m[group.GetId()] = group
+	}
+
+	return m, nil
+}
+
+func UploadGroups(owner string, path string) (bool, error) {
+	table := xlsx.ReadXlsxFile(path)
+
+	oldGroupMap, err := getGroupMap(owner)
+	if err != nil {
+		return false, err
+	}
+
+	transGroups, err := StringArrayToStruct[Group](table)
+	if err != nil {
+		return false, err
+	}
+
+	newGroups := []*Group{}
+	for _, group := range transGroups {
+		if _, ok := oldGroupMap[group.GetId()]; !ok {
+			newGroups = append(newGroups, group)
+		}
+	}
+
+	if len(newGroups) == 0 {
+		return false, nil
+	}
+
+	return AddGroupsInBatch(newGroups)
+}
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@@ -260,15 +260,15 @@ func AutoAdjustLdapUser(users []LdapUser) []LdapUser {
 	res := make([]LdapUser, len(users))
 	for i, user := range users {
 		res[i] = LdapUser{
-			UidNumber:         user.UidNumber,
-			Uid:               user.Uid,
-			Cn:                user.Cn,
-			GroupId:           user.GidNumber,
-			Uuid:              user.GetLdapUuid(),
-			DisplayName:       user.DisplayName,
-			Email:             util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
-			Mobile:            util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
-			RegisteredAddress: util.ReturnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
+			UidNumber:   user.UidNumber,
+			Uid:         user.Uid,
+			Cn:          user.Cn,
+			GroupId:     user.GidNumber,
+			Uuid:        user.GetLdapUuid(),
+			DisplayName: user.DisplayName,
+			Email:       util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
+			Mobile:      util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
+			Address:     util.ReturnAnyNotEmpty(user.Address, user.PostalAddress, user.RegisteredAddress),
 		}
 	}
 	return res
--- a/object/token_cleanup.go
+++ b/object/token_cleanup.go
@@ -0,0 +1,86 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/robfig/cron/v3"
+)
+
+func CleanupTokens(tokenRetentionIntervalAfterExpiry int) error {
+	var sessions []*Token
+	err := ormer.Engine.Where("expires_in = ?", 0).Find(&sessions)
+	if err != nil {
+		return fmt.Errorf("failed to query expired tokens: %w", err)
+	}
+
+	currentTime := util.String2Time(util.GetCurrentUnixTime())
+
+	for _, session := range sessions {
+		tokenString := session.AccessToken
+		token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
+		if err != nil {
+			fmt.Printf("Failed to parse token %s: %v\n", session.Name, err)
+			continue
+		}
+
+		if claims, ok := token.Claims.(jwt.MapClaims); ok {
+			exp, ok := claims["exp"].(float64)
+			if !ok {
+				fmt.Printf("Token %s does not have an 'exp' claim\n", session.Name)
+				continue
+			}
+			expireTime := time.Unix(int64(exp), 0)
+			tokenAfterExpiry := currentTime.Sub(expireTime).Seconds()
+			if tokenAfterExpiry > float64(tokenRetentionIntervalAfterExpiry) {
+				_, err = ormer.Engine.Delete(session)
+				if err != nil {
+					return fmt.Errorf("failed to delete expired token %s: %w", session.Name, err)
+				}
+				fmt.Printf("Deleted expired token: %s\n", session.Name)
+			}
+		} else {
+			fmt.Printf("Token %s is not valid\n", session.Name)
+		}
+	}
+	return nil
+}
+
+func getTokenRetentionInterval(days int) int {
+	if days <= 0 {
+		days = 30
+	}
+	return days * 24 * 3600
+}
+
+func InitCleanupTokens() {
+	schedule := "0 0 0 * * ?"
+	cronJob := cron.New()
+	_, err := cronJob.AddFunc(schedule, func() {
+		interval := getTokenRetentionInterval(30)
+		if err := CleanupTokens(interval); err != nil {
+			fmt.Printf("Error cleaning up tokens: %v\n", err)
+		}
+	})
+	if err != nil {
+		fmt.Printf("Error scheduling token cleanup: %v\n", err)
+		return
+	}
+	cronJob.Start()
+}
--- a/object/user.go
+++ b/object/user.go
@@ -661,6 +661,62 @@ func GetMaskedUser(user *User, isAdminOrSelf bool, errs ...error) (*User, error)
 	return user, nil
 }

+func GetFilteredUser(user *User, isAdmin bool, isAdminOrSelf bool, accountItems []*AccountItem) (*User, error) {
+	if accountItems == nil || len(accountItems) == 0 {
+		return user, nil
+	}
+
+	userFieldMap := map[string]int{}
+
+	reflectedUserField := reflect.TypeOf(User{})
+	for i := 0; i < reflectedUserField.NumField(); i++ {
+		userFieldMap[strings.ToLower(reflectedUserField.Field(i).Name)] = i
+	}
+
+	reflectedUser := reflect.ValueOf(user).Elem()
+
+	for _, accountItem := range accountItems {
+		if accountItem.ViewRule == "Public" {
+			continue
+		} else if accountItem.ViewRule == "Self" && isAdminOrSelf {
+			continue
+		} else if accountItem.ViewRule == "Admin" && isAdmin {
+			continue
+		}
+
+		lowerCaseAccountItemName := strings.ToLower(accountItem.Name)
+		lowerCaseAccountItemName = strings.ReplaceAll(lowerCaseAccountItemName, " ", "")
+
+		switch accountItem.Name {
+		case "Multi-factor authentication":
+			lowerCaseAccountItemName = strings.ToLower("PreferredMfaType")
+		case "User type":
+			lowerCaseAccountItemName = "type"
+		case "Country/Region":
+			lowerCaseAccountItemName = "region"
+		case "ID card info":
+			{
+				infoKeys := []string{"idCardWithPerson", "idCardFront", "idCardWithPerson"}
+				for _, infoKey := range infoKeys {
+					if _, ok := user.Properties[infoKey]; ok {
+						user.Properties[infoKey] = ""
+					}
+				}
+				continue
+			}
+		}
+
+		fieldIdx, ok := userFieldMap[lowerCaseAccountItemName]
+		if !ok {
+			continue
+		}
+
+		reflectedUser.Field(fieldIdx).SetZero()
+	}
+
+	return user, nil
+}
+
 func GetMaskedUsers(users []*User, errs ...error) ([]*User, error) {
 	if len(errs) > 0 && errs[0] != nil {
 		return nil, errs[0]
--- a/object/user_upload.go
+++ b/object/user_upload.go
@@ -81,7 +81,7 @@ func UploadUsers(owner string, path string) (bool, error) {
 		return false, err
 	}

-	transUsers, err := StringArrayToUser(table)
+	transUsers, err := StringArrayToStruct[User](table)
 	if err != nil {
 		return false, err
 	}
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -263,7 +263,19 @@ func ClearUserOAuthProperties(user *User, providerType string) (bool, error) {
 	return affected != 0, nil
 }

-func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang string) (bool, string) {
+func userVisible(isAdmin bool, item *AccountItem) bool {
+	if item == nil {
+		return false
+	}
+
+	if item.ViewRule == "Admin" && !isAdmin {
+		return false
+	}
+
+	return true
+}
+
+func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, allowDisplayNameEmpty bool, lang string) (bool, string) {
 	organization, err := GetOrganizationByUser(oldUser)
 	if err != nil {
 		return false, err.Error()
@@ -273,7 +285,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Owner != newUser.Owner {
 		item := GetAccountItemByName("Organization", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Owner = oldUser.Owner
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -281,7 +293,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Name != newUser.Name {
 		item := GetAccountItemByName("Name", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Name = oldUser.Name
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -289,7 +301,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Id != newUser.Id {
 		item := GetAccountItemByName("ID", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Id = oldUser.Id
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -297,15 +309,19 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.DisplayName != newUser.DisplayName {
 		item := GetAccountItemByName("Display name", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.DisplayName = oldUser.DisplayName
 		} else {
+			if !allowDisplayNameEmpty && newUser.DisplayName == "" {
+				return false, i18n.Translate(lang, "user:Display name cannot be empty")
+			}
+
 			itemsChanged = append(itemsChanged, item)
 		}
 	}
 	if oldUser.Avatar != newUser.Avatar {
 		item := GetAccountItemByName("Avatar", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Avatar = oldUser.Avatar
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -313,7 +329,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Type != newUser.Type {
 		item := GetAccountItemByName("User type", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Type = oldUser.Type
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -322,7 +338,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	// The password is *** when not modified
 	if oldUser.Password != newUser.Password && newUser.Password != "***" {
 		item := GetAccountItemByName("Password", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Password = oldUser.Password
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -330,7 +346,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Email != newUser.Email {
 		item := GetAccountItemByName("Email", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Email = oldUser.Email
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -338,7 +354,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Phone != newUser.Phone {
 		item := GetAccountItemByName("Phone", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Phone = oldUser.Phone
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -346,7 +362,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.CountryCode != newUser.CountryCode {
 		item := GetAccountItemByName("Country code", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.CountryCode = oldUser.CountryCode
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -354,7 +370,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Region != newUser.Region {
 		item := GetAccountItemByName("Country/Region", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Region = oldUser.Region
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -362,7 +378,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Location != newUser.Location {
 		item := GetAccountItemByName("Location", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Location = oldUser.Location
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -370,7 +386,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Affiliation != newUser.Affiliation {
 		item := GetAccountItemByName("Affiliation", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Affiliation = oldUser.Affiliation
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -378,7 +394,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Title != newUser.Title {
 		item := GetAccountItemByName("Title", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Title = oldUser.Title
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -386,7 +402,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Homepage != newUser.Homepage {
 		item := GetAccountItemByName("Homepage", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Homepage = oldUser.Homepage
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -394,7 +410,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Bio != newUser.Bio {
 		item := GetAccountItemByName("Bio", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Bio = oldUser.Bio
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -402,7 +418,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.Tag != newUser.Tag {
 		item := GetAccountItemByName("Tag", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Tag = oldUser.Tag
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -410,7 +426,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.SignupApplication != newUser.SignupApplication {
 		item := GetAccountItemByName("Signup application", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.SignupApplication = oldUser.SignupApplication
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -419,7 +435,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Gender != newUser.Gender {
 		item := GetAccountItemByName("Gender", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Gender = oldUser.Gender
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -428,7 +444,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Birthday != newUser.Birthday {
 		item := GetAccountItemByName("Birthday", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Birthday = oldUser.Birthday
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -437,7 +453,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Education != newUser.Education {
 		item := GetAccountItemByName("Education", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Education = oldUser.Education
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -446,7 +462,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.IdCard != newUser.IdCard {
 		item := GetAccountItemByName("ID card", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IdCard = oldUser.IdCard
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -455,7 +471,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.IdCardType != newUser.IdCardType {
 		item := GetAccountItemByName("ID card type", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IdCardType = oldUser.IdCardType
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -463,10 +479,13 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}

 	oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
+	if newUser.Properties == nil {
+		newUser.Properties = make(map[string]string)
+	}
 	newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
 	if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
 		item := GetAccountItemByName("Properties", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Properties = oldUser.Properties
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -475,7 +494,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.PreferredMfaType != newUser.PreferredMfaType {
 		item := GetAccountItemByName("Multi-factor authentication", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.PreferredMfaType = oldUser.PreferredMfaType
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -486,13 +505,14 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		oldUser.Groups = []string{}
 	}
 	oldUserGroupsJson, _ := json.Marshal(oldUser.Groups)
+
 	if newUser.Groups == nil {
 		newUser.Groups = []string{}
 	}
 	newUserGroupsJson, _ := json.Marshal(newUser.Groups)
 	if string(oldUserGroupsJson) != string(newUserGroupsJson) {
 		item := GetAccountItemByName("Groups", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Groups = oldUser.Groups
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -510,7 +530,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	newUserAddressJson, _ := json.Marshal(newUser.Address)
 	if string(oldUserAddressJson) != string(newUserAddressJson) {
 		item := GetAccountItemByName("Address", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Address = oldUser.Address
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -519,7 +539,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if newUser.FaceIds != nil {
 		item := GetAccountItemByName("Face ID", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.FaceIds = oldUser.FaceIds
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -528,7 +548,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.IsAdmin != newUser.IsAdmin {
 		item := GetAccountItemByName("Is admin", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IsAdmin = oldUser.IsAdmin
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -537,7 +557,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.IsForbidden != newUser.IsForbidden {
 		item := GetAccountItemByName("Is forbidden", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IsForbidden = oldUser.IsForbidden
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -545,7 +565,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.IsDeleted != newUser.IsDeleted {
 		item := GetAccountItemByName("Is deleted", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IsDeleted = oldUser.IsDeleted
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -553,7 +573,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.NeedUpdatePassword != newUser.NeedUpdatePassword {
 		item := GetAccountItemByName("Need update password", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.NeedUpdatePassword = oldUser.NeedUpdatePassword
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -561,7 +581,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 	}
 	if oldUser.IpWhitelist != newUser.IpWhitelist {
 		item := GetAccountItemByName("IP whitelist", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.IpWhitelist = oldUser.IpWhitelist
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -570,7 +590,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Balance != newUser.Balance {
 		item := GetAccountItemByName("Balance", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Balance = oldUser.Balance
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -579,7 +599,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Score != newUser.Score {
 		item := GetAccountItemByName("Score", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Score = oldUser.Score
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -588,7 +608,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Karma != newUser.Karma {
 		item := GetAccountItemByName("Karma", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Karma = oldUser.Karma
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -597,7 +617,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Language != newUser.Language {
 		item := GetAccountItemByName("Language", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Language = oldUser.Language
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -606,7 +626,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Ranking != newUser.Ranking {
 		item := GetAccountItemByName("Ranking", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Ranking = oldUser.Ranking
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -615,7 +635,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Currency != newUser.Currency {
 		item := GetAccountItemByName("Currency", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Currency = oldUser.Currency
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -624,7 +644,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str

 	if oldUser.Hash != newUser.Hash {
 		item := GetAccountItemByName("Hash", organization)
-		if item == nil {
+		if !userVisible(isAdmin, item) {
 			newUser.Hash = oldUser.Hash
 		} else {
 			itemsChanged = append(itemsChanged, item)
@@ -704,14 +724,14 @@ func setReflectAttr[T any](fieldValue *reflect.Value, fieldString string) error
 	return nil
 }

-func StringArrayToUser(stringArray [][]string) ([]*User, error) {
+func StringArrayToStruct[T any](stringArray [][]string) ([]*T, error) {
 	fieldNames := stringArray[0]
 	excelMap := []map[string]string{}
-	userFieldMap := map[string]int{}
+	structFieldMap := map[string]int{}

-	reflectedUser := reflect.TypeOf(User{})
-	for i := 0; i < reflectedUser.NumField(); i++ {
-		userFieldMap[strings.ToLower(reflectedUser.Field(i).Name)] = i
+	reflectedStruct := reflect.TypeOf(*new(T))
+	for i := 0; i < reflectedStruct.NumField(); i++ {
+		structFieldMap[strings.ToLower(reflectedStruct.Field(i).Name)] = i
 	}

 	for idx, field := range stringArray {
@@ -726,22 +746,23 @@ func StringArrayToUser(stringArray [][]string) ([]*User, error) {
 		excelMap = append(excelMap, tempMap)
 	}

-	users := []*User{}
+	instances := []*T{}
 	var err error

-	for _, u := range excelMap {
-		user := User{}
-		reflectedUser := reflect.ValueOf(&user).Elem()
-		for k, v := range u {
+	for _, m := range excelMap {
+		instance := new(T)
+		reflectedInstance := reflect.ValueOf(instance).Elem()
+
+		for k, v := range m {
 			if v == "" || v == "null" || v == "[]" || v == "{}" {
 				continue
 			}
 			fName := strings.ToLower(strings.ReplaceAll(k, "_", ""))
-			fieldIdx, ok := userFieldMap[fName]
+			fieldIdx, ok := structFieldMap[fName]
 			if !ok {
 				continue
 			}
-			fv := reflectedUser.Field(fieldIdx)
+			fv := reflectedInstance.Field(fieldIdx)
 			if !fv.IsValid() {
 				continue
 			}
@@ -786,8 +807,8 @@ func StringArrayToUser(stringArray [][]string) ([]*User, error) {
 				return nil, err
 			}
 		}
-		users = append(users, &user)
+		instances = append(instances, instance)
 	}

-	return users, nil
+	return instances, nil
 }
--- a/routers/field_validation_filter.go
+++ b/routers/field_validation_filter.go
@@ -0,0 +1,56 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package routers
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/beego/beego/context"
+)
+
+var forbiddenChars = `/?:@#&%=+;`
+
+func FieldValidationFilter(ctx *context.Context) {
+	if ctx.Input.Method() != "POST" {
+		return
+	}
+
+	urlPath := ctx.Request.URL.Path
+	if !(strings.HasPrefix(urlPath, "/api/add-") || strings.HasPrefix(urlPath, "/api/update-")) {
+		return
+	}
+
+	bodyBytes, err := io.ReadAll(ctx.Request.Body)
+	if err != nil || len(bodyBytes) == 0 {
+		return
+	}
+
+	ctx.Request.Body = io.NopCloser(strings.NewReader(string(bodyBytes)))
+
+	var requestData map[string]interface{}
+	if err := json.Unmarshal(bodyBytes, &requestData); err != nil {
+		return
+	}
+
+	if value, ok := requestData["name"].(string); ok {
+		if strings.ContainsAny(value, forbiddenChars) {
+			responseError(ctx, fmt.Sprintf("Field 'name' contains forbidden characters: %q", forbiddenChars))
+			return
+		}
+	}
+}
--- a/routers/router.go
+++ b/routers/router.go
@@ -81,6 +81,7 @@ func initAPI() {
 	beego.Router("/api/update-group", &controllers.ApiController{}, "POST:UpdateGroup")
 	beego.Router("/api/add-group", &controllers.ApiController{}, "POST:AddGroup")
 	beego.Router("/api/delete-group", &controllers.ApiController{}, "POST:DeleteGroup")
+	beego.Router("/api/upload-groups", &controllers.ApiController{}, "POST:UploadGroups")

 	beego.Router("/api/get-global-users", &controllers.ApiController{}, "GET:GetGlobalUsers")
 	beego.Router("/api/get-users", &controllers.ApiController{}, "GET:GetUsers")
--- a/util/system.go
+++ b/util/system.go
@@ -30,6 +30,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/object"
 	"github.com/shirou/gopsutil/cpu"
 	"github.com/shirou/gopsutil/mem"
+	"github.com/shirou/gopsutil/process"
 )

 type SystemInfo struct {
@@ -60,7 +61,17 @@ func getMemoryUsage() (uint64, uint64, error) {
 	var m runtime.MemStats
 	runtime.ReadMemStats(&m)

-	return m.Alloc, virtualMem.Total, nil
+	proc, err := process.NewProcess(int32(os.Getpid()))
+	if err != nil {
+		return 0, 0, err
+	}
+
+	memInfo, err := proc.MemoryInfo()
+	if err != nil {
+		return 0, 0, err
+	}
+
+	return memInfo.RSS, virtualMem.Total, nil
 }

 func GetSystemInfo() (*SystemInfo, error) {
--- a/web/craco.config.js
+++ b/web/craco.config.js
@@ -1,97 +1,97 @@
-const CracoLessPlugin = require("craco-less");
-const path = require("path");
-
-module.exports = {
-  devServer: {
-    proxy: {
-      "/api": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      },
-      "/swagger": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      },
-      "/files": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      },
-      "/.well-known/openid-configuration": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      },
-      "/cas/serviceValidate": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      },
-      "/cas/proxyValidate": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      },
-      "/cas/proxy": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      },
-      "/cas/validate": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      },
-      "/scim": {
-        target: "http://localhost:8000",
-        changeOrigin: true,
-      }
-    },
-  },
-  plugins: [
-    {
-      plugin: CracoLessPlugin,
-      options: {
-        lessLoaderOptions: {
-          lessOptions: {
-            modifyVars: {"@primary-color": "rgb(89,54,213)", "@border-radius-base": "5px"},
-            javascriptEnabled: true,
-          },
-        },
-      },
-    },
-  ],
-  webpack: {
-    configure: (webpackConfig, { env, paths }) => {
-      paths.appBuild = path.resolve(__dirname, "build-temp");
-      webpackConfig.output.path = path.resolve(__dirname, "build-temp");
-
-      // ignore webpack warnings by source-map-loader
-      // https://github.com/facebook/create-react-app/pull/11752#issuecomment-1345231546
-      webpackConfig.ignoreWarnings = [
-        function ignoreSourcemapsloaderWarnings(warning) {
-          return (
-            warning.module &&
-            warning.module.resource.includes("node_modules") &&
-            warning.details &&
-            warning.details.includes("source-map-loader")
-          );
-        },
-      ];
-
-      // use polyfill Buffer with Webpack 5
-      // https://viglucci.io/articles/how-to-polyfill-buffer-with-webpack-5
-      // https://craco.js.org/docs/configuration/webpack/
-      webpackConfig.resolve.fallback = {
-        buffer: require.resolve("buffer/"),
-        process: false,
-        util: false,
-        url: false,
-        zlib: false,
-        stream: false,
-        http: false,
-        https: false,
-        assert: false,
-        crypto: false,
-        os: false,
-        fs: false,
-      };
-
-      return webpackConfig;
-    },
-  },
-};
+const CracoLessPlugin = require("craco-less");
+const path = require("path");
+
+module.exports = {
+  devServer: {
+    proxy: {
+      "/api": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      },
+      "/swagger": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      },
+      "/files": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      },
+      "/.well-known/openid-configuration": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      },
+      "/cas/serviceValidate": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      },
+      "/cas/proxyValidate": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      },
+      "/cas/proxy": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      },
+      "/cas/validate": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      },
+      "/scim": {
+        target: "http://localhost:8000",
+        changeOrigin: true,
+      }
+    },
+  },
+  plugins: [
+    {
+      plugin: CracoLessPlugin,
+      options: {
+        lessLoaderOptions: {
+          lessOptions: {
+            modifyVars: {"@primary-color": "rgb(89,54,213)", "@border-radius-base": "5px"},
+            javascriptEnabled: true,
+          },
+        },
+      },
+    },
+  ],
+  webpack: {
+    configure: (webpackConfig, { env, paths }) => {
+      paths.appBuild = path.resolve(__dirname, "build-temp");
+      webpackConfig.output.path = path.resolve(__dirname, "build-temp");
+
+      // ignore webpack warnings by source-map-loader
+      // https://github.com/facebook/create-react-app/pull/11752#issuecomment-1345231546
+      webpackConfig.ignoreWarnings = [
+        function ignoreSourcemapsloaderWarnings(warning) {
+          return (
+            warning.module &&
+            warning.module.resource.includes("node_modules") &&
+            warning.details &&
+            warning.details.includes("source-map-loader")
+          );
+        },
+      ];
+
+      // use polyfill Buffer with Webpack 5
+      // https://viglucci.io/articles/how-to-polyfill-buffer-with-webpack-5
+      // https://craco.js.org/docs/configuration/webpack/
+      webpackConfig.resolve.fallback = {
+        buffer: require.resolve("buffer/"),
+        process: false,
+        util: false,
+        url: false,
+        zlib: false,
+        stream: false,
+        http: false,
+        https: false,
+        assert: false,
+        crypto: false,
+        os: false,
+        fs: false,
+      };
+
+      return webpackConfig;
+    },
+  },
+};
--- a/web/mv.js
+++ b/web/mv.js
@@ -1,21 +1,21 @@
-const fs = require("fs");
-const path = require("path");
-
-const sourceDir = path.join(__dirname, "build-temp");
-const targetDir = path.join(__dirname, "build");
-
-if (!fs.existsSync(sourceDir)) {
-  // eslint-disable-next-line no-console
-  console.error(`Source directory "${sourceDir}" does not exist.`);
-  process.exit(1);
-}
-
-if (fs.existsSync(targetDir)) {
-  fs.rmSync(targetDir, {recursive: true, force: true});
-  // eslint-disable-next-line no-console
-  console.log(`Target directory "${targetDir}" has been deleted successfully.`);
-}
-
-fs.renameSync(sourceDir, targetDir);
-// eslint-disable-next-line no-console
-console.log(`Renamed "${sourceDir}" to "${targetDir}" successfully.`);
+const fs = require("fs");
+const path = require("path");
+
+const sourceDir = path.join(__dirname, "build-temp");
+const targetDir = path.join(__dirname, "build");
+
+if (!fs.existsSync(sourceDir)) {
+  // eslint-disable-next-line no-console
+  console.error(`Source directory "${sourceDir}" does not exist.`);
+  process.exit(1);
+}
+
+if (fs.existsSync(targetDir)) {
+  fs.rmSync(targetDir, {recursive: true, force: true});
+  // eslint-disable-next-line no-console
+  console.log(`Target directory "${targetDir}" has been deleted successfully.`);
+}
+
+fs.renameSync(sourceDir, targetDir);
+// eslint-disable-next-line no-console
+console.log(`Renamed "${sourceDir}" to "${targetDir}" successfully.`);
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, ConfigProvider, Input, InputNumber, Popover, Radio, Result, Row, Select, Space, Switch, Upload} from "antd";
+import {Button, Card, Col, ConfigProvider, Input, InputNumber, Popover, Radio, Result, Row, Select, Space, Switch, Upload, message} from "antd";
 import {CopyOutlined, HolderOutlined, LinkOutlined, UploadOutlined, UsergroupAddOutlined} from "@ant-design/icons";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as CertBackend from "./backend/CertBackend";
@@ -279,6 +279,13 @@ class ApplicationEditPage extends React.Component {
          </Col>
          <Col span={22} >
            <Input value={this.state.application.name} disabled={this.state.application.name === "app-built-in"} onChange={e => {
+              const value = e.target.value;
+              if (/[/?:@#&%=+;]/.test(value)) {
+                const invalidChars = "/ ? : @ # & % = + ;";
+                const messageText = i18next.t("application:Invalid characters in application name") + ":" + " " + invalidChars;
+                message.error(messageText);
+                return;
+              }
              this.updateApplicationField("name", e.target.value);
            }} />
          </Col>
--- a/web/src/Conf.js
+++ b/web/src/Conf.js
@@ -1,36 +1,36 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-export const DefaultApplication = "app-built-in";
-
-export const CasvisorUrl = "";
-
-export const ShowGithubCorner = false;
-export const IsDemoMode = false;
-
-export const ForceLanguage = "";
-export const DefaultLanguage = "en";
-
-export const InitThemeAlgorithm = true;
-export const ThemeDefault = {
-  themeType: "default",
-  colorPrimary: "#5734d3",
-  borderRadius: 6,
-  isCompact: false,
-};
-
-export const CustomFooter = null;
-
-// Blank or null to hide Ai Assistant button
-export const AiAssistantUrl = "https://ai.casbin.com";
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+export const DefaultApplication = "app-built-in";
+
+export const CasvisorUrl = "";
+
+export const ShowGithubCorner = false;
+export const IsDemoMode = false;
+
+export const ForceLanguage = "";
+export const DefaultLanguage = "en";
+
+export const InitThemeAlgorithm = true;
+export const ThemeDefault = {
+  themeType: "default",
+  colorPrimary: "#5734d3",
+  borderRadius: 6,
+  isCompact: false,
+};
+
+export const CustomFooter = null;
+
+// Blank or null to hide Ai Assistant button
+export const AiAssistantUrl = "https://ai.casbin.com";
--- a/web/src/GroupListPage.js
+++ b/web/src/GroupListPage.js
@@ -14,7 +14,8 @@

 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Table, Tooltip} from "antd";
+import {Button, Table, Tooltip, Upload} from "antd";
+import {UploadOutlined} from "@ant-design/icons";
 import moment from "moment";
 import * as Setting from "./Setting";
 import * as GroupBackend from "./backend/GroupBackend";
@@ -87,6 +88,42 @@ class GroupListPage extends BaseListPage {
      });
  }

+  uploadFile(info) {
+    const {status, response: res} = info.file;
+    if (status === "done") {
+      if (res.status === "ok") {
+        Setting.showMessage("success", "Groups uploaded successfully, refreshing the page");
+        const {pagination} = this.state;
+        this.fetch({pagination});
+      } else {
+        Setting.showMessage("error", `Groups failed to upload: ${res.msg}`);
+      }
+    } else if (status === "error") {
+      Setting.showMessage("error", "File failed to upload");
+    }
+  }
+
+  renderUpload() {
+    const props = {
+      name: "file",
+      accept: ".xlsx",
+      method: "post",
+      action: `${Setting.ServerUrl}/api/upload-groups`,
+      withCredentials: true,
+      onChange: (info) => {
+        this.uploadFile(info);
+      },
+    };
+
+    return (
+      <Upload {...props}>
+        <Button icon={<UploadOutlined />} id="upload-button" type="primary" size="small">
+          {i18next.t("group:Upload (.xlsx)")}
+        </Button>
+      </Upload>
+    );
+  }
+
  renderTable(data) {
    const columns = [
      {
@@ -231,7 +268,10 @@ class GroupListPage extends BaseListPage {
          title={() => (
            <div>
              {i18next.t("general:Groups")}&nbsp;&nbsp;&nbsp;&nbsp;
-              <Button type="primary" size="small" onClick={this.addGroup.bind(this)}>{i18next.t("general:Add")}</Button>
+              <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={this.addGroup.bind(this)}>{i18next.t("general:Add")}</Button>
+              {
+                this.renderUpload()
+              }
            </div>
          )}
          loading={this.state.loading}
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@@ -371,11 +371,6 @@ class ProviderEditPage extends React.Component {
          {id: "Third-party", name: i18next.t("provider:Third-party")},
        ]
      );
-    } else if (type === "Aliyun Captcha") {
-      return [
-        {id: "nc", name: i18next.t("provider:Sliding Validation")},
-        {id: "ic", name: i18next.t("provider:Intelligent Validation")},
-      ];
    } else {
      return [];
    }
@@ -674,7 +669,7 @@ class ProviderEditPage extends React.Component {
          </Col>
        </Row>
        {
-          this.state.provider.type !== "WeCom" && this.state.provider.type !== "Infoflow" && this.state.provider.type !== "Aliyun Captcha" ? null : (
+          this.state.provider.type !== "WeCom" && this.state.provider.type !== "Infoflow" ? null : (
            <React.Fragment>
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={2}>
--- a/web/src/ResourceListPage.js
+++ b/web/src/ResourceListPage.js
@@ -1,341 +1,341 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React from "react";
-import {Button, Image, Table, Upload} from "antd";
-import {UploadOutlined} from "@ant-design/icons";
-import copy from "copy-to-clipboard";
-import * as Setting from "./Setting";
-import * as ResourceBackend from "./backend/ResourceBackend";
-import i18next from "i18next";
-import {Link} from "react-router-dom";
-import BaseListPage from "./BaseListPage";
-import PopconfirmModal from "./common/modal/PopconfirmModal";
-
-class ResourceListPage extends BaseListPage {
-  constructor(props) {
-    super(props);
-  }
-
-  componentDidMount() {
-    this.setState({
-      fileList: [],
-      uploading: false,
-    });
-  }
-
-  deleteResource(i) {
-    ResourceBackend.deleteResource(this.state.data[i])
-      .then((res) => {
-        if (res.status === "ok") {
-          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.fetch({
-            pagination: {
-              ...this.state.pagination,
-              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
-            },
-          });
-        } else {
-          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
-        }
-      })
-      .catch(error => {
-        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-      });
-  }
-
-  handleUpload(info) {
-    this.setState({uploading: true});
-    const filename = info.fileList[0].name;
-    const fullFilePath = `resource/${this.props.account.owner}/${this.props.account.name}/${filename}`;
-    ResourceBackend.uploadResource(this.props.account.owner, this.props.account.name, "custom", "ResourceListPage", fullFilePath, info.file)
-      .then(res => {
-        if (res.status === "ok") {
-          Setting.showMessage("success", i18next.t("application:File uploaded successfully"));
-
-          const {pagination} = this.state;
-          this.fetch({pagination});
-        } else {
-          Setting.showMessage("error", res.msg);
-        }
-      }).finally(() => {
-        this.setState({uploading: false});
-      });
-  }
-
-  renderUpload() {
-    return (
-      <Upload maxCount={1} accept="image/*,video/*,audio/*,.pdf,.doc,.docx,.csv,.xls,.xlsx" showUploadList={false}
-        beforeUpload={file => {return false;}} onChange={info => {this.handleUpload(info);}}>
-        <Button id="upload-button" icon={<UploadOutlined />} loading={this.state.uploading} type="primary" size="small">
-          {i18next.t("resource:Upload a file...")}
-        </Button>
-      </Upload>
-    );
-  }
-
-  renderTable(resources) {
-    const columns = [
-      {
-        title: i18next.t("general:Provider"),
-        dataIndex: "provider",
-        key: "provider",
-        width: "150px",
-        sorter: true,
-        ...this.getColumnSearchProps("provider"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/providers/${record.owner}/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("general:Application"),
-        dataIndex: "application",
-        key: "application",
-        width: "80px",
-        sorter: true,
-        ...this.getColumnSearchProps("application"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/applications/${record.owner}/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("general:User"),
-        dataIndex: "user",
-        key: "user",
-        width: "80px",
-        sorter: true,
-        ...this.getColumnSearchProps("user"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/users/${record.owner}/${record.user}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("resource:Parent"),
-        dataIndex: "parent",
-        key: "parent",
-        width: "80px",
-        sorter: true,
-        ...this.getColumnSearchProps("parent"),
-      },
-      {
-        title: i18next.t("general:Name"),
-        dataIndex: "name",
-        key: "name",
-        width: "150px",
-        sorter: true,
-        ...this.getColumnSearchProps("name"),
-      },
-      {
-        title: i18next.t("general:Created time"),
-        dataIndex: "createdTime",
-        key: "createdTime",
-        width: "150px",
-        sorter: true,
-        render: (text, record, index) => {
-          return Setting.getFormattedDate(text);
-        },
-      },
-      {
-        title: i18next.t("user:Tag"),
-        dataIndex: "tag",
-        key: "tag",
-        width: "80px",
-        sorter: true,
-        ...this.getColumnSearchProps("tag"),
-      },
-      // {
-      //   title: i18next.t("resource:File name"),
-      //   dataIndex: 'fileName',
-      //   key: 'fileName',
-      //   width: '120px',
-      //   sorter: (a, b) => a.fileName.localeCompare(b.fileName),
-      // },
-      {
-        title: i18next.t("provider:Type"),
-        dataIndex: "fileType",
-        key: "fileType",
-        width: "80px",
-        sorter: true,
-        ...this.getColumnSearchProps("fileType"),
-      },
-      {
-        title: i18next.t("resource:Format"),
-        dataIndex: "fileFormat",
-        key: "fileFormat",
-        width: "80px",
-        sorter: true,
-        ...this.getColumnSearchProps("fileFormat"),
-      },
-      {
-        title: i18next.t("resource:File size"),
-        dataIndex: "fileSize",
-        key: "fileSize",
-        width: "100px",
-        sorter: true,
-        render: (text, record, index) => {
-          return Setting.getFriendlyFileSize(text);
-        },
-      },
-      {
-        title: i18next.t("general:Preview"),
-        dataIndex: "preview",
-        key: "preview",
-        width: "100px",
-        fixed: (Setting.isMobile()) ? "false" : "right",
-        render: (text, record, index) => {
-          if (record.fileType === "image") {
-            const errorImage = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMIAAADDCAYAAADQvc6UAAABRWlDQ1BJQ0MgUHJvZmlsZQAAKJFjYGASSSwoyGFhYGDIzSspCnJ3UoiIjFJgf8LAwSDCIMogwMCcmFxc4BgQ4ANUwgCjUcG3awyMIPqyLsis7PPOq3QdDFcvjV3jOD1boQVTPQrgSkktTgbSf4A4LbmgqISBgTEFyFYuLykAsTuAbJEioKOA7DkgdjqEvQHEToKwj4DVhAQ5A9k3gGyB5IxEoBmML4BsnSQk8XQkNtReEOBxcfXxUQg1Mjc0dyHgXNJBSWpFCYh2zi+oLMpMzyhRcASGUqqCZ16yno6CkYGRAQMDKMwhqj/fAIcloxgHQqxAjIHBEugw5sUIsSQpBobtQPdLciLEVJYzMPBHMDBsayhILEqEO4DxG0txmrERhM29nYGBddr//5/DGRjYNRkY/l7////39v///y4Dmn+LgeHANwDrkl1AuO+pmgAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAwqADAAQAAAABAAAAwwAAAAD9b/HnAAAHlklEQVR4Ae3dP3PTWBSGcbGzM6GCKqlIBRV0dHRJFarQ0eUT8LH4BnRU0NHR0UEFVdIlFRV7TzRksomPY8uykTk/zewQfKw/9znv4yvJynLv4uLiV2dBoDiBf4qP3/ARuCRABEFAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghgg0Aj8i0JO4OzsrPv69Wv+hi2qPHr0qNvf39+iI97soRIh4f3z58/u7du3SXX7Xt7Z2enevHmzfQe+oSN2apSAPj09TSrb+XKI/f379+08+A0cNRE2ANkupk+ACNPvkSPcAAEibACyXUyfABGm3yNHuAECRNgAZLuYPgEirKlHu7u7XdyytGwHAd8jjNyng4OD7vnz51dbPT8/7z58+NB9+/bt6jU/TI+AGWHEnrx48eJ/EsSmHzx40L18+fLyzxF3ZVMjEyDCiEDjMYZZS5wiPXnyZFbJaxMhQIQRGzHvWR7XCyOCXsOmiDAi1HmPMMQjDpbpEiDCiL358eNHurW/5SnWdIBbXiDCiA38/Pnzrce2YyZ4//59F3ePLNMl4PbpiL2J0L979+7yDtHDhw8vtzzvdGnEXdvUigSIsCLAWavHp/+qM0BcXMd/q25n1vF57TYBp0a3mUzilePj4+7k5KSLb6gt6ydAhPUzXnoPR0dHl79WGTNCfBnn1uvSCJdegQhLI1vvCk+fPu2ePXt2tZOYEV6/fn31dz+shwAR1sP1cqvLntbEN9MxA9xcYjsxS1jWR4AIa2Ibzx0tc44fYX/16lV6NDFLXH+YL32jwiACRBiEbf5KcXoTIsQSpzXx4N28Ja4BQoK7rgXiydbHjx/P25TaQAJEGAguWy0+2Q8PD6/Ki4R8EVl+bzBOnZY95fq9rj9zAkTI2SxdidBHqG9+skdw43borCXO/ZcJdraPWdv22uIEiLA4q7nvvCug8WTqzQveOH26fodo7g6uFe/a17W3+nFBAkRYENRdb1vkkz1CH9cPsVy/jrhr27PqMYvENYNlHAIesRiBYwRy0V+8iXP8+/fvX11Mr7L7ECueb/r48eMqm7FuI2BGWDEG8cm+7G3NEOfmdcTQw4h9/55lhm7DekRYKQPZF2ArbXTAyu4kDYB2YxUzwg0gi/41ztHnfQG26HbGel/crVrm7tNY+/1btkOEAZ2M05r4FB7r9GbAIdxaZYrHdOsgJ/wCEQY0J74TmOKnbxxT9n3FgGGWWsVdowHtjt9Nnvf7yQM2aZU/TIAIAxrw6dOnAWtZZcoEnBpNuTuObWMEiLAx1HY0ZQJEmHJ3HNvGCBBhY6jtaMoEiJB0Z29vL6ls58vxPcO8/zfrdo5qvKO+d3Fx8Wu8zf1dW4p/cPzLly/dtv9Ts/EbcvGAHhHyfBIhZ6NSiIBTo0LNNtScABFyNiqFCBChULMNNSdAhJyNSiECRCjUbEPNCRAhZ6NSiAARCjXbUHMCRMjZqBQiQIRCzTbUnAARcjYqhQgQoVCzDTUnQIScjUohAkQo1GxDzQkQIWejUogAEQo121BzAkTI2agUIkCEQs021JwAEXI2KoUIEKFQsw01J0CEnI1KIQJEKNRsQ80JECFno1KIABEKNdtQcwJEyNmoFCJAhELNNtScABFyNiqFCBChULMNNSdAhJyNSiECRCjUbEPNCRAhZ6NSiAARCjXbUHMCRMjZqBQiQIRCzTbUnAARcjYqhQgQoVCzDTUnQIScjUohAkQo1GxDzQkQIWejUogAEQo121BzAkTI2agUIkCEQs021JwAEXI2KoUIEKFQsw01J0CEnI1KIQJEKNRsQ80JECFno1KIABEKNdtQcwJEyNmoFCJAhELNNtScABFyNiqFCBChULMNNSdAhJyNSiECRCjUbEPNCRAhZ6NSiAARCjXbUHMCRMjZqBQiQIRCzTbUnAARcjYqhQgQoVCzDTUnQIScjUohAkQo1GxDzQkQIWejUogAEQo121BzAkTI2agUIkCEQs021JwAEXI2KoUIEKFQsw01J0CEnI1KIQJEKNRsQ80JECFno1KIABEKNdtQcwJEyNmoFCJAhELNNtScABFyNiqFCBChULMNNSdAhJyNSiEC/wGgKKC4YMA4TAAAAABJRU5ErkJggg==";
-            return (
-              <Image
-                width={200}
-                src={record.url}
-                fallback={errorImage}
-              />
-            );
-          } else if (record.fileType === "video") {
-            return (
-              <video width={200} controls>
-                <source src={record.url} type="video/mp4" />
-              </video>
-            );
-          }
-        },
-      },
-      {
-        title: i18next.t("general:URL"),
-        dataIndex: "url",
-        key: "url",
-        width: "120px",
-        fixed: (Setting.isMobile()) ? "false" : "right",
-        render: (text, record, index) => {
-          return (
-            <div>
-              <Button onClick={() => {
-                copy(record.url);
-                Setting.showMessage("success", i18next.t("general:Copied to clipboard successfully"));
-              }}
-              >
-                {i18next.t("resource:Copy Link")}
-              </Button>
-            </div>
-          );
-        },
-      },
-      {
-        title: i18next.t("general:Action"),
-        dataIndex: "",
-        key: "op",
-        width: "70px",
-        fixed: (Setting.isMobile()) ? "false" : "right",
-        render: (text, record, index) => {
-          return (
-            <div>
-              <PopconfirmModal
-                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
-                onConfirm={() => this.deleteResource(index)}
-                okText={i18next.t("general:OK")}
-                cancelText={i18next.t("general:Cancel")}
-              >
-              </PopconfirmModal>
-            </div>
-          );
-        },
-      },
-    ];
-
-    const paginationProps = {
-      total: this.state.pagination.total,
-      showQuickJumper: true,
-      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
-    };
-
-    return (
-      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={resources} rowKey="name" size="middle" bordered pagination={paginationProps}
-          title={() => (
-            <div>
-              {i18next.t("general:Resources")}&nbsp;&nbsp;&nbsp;&nbsp;
-              {/* <Button type="primary" size="small" onClick={this.addResource.bind(this)}>{i18next.t("general:Add")}</Button>*/}
-              {
-                this.renderUpload()
-              }
-            </div>
-          )}
-          loading={this.state.loading}
-          onChange={this.handleTableChange}
-        />
-      </div>
-    );
-  }
-
-  fetch = (params = {}) => {
-    const field = params.searchedColumn, value = params.searchText;
-    const sortField = params.sortField, sortOrder = params.sortOrder;
-    this.setState({loading: true});
-    ResourceBackend.getResources(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
-      .then((res) => {
-        this.setState({
-          loading: false,
-        });
-        if (res.status === "ok") {
-          this.setState({
-            data: res.data,
-            pagination: {
-              ...params.pagination,
-              total: res.data2,
-            },
-            searchText: params.searchText,
-            searchedColumn: params.searchedColumn,
-          });
-        } else {
-          if (res.data.includes("Please login first")) {
-            this.setState({
-              loading: false,
-              isAuthorized: false,
-            });
-          }
-        }
-      });
-  };
-}
-
-export default ResourceListPage;
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Image, Table, Upload} from "antd";
+import {UploadOutlined} from "@ant-design/icons";
+import copy from "copy-to-clipboard";
+import * as Setting from "./Setting";
+import * as ResourceBackend from "./backend/ResourceBackend";
+import i18next from "i18next";
+import {Link} from "react-router-dom";
+import BaseListPage from "./BaseListPage";
+import PopconfirmModal from "./common/modal/PopconfirmModal";
+
+class ResourceListPage extends BaseListPage {
+  constructor(props) {
+    super(props);
+  }
+
+  componentDidMount() {
+    this.setState({
+      fileList: [],
+      uploading: false,
+    });
+  }
+
+  deleteResource(i) {
+    ResourceBackend.deleteResource(this.state.data[i])
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  handleUpload(info) {
+    this.setState({uploading: true});
+    const filename = info.fileList[0].name;
+    const fullFilePath = `resource/${this.props.account.owner}/${this.props.account.name}/${filename}`;
+    ResourceBackend.uploadResource(this.props.account.owner, this.props.account.name, "custom", "ResourceListPage", fullFilePath, info.file)
+      .then(res => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("application:File uploaded successfully"));
+
+          const {pagination} = this.state;
+          this.fetch({pagination});
+        } else {
+          Setting.showMessage("error", res.msg);
+        }
+      }).finally(() => {
+        this.setState({uploading: false});
+      });
+  }
+
+  renderUpload() {
+    return (
+      <Upload maxCount={1} accept="image/*,video/*,audio/*,.pdf,.doc,.docx,.csv,.xls,.xlsx" showUploadList={false}
+        beforeUpload={file => {return false;}} onChange={info => {this.handleUpload(info);}}>
+        <Button id="upload-button" icon={<UploadOutlined />} loading={this.state.uploading} type="primary" size="small">
+          {i18next.t("resource:Upload a file...")}
+        </Button>
+      </Upload>
+    );
+  }
+
+  renderTable(resources) {
+    const columns = [
+      {
+        title: i18next.t("general:Provider"),
+        dataIndex: "provider",
+        key: "provider",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("provider"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/providers/${record.owner}/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Application"),
+        dataIndex: "application",
+        key: "application",
+        width: "80px",
+        sorter: true,
+        ...this.getColumnSearchProps("application"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/applications/${record.owner}/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:User"),
+        dataIndex: "user",
+        key: "user",
+        width: "80px",
+        sorter: true,
+        ...this.getColumnSearchProps("user"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${record.owner}/${record.user}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("resource:Parent"),
+        dataIndex: "parent",
+        key: "parent",
+        width: "80px",
+        sorter: true,
+        ...this.getColumnSearchProps("parent"),
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("name"),
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: "createdTime",
+        key: "createdTime",
+        width: "150px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        },
+      },
+      {
+        title: i18next.t("user:Tag"),
+        dataIndex: "tag",
+        key: "tag",
+        width: "80px",
+        sorter: true,
+        ...this.getColumnSearchProps("tag"),
+      },
+      // {
+      //   title: i18next.t("resource:File name"),
+      //   dataIndex: 'fileName',
+      //   key: 'fileName',
+      //   width: '120px',
+      //   sorter: (a, b) => a.fileName.localeCompare(b.fileName),
+      // },
+      {
+        title: i18next.t("provider:Type"),
+        dataIndex: "fileType",
+        key: "fileType",
+        width: "80px",
+        sorter: true,
+        ...this.getColumnSearchProps("fileType"),
+      },
+      {
+        title: i18next.t("resource:Format"),
+        dataIndex: "fileFormat",
+        key: "fileFormat",
+        width: "80px",
+        sorter: true,
+        ...this.getColumnSearchProps("fileFormat"),
+      },
+      {
+        title: i18next.t("resource:File size"),
+        dataIndex: "fileSize",
+        key: "fileSize",
+        width: "100px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFriendlyFileSize(text);
+        },
+      },
+      {
+        title: i18next.t("general:Preview"),
+        dataIndex: "preview",
+        key: "preview",
+        width: "100px",
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          if (record.fileType === "image") {
+            const errorImage = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMIAAADDCAYAAADQvc6UAAABRWlDQ1BJQ0MgUHJvZmlsZQAAKJFjYGASSSwoyGFhYGDIzSspCnJ3UoiIjFJgf8LAwSDCIMogwMCcmFxc4BgQ4ANUwgCjUcG3awyMIPqyLsis7PPOq3QdDFcvjV3jOD1boQVTPQrgSkktTgbSf4A4LbmgqISBgTEFyFYuLykAsTuAbJEioKOA7DkgdjqEvQHEToKwj4DVhAQ5A9k3gGyB5IxEoBmML4BsnSQk8XQkNtReEOBxcfXxUQg1Mjc0dyHgXNJBSWpFCYh2zi+oLMpMzyhRcASGUqqCZ16yno6CkYGRAQMDKMwhqj/fAIcloxgHQqxAjIHBEugw5sUIsSQpBobtQPdLciLEVJYzMPBHMDBsayhILEqEO4DxG0txmrERhM29nYGBddr//5/DGRjYNRkY/l7////39v///y4Dmn+LgeHANwDrkl1AuO+pmgAAADhlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAAqACAAQAAAABAAAAwqADAAQAAAABAAAAwwAAAAD9b/HnAAAHlklEQVR4Ae3dP3PTWBSGcbGzM6GCKqlIBRV0dHRJFarQ0eUT8LH4BnRU0NHR0UEFVdIlFRV7TzRksomPY8uykTk/zewQfKw/9znv4yvJynLv4uLiV2dBoDiBf4qP3/ARuCRABEFAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghggQAQZQKAnYEaQBAQaASKIAQJEkAEEegJmBElAoBEgghgg0Aj8i0JO4OzsrPv69Wv+hi2qPHr0qNvf39+iI97soRIh4f3z58/u7du3SXX7Xt7Z2enevHmzfQe+oSN2apSAPj09TSrb+XKI/f379+08+A0cNRE2ANkupk+ACNPvkSPcAAEibACyXUyfABGm3yNHuAECRNgAZLuYPgEirKlHu7u7XdyytGwHAd8jjNyng4OD7vnz51dbPT8/7z58+NB9+/bt6jU/TI+AGWHEnrx48eJ/EsSmHzx40L18+fLyzxF3ZVMjEyDCiEDjMYZZS5wiPXnyZFbJaxMhQIQRGzHvWR7XCyOCXsOmiDAi1HmPMMQjDpbpEiDCiL358eNHurW/5SnWdIBbXiDCiA38/Pnzrce2YyZ4//59F3ePLNMl4PbpiL2J0L979+7yDtHDhw8vtzzvdGnEXdvUigSIsCLAWavHp/+qM0BcXMd/q25n1vF57TYBp0a3mUzilePj4+7k5KSLb6gt6ydAhPUzXnoPR0dHl79WGTNCfBnn1uvSCJdegQhLI1vvCk+fPu2ePXt2tZOYEV6/fn31dz+shwAR1sP1cqvLntbEN9MxA9xcYjsxS1jWR4AIa2Ibzx0tc44fYX/16lV6NDFLXH+YL32jwiACRBiEbf5KcXoTIsQSpzXx4N28Ja4BQoK7rgXiydbHjx/P25TaQAJEGAguWy0+2Q8PD6/Ki4R8EVl+bzBOnZY95fq9rj9zAkTI2SxdidBHqG9+skdw43borCXO/ZcJdraPWdv22uIEiLA4q7nvvCug8WTqzQveOH26fodo7g6uFe/a17W3+nFBAkRYENRdb1vkkz1CH9cPsVy/jrhr27PqMYvENYNlHAIesRiBYwRy0V+8iXP8+/fvX11Mr7L7ECueb/r48eMqm7FuI2BGWDEG8cm+7G3NEOfmdcTQw4h9/55lhm7DekRYKQPZF2ArbXTAyu4kDYB2YxUzwg0gi/41ztHnfQG26HbGel/crVrm7tNY+/1btkOEAZ2M05r4FB7r9GbAIdxaZYrHdOsgJ/wCEQY0J74TmOKnbxxT9n3FgGGWWsVdowHtjt9Nnvf7yQM2aZU/TIAIAxrw6dOnAWtZZcoEnBpNuTuObWMEiLAx1HY0ZQJEmHJ3HNvGCBBhY6jtaMoEiJB0Z29vL6ls58vxPcO8/zfrdo5qvKO+d3Fx8Wu8zf1dW4p/cPzLly/dtv9Ts/EbcvGAHhHyfBIhZ6NSiIBTo0LNNtScABFyNiqFCBChULMNNSdAhJyNSiECRCjUbEPNCRAhZ6NSiAARCjXbUHMCRMjZqBQiQIRCzTbUnAARcjYqhQgQoVCzDTUnQIScjUohAkQo1GxDzQkQIWejUogAEQo121BzAkTI2agUIkCEQs021JwAEXI2KoUIEKFQsw01J0CEnI1KIQJEKNRsQ80JECFno1KIABEKNdtQcwJEyNmoFCJAhELNNtScABFyNiqFCBChULMNNSdAhJyNSiECRCjUbEPNCRAhZ6NSiAARCjXbUHMCRMjZqBQiQIRCzTbUnAARcjYqhQgQoVCzDTUnQIScjUohAkQo1GxDzQkQIWejUogAEQo121BzAkTI2agUIkCEQs021JwAEXI2KoUIEKFQsw01J0CEnI1KIQJEKNRsQ80JECFno1KIABEKNdtQcwJEyNmoFCJAhELNNtScABFyNiqFCBChULMNNSdAhJyNSiECRCjUbEPNCRAhZ6NSiAARCjXbUHMCRMjZqBQiQIRCzTbUnAARcjYqhQgQoVCzDTUnQIScjUohAkQo1GxDzQkQIWejUogAEQo121BzAkTI2agUIkCEQs021JwAEXI2KoUIEKFQsw01J0CEnI1KIQJEKNRsQ80JECFno1KIABEKNdtQcwJEyNmoFCJAhELNNtScABFyNiqFCBChULMNNSdAhJyNSiEC/wGgKKC4YMA4TAAAAABJRU5ErkJggg==";
+            return (
+              <Image
+                width={200}
+                src={record.url}
+                fallback={errorImage}
+              />
+            );
+          } else if (record.fileType === "video") {
+            return (
+              <video width={200} controls>
+                <source src={record.url} type="video/mp4" />
+              </video>
+            );
+          }
+        },
+      },
+      {
+        title: i18next.t("general:URL"),
+        dataIndex: "url",
+        key: "url",
+        width: "120px",
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button onClick={() => {
+                copy(record.url);
+                Setting.showMessage("success", i18next.t("general:Copied to clipboard successfully"));
+              }}
+              >
+                {i18next.t("resource:Copy Link")}
+              </Button>
+            </div>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: "",
+        key: "op",
+        width: "70px",
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <PopconfirmModal
+                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
+                onConfirm={() => this.deleteResource(index)}
+                okText={i18next.t("general:OK")}
+                cancelText={i18next.t("general:Cancel")}
+              >
+              </PopconfirmModal>
+            </div>
+          );
+        },
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={resources} rowKey="name" size="middle" bordered pagination={paginationProps}
+          title={() => (
+            <div>
+              {i18next.t("general:Resources")}&nbsp;&nbsp;&nbsp;&nbsp;
+              {/* <Button type="primary" size="small" onClick={this.addResource.bind(this)}>{i18next.t("general:Add")}</Button>*/}
+              {
+                this.renderUpload()
+              }
+            </div>
+          )}
+          loading={this.state.loading}
+          onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    const field = params.searchedColumn, value = params.searchText;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
+    this.setState({loading: true});
+    ResourceBackend.getResources(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        this.setState({
+          loading: false,
+        });
+        if (res.status === "ok") {
+          this.setState({
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        } else {
+          if (res.data.includes("Please login first")) {
+            this.setState({
+              loading: false,
+              isAuthorized: false,
+            });
+          }
+        }
+      });
+  };
+}
+
+export default ResourceListPage;
--- a/web/src/auth/OidcDiscoveryPage.js
+++ b/web/src/auth/OidcDiscoveryPage.js
@@ -1,30 +1,30 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React from "react";
-import * as Setting from "../Setting";
-
-class OdicDiscoveryPage extends React.Component {
-  UNSAFE_componentWillMount() {
-    if (Setting.isLocalhost()) {
-      Setting.goToLink(`${Setting.ServerUrl}/.well-known/openid-configuration`);
-    }
-  }
-
-  render() {
-    return null;
-  }
-}
-
-export default OdicDiscoveryPage;
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import * as Setting from "../Setting";
+
+class OdicDiscoveryPage extends React.Component {
+  UNSAFE_componentWillMount() {
+    if (Setting.isLocalhost()) {
+      Setting.goToLink(`${Setting.ServerUrl}/.well-known/openid-configuration`);
+    }
+  }
+
+  render() {
+    return null;
+  }
+}
+
+export default OdicDiscoveryPage;
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@@ -278,7 +278,7 @@ const authInfo = {
    endpoint: "https://www.tiktok.com/auth/authorize/",
  },
  Tumblr: {
-    scope: "email",
+    scope: "basic",
    endpoint: "https://www.tumblr.com/oauth2/authorize",
  },
  Twitch: {
--- a/web/src/auth/QqLoginButton.js
+++ b/web/src/auth/QqLoginButton.js
@@ -1,31 +1,31 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import {createButton} from "react-social-login-buttons";
-
-function Icon({width = 24, height = 24, color}) {
-  return <svg xmlns="http://www.w3.org/2000/svg" height="48" width="32" viewBox="-18.15 -35.9725 157.3 215.835"><path fill="#faab07" d="M60.503 142.237c-12.533 0-24.038-4.195-31.445-10.46-3.762 1.124-8.574 2.932-11.61 5.175-2.6 1.918-2.275 3.874-1.807 4.663 2.056 3.47 35.273 2.216 44.862 1.136zm0 0c12.535 0 24.039-4.195 31.447-10.46 3.76 1.124 8.573 2.932 11.61 5.175 2.598 1.918 2.274 3.874 1.805 4.663-2.056 3.47-35.272 2.216-44.862 1.136zm0 0" /><path d="M60.576 67.119c20.698-.14 37.286-4.147 42.907-5.683 1.34-.367 2.056-1.024 2.056-1.024.005-.189.085-3.37.085-5.01C105.624 27.768 92.58.001 60.5 0 28.42.001 15.375 27.769 15.375 55.401c0 1.642.08 4.822.086 5.01 0 0 .583.615 1.65.913 5.19 1.444 22.09 5.65 43.312 5.795zm56.245 23.02c-1.283-4.129-3.034-8.944-4.808-13.568 0 0-1.02-.126-1.537.023-15.913 4.623-35.202 7.57-49.9 7.392h-.153c-14.616.175-33.774-2.737-49.634-7.315-.606-.175-1.802-.1-1.802-.1-1.774 4.624-3.525 9.44-4.808 13.568-6.119 19.69-4.136 27.838-2.627 28.02 3.239.392 12.606-14.821 12.606-14.821 0 15.459 13.957 39.195 45.918 39.413h.848c31.96-.218 45.917-23.954 45.917-39.413 0 0 9.368 15.213 12.607 14.822 1.508-.183 3.491-8.332-2.627-28.021" /><path fill="#fff" d="M49.085 40.824c-4.352.197-8.07-4.76-8.304-11.063-.236-6.305 3.098-11.576 7.45-11.773 4.347-.195 8.064 4.76 8.3 11.065.238 6.306-3.097 11.577-7.446 11.771m31.133-11.063c-.233 6.302-3.951 11.26-8.303 11.063-4.35-.195-7.684-5.465-7.446-11.77.236-6.305 3.952-11.26 8.3-11.066 4.352.197 7.686 5.468 7.449 11.773" /><path fill="#faab07" d="M87.952 49.725C86.79 47.15 75.077 44.28 60.578 44.28h-.156c-14.5 0-26.212 2.87-27.375 5.446a.863.863 0 00-.085.367.88.88 0 00.16.496c.98 1.427 13.985 8.487 27.3 8.487h.156c13.314 0 26.319-7.058 27.299-8.487a.873.873 0 00.16-.498.856.856 0 00-.085-.365" /><path d="M54.434 29.854c.199 2.49-1.167 4.702-3.046 4.943-1.883.242-3.568-1.58-3.768-4.07-.197-2.492 1.167-4.704 3.043-4.944 1.886-.244 3.574 1.58 3.771 4.07m11.956.833c.385-.689 3.004-4.312 8.427-2.993 1.425.347 2.084.857 2.223 1.057.205.296.262.718.053 1.286-.412 1.126-1.263 1.095-1.734.875-.305-.142-4.082-2.66-7.562 1.097-.24.257-.668.346-1.073.04-.407-.308-.574-.93-.334-1.362" /><path fill="#fff" d="M60.576 83.08h-.153c-9.996.12-22.116-1.204-33.854-3.518-1.004 5.818-1.61 13.132-1.09 21.853 1.316 22.043 14.407 35.9 34.614 36.1h.82c20.208-.2 33.298-14.057 34.616-36.1.52-8.723-.087-16.035-1.092-21.854-11.739 2.315-23.862 3.64-33.86 3.518" /><path fill="#eb1923" d="M32.102 81.235v21.693s9.937 2.004 19.893.616V83.535c-6.307-.357-13.109-1.152-19.893-2.3" /><path fill="#eb1923" d="M105.539 60.412s-19.33 6.102-44.963 6.275h-.153c-25.591-.172-44.896-6.255-44.962-6.275L8.987 76.57c16.193 4.882 36.261 8.028 51.436 7.845h.153c15.175.183 35.242-2.963 51.437-7.845zm0 0" /></svg>;
-}
-
-const config = {
-  text: "Sign in with QQ",
-  icon: Icon,
-  iconFormat: name => `fa fa-${name}`,
-  style: {background: "rgb(94,188,249)"},
-  activeStyle: {background: "rgb(76,143,208)"},
-};
-
-const QqLoginButton = createButton(config);
-
-export default QqLoginButton;
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import {createButton} from "react-social-login-buttons";
+
+function Icon({width = 24, height = 24, color}) {
+  return <svg xmlns="http://www.w3.org/2000/svg" height="48" width="32" viewBox="-18.15 -35.9725 157.3 215.835"><path fill="#faab07" d="M60.503 142.237c-12.533 0-24.038-4.195-31.445-10.46-3.762 1.124-8.574 2.932-11.61 5.175-2.6 1.918-2.275 3.874-1.807 4.663 2.056 3.47 35.273 2.216 44.862 1.136zm0 0c12.535 0 24.039-4.195 31.447-10.46 3.76 1.124 8.573 2.932 11.61 5.175 2.598 1.918 2.274 3.874 1.805 4.663-2.056 3.47-35.272 2.216-44.862 1.136zm0 0" /><path d="M60.576 67.119c20.698-.14 37.286-4.147 42.907-5.683 1.34-.367 2.056-1.024 2.056-1.024.005-.189.085-3.37.085-5.01C105.624 27.768 92.58.001 60.5 0 28.42.001 15.375 27.769 15.375 55.401c0 1.642.08 4.822.086 5.01 0 0 .583.615 1.65.913 5.19 1.444 22.09 5.65 43.312 5.795zm56.245 23.02c-1.283-4.129-3.034-8.944-4.808-13.568 0 0-1.02-.126-1.537.023-15.913 4.623-35.202 7.57-49.9 7.392h-.153c-14.616.175-33.774-2.737-49.634-7.315-.606-.175-1.802-.1-1.802-.1-1.774 4.624-3.525 9.44-4.808 13.568-6.119 19.69-4.136 27.838-2.627 28.02 3.239.392 12.606-14.821 12.606-14.821 0 15.459 13.957 39.195 45.918 39.413h.848c31.96-.218 45.917-23.954 45.917-39.413 0 0 9.368 15.213 12.607 14.822 1.508-.183 3.491-8.332-2.627-28.021" /><path fill="#fff" d="M49.085 40.824c-4.352.197-8.07-4.76-8.304-11.063-.236-6.305 3.098-11.576 7.45-11.773 4.347-.195 8.064 4.76 8.3 11.065.238 6.306-3.097 11.577-7.446 11.771m31.133-11.063c-.233 6.302-3.951 11.26-8.303 11.063-4.35-.195-7.684-5.465-7.446-11.77.236-6.305 3.952-11.26 8.3-11.066 4.352.197 7.686 5.468 7.449 11.773" /><path fill="#faab07" d="M87.952 49.725C86.79 47.15 75.077 44.28 60.578 44.28h-.156c-14.5 0-26.212 2.87-27.375 5.446a.863.863 0 00-.085.367.88.88 0 00.16.496c.98 1.427 13.985 8.487 27.3 8.487h.156c13.314 0 26.319-7.058 27.299-8.487a.873.873 0 00.16-.498.856.856 0 00-.085-.365" /><path d="M54.434 29.854c.199 2.49-1.167 4.702-3.046 4.943-1.883.242-3.568-1.58-3.768-4.07-.197-2.492 1.167-4.704 3.043-4.944 1.886-.244 3.574 1.58 3.771 4.07m11.956.833c.385-.689 3.004-4.312 8.427-2.993 1.425.347 2.084.857 2.223 1.057.205.296.262.718.053 1.286-.412 1.126-1.263 1.095-1.734.875-.305-.142-4.082-2.66-7.562 1.097-.24.257-.668.346-1.073.04-.407-.308-.574-.93-.334-1.362" /><path fill="#fff" d="M60.576 83.08h-.153c-9.996.12-22.116-1.204-33.854-3.518-1.004 5.818-1.61 13.132-1.09 21.853 1.316 22.043 14.407 35.9 34.614 36.1h.82c20.208-.2 33.298-14.057 34.616-36.1.52-8.723-.087-16.035-1.092-21.854-11.739 2.315-23.862 3.64-33.86 3.518" /><path fill="#eb1923" d="M32.102 81.235v21.693s9.937 2.004 19.893.616V83.535c-6.307-.357-13.109-1.152-19.893-2.3" /><path fill="#eb1923" d="M105.539 60.412s-19.33 6.102-44.963 6.275h-.153c-25.591-.172-44.896-6.255-44.962-6.275L8.987 76.57c16.193 4.882 36.261 8.028 51.436 7.845h.153c15.175.183 35.242-2.963 51.437-7.845zm0 0" /></svg>;
+}
+
+const config = {
+  text: "Sign in with QQ",
+  icon: Icon,
+  iconFormat: name => `fa fa-${name}`,
+  style: {background: "rgb(94,188,249)"},
+  activeStyle: {background: "rgb(76,143,208)"},
+};
+
+const QqLoginButton = createButton(config);
+
+export default QqLoginButton;
--- a/web/src/backend/ResourceBackend.js
+++ b/web/src/backend/ResourceBackend.js
@@ -1,85 +1,85 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import * as Setting from "../Setting";
-
-export function getResources(owner, user, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
-  return fetch(`${Setting.ServerUrl}/api/get-resources?owner=${owner}&user=${user}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
-    method: "GET",
-    credentials: "include",
-    headers: {
-      "Accept-Language": Setting.getAcceptLanguage(),
-    },
-  }).then(res => res.json());
-}
-
-export function getResource(owner, name) {
-  return fetch(`${Setting.ServerUrl}/api/get-resource?id=${owner}/${encodeURIComponent(name)}`, {
-    method: "GET",
-    credentials: "include",
-    headers: {
-      "Accept-Language": Setting.getAcceptLanguage(),
-    },
-  }).then(res => res.json());
-}
-
-export function updateResource(owner, name, resource) {
-  const newResource = Setting.deepCopy(resource);
-  return fetch(`${Setting.ServerUrl}/api/update-resource?id=${owner}/${encodeURIComponent(name)}`, {
-    method: "POST",
-    credentials: "include",
-    body: JSON.stringify(newResource),
-    headers: {
-      "Accept-Language": Setting.getAcceptLanguage(),
-    },
-  }).then(res => res.json());
-}
-
-export function addResource(resource) {
-  const newResource = Setting.deepCopy(resource);
-  return fetch(`${Setting.ServerUrl}/api/add-resource`, {
-    method: "POST",
-    credentials: "include",
-    body: JSON.stringify(newResource),
-    headers: {
-      "Accept-Language": Setting.getAcceptLanguage(),
-    },
-  }).then(res => res.json());
-}
-
-export function deleteResource(resource, provider = "") {
-  const newResource = Setting.deepCopy(resource);
-  return fetch(`${Setting.ServerUrl}/api/delete-resource?provider=${provider}`, {
-    method: "POST",
-    credentials: "include",
-    body: JSON.stringify(newResource),
-    headers: {
-      "Accept-Language": Setting.getAcceptLanguage(),
-    },
-  }).then(res => res.json());
-}
-
-export function uploadResource(owner, user, tag, parent, fullFilePath, file, provider = "") {
-  const application = "app-built-in";
-  const formData = new FormData();
-  formData.append("file", file);
-  return fetch(`${Setting.ServerUrl}/api/upload-resource?owner=${owner}&user=${user}&application=${application}&tag=${tag}&parent=${parent}&fullFilePath=${encodeURIComponent(fullFilePath)}&provider=${provider}`, {
-    body: formData,
-    method: "POST",
-    credentials: "include",
-    headers: {
-      "Accept-Language": Setting.getAcceptLanguage(),
-    },
-  }).then(res => res.json());
-}
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getResources(owner, user, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-resources?owner=${owner}&user=${user}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function getResource(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-resource?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function updateResource(owner, name, resource) {
+  const newResource = Setting.deepCopy(resource);
+  return fetch(`${Setting.ServerUrl}/api/update-resource?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newResource),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function addResource(resource) {
+  const newResource = Setting.deepCopy(resource);
+  return fetch(`${Setting.ServerUrl}/api/add-resource`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newResource),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function deleteResource(resource, provider = "") {
+  const newResource = Setting.deepCopy(resource);
+  return fetch(`${Setting.ServerUrl}/api/delete-resource?provider=${provider}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newResource),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function uploadResource(owner, user, tag, parent, fullFilePath, file, provider = "") {
+  const application = "app-built-in";
+  const formData = new FormData();
+  formData.append("file", file);
+  return fetch(`${Setting.ServerUrl}/api/upload-resource?owner=${owner}&user=${user}&application=${application}&tag=${tag}&parent=${parent}&fullFilePath=${encodeURIComponent(fullFilePath)}&provider=${provider}`, {
+    body: formData,
+    method: "POST",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/common/CaptchaWidget.js
+++ b/web/src/common/CaptchaWidget.js
@@ -85,22 +85,31 @@ export const CaptchaWidget = (props) => {
      break;
    }
    case "Aliyun Captcha": {
+      window.AliyunCaptchaConfig = {
+        region: "cn",
+        prefix: clientSecret2,
+      };
+
      const AWSCTimer = setInterval(() => {
-        if (!window.AWSC) {
-          loadScript("https://g.alicdn.com/AWSC/AWSC/awsc.js");
+        if (!window.initAliyunCaptcha) {
+          loadScript("https://o.alicdn.com/captcha-frontend/aliyunCaptcha/AliyunCaptcha.js");
        }

-        if (window.AWSC) {
+        if (window.initAliyunCaptcha) {
          if (clientSecret2 && clientSecret2 !== "***") {
-            window.AWSC.use(subType, function(state, module) {
-              module.init({
-                appkey: clientSecret2,
-                scene: clientId2,
-                renderTo: "captcha",
-                success: function(data) {
-                  onChange(`SessionId=${data.sessionId}&AccessKeyId=${siteKey}&Scene=${clientId2}&AppKey=${clientSecret2}&Token=${data.token}&Sig=${data.sig}&RemoteIp=192.168.0.1`);
-                },
-              });
+            window.initAliyunCaptcha({
+              SceneId: clientId2,
+              mode: "embed",
+              element: "#captcha",
+              captchaVerifyCallback: (data) => {
+                onChange(data.toString());
+              },
+              slideStyle: {
+                width: 320,
+                height: 40,
+              },
+              language: "cn",
+              immediate: true,
            });
          }
          clearInterval(AWSCTimer);
--- a/web/src/common/OAuthWidget.js
+++ b/web/src/common/OAuthWidget.js
@@ -1,229 +1,229 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React from "react";
-import {Button, Col, Row} from "antd";
-import i18next from "i18next";
-import * as UserBackend from "../backend/UserBackend";
-import * as Setting from "../Setting";
-import * as Provider from "../auth/Provider";
-import * as AuthBackend from "../auth/AuthBackend";
-import {goToWeb3Url} from "../auth/ProviderButton";
-import AccountAvatar from "../account/AccountAvatar";
-import {WechatOfficialAccountModal} from "../auth/Util";
-
-class OAuthWidget extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      addressOptions: [],
-      affiliationOptions: [],
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getAddressOptions(this.props.application);
-    this.getAffiliationOptions(this.props.application, this.props.user);
-  }
-
-  getAddressOptions(application) {
-    if (application.affiliationUrl === "") {
-      return;
-    }
-
-    const addressUrl = application.affiliationUrl.split("|")[0];
-    UserBackend.getAddressOptions(addressUrl)
-      .then((addressOptions) => {
-        this.setState({
-          addressOptions: addressOptions,
-        });
-      });
-  }
-
-  getAffiliationOptions(application, user) {
-    if (application.affiliationUrl === "") {
-      return;
-    }
-
-    const affiliationUrl = application.affiliationUrl.split("|")[1];
-    const code = user.address[user.address.length - 1];
-    UserBackend.getAffiliationOptions(affiliationUrl, code)
-      .then((affiliationOptions) => {
-        this.setState({
-          affiliationOptions: affiliationOptions,
-        });
-      });
-  }
-
-  updateUserField(key, value) {
-    this.props.onUpdateUserField(key, value);
-  }
-
-  unlinked() {
-    this.props.onUnlinked();
-  }
-
-  getProviderLink(user, provider) {
-    if (provider.type === "GitHub") {
-      return `https://github.com/${this.getUserProperty(user, provider.type, "username")}`;
-    } else if (provider.type === "Google") {
-      return "https://mail.google.com";
-    } else {
-      return "";
-    }
-  }
-
-  getUserProperty(user, providerType, propertyName) {
-    const key = `oauth_${providerType}_${propertyName}`;
-    if (user.properties === null) {return "";}
-    return user.properties[key];
-  }
-
-  unlinkUser(providerType, linkedValue) {
-    const body = {
-      providerType: providerType,
-      // should add the unlink user's info, cause the user may not be logged in, but a admin want to unlink the user.
-      user: this.props.user,
-    };
-    if (providerType === "MetaMask" || providerType === "Web3Onboard") {
-      import("../auth/Web3Auth")
-        .then(module => {
-          const delWeb3AuthToken = module.delWeb3AuthToken;
-          delWeb3AuthToken(linkedValue);
-          AuthBackend.unlink(body)
-            .then((res) => {
-              if (res.status === "ok") {
-                Setting.showMessage("success", "Unlinked successfully");
-
-                this.unlinked();
-              } else {
-                Setting.showMessage("error", `Failed to unlink: ${res.msg}`);
-              }
-            });
-        });
-      return;
-    }
-    AuthBackend.unlink(body)
-      .then((res) => {
-        if (res.status === "ok") {
-          Setting.showMessage("success", "Unlinked successfully");
-
-          this.unlinked();
-        } else {
-          Setting.showMessage("error", `Failed to unlink: ${res.msg}`);
-        }
-      });
-  }
-
-  renderIdp(user, application, providerItem) {
-    const provider = providerItem.provider;
-    const linkedValue = user[provider.type.toLowerCase()];
-    const profileUrl = this.getProviderLink(user, provider);
-    const id = this.getUserProperty(user, provider.type, "id");
-    const username = this.getUserProperty(user, provider.type, "username");
-    const displayName = this.getUserProperty(user, provider.type, "displayName");
-    const email = this.getUserProperty(user, provider.type, "email");
-    let avatarUrl = this.getUserProperty(user, provider.type, "avatarUrl");
-    // the account user
-    const account = this.props.account;
-
-    if (avatarUrl === "" || avatarUrl === undefined) {
-      avatarUrl = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAQAAACROWYpAAAAHElEQVR42mNkoAAwjmoe1TyqeVTzqOZRzcNZMwB18wAfEFQkPQAAAABJRU5ErkJggg==";
-    }
-
-    let name = (username === undefined) ? displayName : `${displayName} (${username})`;
-    if (name === undefined) {
-      if (id !== undefined) {
-        name = id;
-      } else if (email !== undefined) {
-        name = email;
-      } else {
-        name = linkedValue;
-      }
-    }
-
-    let linkButtonWidth = "110px";
-    if (Setting.getLanguage() === "id") {
-      linkButtonWidth = "160px";
-    }
-
-    return (
-      <Row key={provider.name} style={{marginTop: "20px"}} >
-        <Col style={{marginTop: "5px"}} span={this.props.labelSpan}>
-          {
-            Setting.getProviderLogo(provider)
-          }
-          <span style={{marginLeft: "5px"}}>
-            {
-              `${provider.type}:`
-            }
-          </span>
-        </Col>
-        <Col span={24 - this.props.labelSpan} >
-          <AccountAvatar style={{marginRight: "10px"}} size={30} src={avatarUrl} alt={name} referrerPolicy="no-referrer" />
-          <span style={{
-            width: this.props.labelSpan === 3 ? "300px" : "200px",
-            display: (Setting.isMobile()) ? "inline" : "inline-block",
-            overflow: "hidden",
-            textOverflow: "ellipsis",
-          }} title={name}>
-            {
-              linkedValue === "" ? (
-                `(${i18next.t("general:empty")})`
-              ) : (
-                profileUrl === "" ? name : (
-                  <a target="_blank" rel="noreferrer" href={profileUrl}>
-                    {
-                      name
-                    }
-                  </a>
-                )
-              )
-            }
-          </span>
-          {
-            linkedValue === "" ? (
-              provider.category === "Web3" ? (
-                <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id} onClick={() => goToWeb3Url(application, provider, "link")}>{i18next.t("user:Link")}</Button>
-              ) : (
-                provider.type === "WeChat" && provider.clientId2 !== "" && provider.clientSecret2 !== "" && provider.disableSsl === true && !navigator.userAgent.includes("MicroMessenger") ? (
-                  <a key={provider.displayName}>
-                    <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id} onClick={
-                      () => {
-                        WechatOfficialAccountModal(application, provider, "link");
-                      }
-                    }>{i18next.t("user:Link")}</Button>
-                  </a>
-                ) : (
-                  <a key={provider.displayName} href={user.id !== account.id ? null : Provider.getAuthUrl(application, provider, "link")}>
-                    <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id}>{i18next.t("user:Link")}</Button>
-                  </a>
-                )
-              )
-            ) : (
-              <Button disabled={!providerItem.canUnlink && !Setting.isAdminUser(account)} style={{marginLeft: "20px", width: linkButtonWidth}} onClick={() => this.unlinkUser(provider.type, linkedValue)}>{i18next.t("user:Unlink")}</Button>
-            )
-          }
-        </Col>
-      </Row>
-    );
-  }
-
-  render() {
-    return this.renderIdp(this.props.user, this.props.application, this.props.providerItem);
-  }
-}
-
-export default OAuthWidget;
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Col, Row} from "antd";
+import i18next from "i18next";
+import * as UserBackend from "../backend/UserBackend";
+import * as Setting from "../Setting";
+import * as Provider from "../auth/Provider";
+import * as AuthBackend from "../auth/AuthBackend";
+import {goToWeb3Url} from "../auth/ProviderButton";
+import AccountAvatar from "../account/AccountAvatar";
+import {WechatOfficialAccountModal} from "../auth/Util";
+
+class OAuthWidget extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      addressOptions: [],
+      affiliationOptions: [],
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getAddressOptions(this.props.application);
+    this.getAffiliationOptions(this.props.application, this.props.user);
+  }
+
+  getAddressOptions(application) {
+    if (application.affiliationUrl === "") {
+      return;
+    }
+
+    const addressUrl = application.affiliationUrl.split("|")[0];
+    UserBackend.getAddressOptions(addressUrl)
+      .then((addressOptions) => {
+        this.setState({
+          addressOptions: addressOptions,
+        });
+      });
+  }
+
+  getAffiliationOptions(application, user) {
+    if (application.affiliationUrl === "") {
+      return;
+    }
+
+    const affiliationUrl = application.affiliationUrl.split("|")[1];
+    const code = user.address[user.address.length - 1];
+    UserBackend.getAffiliationOptions(affiliationUrl, code)
+      .then((affiliationOptions) => {
+        this.setState({
+          affiliationOptions: affiliationOptions,
+        });
+      });
+  }
+
+  updateUserField(key, value) {
+    this.props.onUpdateUserField(key, value);
+  }
+
+  unlinked() {
+    this.props.onUnlinked();
+  }
+
+  getProviderLink(user, provider) {
+    if (provider.type === "GitHub") {
+      return `https://github.com/${this.getUserProperty(user, provider.type, "username")}`;
+    } else if (provider.type === "Google") {
+      return "https://mail.google.com";
+    } else {
+      return "";
+    }
+  }
+
+  getUserProperty(user, providerType, propertyName) {
+    const key = `oauth_${providerType}_${propertyName}`;
+    if (user.properties === null) {return "";}
+    return user.properties[key];
+  }
+
+  unlinkUser(providerType, linkedValue) {
+    const body = {
+      providerType: providerType,
+      // should add the unlink user's info, cause the user may not be logged in, but a admin want to unlink the user.
+      user: this.props.user,
+    };
+    if (providerType === "MetaMask" || providerType === "Web3Onboard") {
+      import("../auth/Web3Auth")
+        .then(module => {
+          const delWeb3AuthToken = module.delWeb3AuthToken;
+          delWeb3AuthToken(linkedValue);
+          AuthBackend.unlink(body)
+            .then((res) => {
+              if (res.status === "ok") {
+                Setting.showMessage("success", "Unlinked successfully");
+
+                this.unlinked();
+              } else {
+                Setting.showMessage("error", `Failed to unlink: ${res.msg}`);
+              }
+            });
+        });
+      return;
+    }
+    AuthBackend.unlink(body)
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", "Unlinked successfully");
+
+          this.unlinked();
+        } else {
+          Setting.showMessage("error", `Failed to unlink: ${res.msg}`);
+        }
+      });
+  }
+
+  renderIdp(user, application, providerItem) {
+    const provider = providerItem.provider;
+    const linkedValue = user[provider.type.toLowerCase()];
+    const profileUrl = this.getProviderLink(user, provider);
+    const id = this.getUserProperty(user, provider.type, "id");
+    const username = this.getUserProperty(user, provider.type, "username");
+    const displayName = this.getUserProperty(user, provider.type, "displayName");
+    const email = this.getUserProperty(user, provider.type, "email");
+    let avatarUrl = this.getUserProperty(user, provider.type, "avatarUrl");
+    // the account user
+    const account = this.props.account;
+
+    if (avatarUrl === "" || avatarUrl === undefined) {
+      avatarUrl = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAQAAACROWYpAAAAHElEQVR42mNkoAAwjmoe1TyqeVTzqOZRzcNZMwB18wAfEFQkPQAAAABJRU5ErkJggg==";
+    }
+
+    let name = (username === undefined) ? displayName : `${displayName} (${username})`;
+    if (name === undefined) {
+      if (id !== undefined) {
+        name = id;
+      } else if (email !== undefined) {
+        name = email;
+      } else {
+        name = linkedValue;
+      }
+    }
+
+    let linkButtonWidth = "110px";
+    if (Setting.getLanguage() === "id") {
+      linkButtonWidth = "160px";
+    }
+
+    return (
+      <Row key={provider.name} style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={this.props.labelSpan}>
+          {
+            Setting.getProviderLogo(provider)
+          }
+          <span style={{marginLeft: "5px"}}>
+            {
+              `${provider.type}:`
+            }
+          </span>
+        </Col>
+        <Col span={24 - this.props.labelSpan} >
+          <AccountAvatar style={{marginRight: "10px"}} size={30} src={avatarUrl} alt={name} referrerPolicy="no-referrer" />
+          <span style={{
+            width: this.props.labelSpan === 3 ? "300px" : "200px",
+            display: (Setting.isMobile()) ? "inline" : "inline-block",
+            overflow: "hidden",
+            textOverflow: "ellipsis",
+          }} title={name}>
+            {
+              linkedValue === "" ? (
+                `(${i18next.t("general:empty")})`
+              ) : (
+                profileUrl === "" ? name : (
+                  <a target="_blank" rel="noreferrer" href={profileUrl}>
+                    {
+                      name
+                    }
+                  </a>
+                )
+              )
+            }
+          </span>
+          {
+            linkedValue === "" ? (
+              provider.category === "Web3" ? (
+                <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id} onClick={() => goToWeb3Url(application, provider, "link")}>{i18next.t("user:Link")}</Button>
+              ) : (
+                provider.type === "WeChat" && provider.clientId2 !== "" && provider.clientSecret2 !== "" && provider.disableSsl === true && !navigator.userAgent.includes("MicroMessenger") ? (
+                  <a key={provider.displayName}>
+                    <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id} onClick={
+                      () => {
+                        WechatOfficialAccountModal(application, provider, "link");
+                      }
+                    }>{i18next.t("user:Link")}</Button>
+                  </a>
+                ) : (
+                  <a key={provider.displayName} href={user.id !== account.id ? null : Provider.getAuthUrl(application, provider, "link")}>
+                    <Button style={{marginLeft: "20px", width: linkButtonWidth}} type="primary" disabled={user.id !== account.id}>{i18next.t("user:Link")}</Button>
+                  </a>
+                )
+              )
+            ) : (
+              <Button disabled={!providerItem.canUnlink && !Setting.isAdminUser(account)} style={{marginLeft: "20px", width: linkButtonWidth}} onClick={() => this.unlinkUser(provider.type, linkedValue)}>{i18next.t("user:Unlink")}</Button>
+            )
+          }
+        </Col>
+      </Row>
+    );
+  }
+
+  render() {
+    return this.renderIdp(this.props.user, this.props.application, this.props.providerItem);
+  }
+}
+
+export default OAuthWidget;
--- a/web/src/common/modal/CaptchaModal.js
+++ b/web/src/common/modal/CaptchaModal.js
@@ -44,6 +44,12 @@ export const CaptchaModal = (props) => {
    }
  }, [visible]);

+  useEffect(() => {
+    if (captchaToken !== "" && captchaType !== "Default") {
+      handleOk();
+    }
+  }, [captchaToken]);
+
  const handleOk = () => {
    onOk?.(captchaType, captchaToken, clientSecret);
  };
@@ -138,19 +144,18 @@ export const CaptchaModal = (props) => {
      if (!regex.test(captchaToken)) {
        isOkDisabled = true;
      }
-    } else if (captchaToken === "") {
-      isOkDisabled = true;
+      return [
+        null,
+        <Button key="ok" disabled={isOkDisabled} type="primary" onClick={handleOk}>{i18next.t("general:OK")}</Button>,
+      ];
    }

-    return [
-      <Button key="cancel" onClick={handleCancel}>{i18next.t("general:Cancel")}</Button>,
-      <Button key="ok" disabled={isOkDisabled} type="primary" onClick={handleOk}>{i18next.t("general:OK")}</Button>,
-    ];
+    return null;
  };

  return (
    <Modal
-      closable={false}
+      closable={true}
      maskClosable={false}
      destroyOnClose={true}
      title={i18next.t("general:Captcha")}
@@ -160,6 +165,7 @@ export const CaptchaModal = (props) => {
      width={350}
      footer={renderFooter()}
      onCancel={handleCancel}
+      afterClose={handleCancel}
      onOk={handleOk}
    >
      <div style={{marginTop: "20px", marginBottom: "50px"}}>
--- a/web/src/table/LdapTable.js
+++ b/web/src/table/LdapTable.js
@@ -100,7 +100,7 @@ class LdapTable extends React.Component {
        sorter: (a, b) => a.serverName.localeCompare(b.serverName),
        render: (text, record, index) => {
          return (
-            <Link to={`/ldaps/${record.id}`}>
+            <Link to={`/ldap/${record.owner}/${record.id}`}>
              {text}
            </Link>
          );
--- a/xlsx/group_test.xlsx
+++ b/xlsx/group_test.xlsx
Author	SHA1	Message	Date
David	73915ac0a0	feat: fix issue that LDAP user address was not syncing (#3905 )	2025-06-26 09:38:16 +08:00
Attack825	bf9d55ff40	feat: add InitCleanupTokens() (#3903 )	2025-06-26 09:31:59 +08:00
XiangYe	b36fb50239	feat: fix check bug to allow logged-in users to buy product (#3897 )	2025-06-25 10:49:20 +08:00
Øßfusion	4307baa759	feat: fix Tumblr OAuth's wrong scope (#3898 )	2025-06-25 09:55:02 +08:00
David	3964bae1df	feat: fix org's LDAP table wrong link (#3900 )	2025-06-25 09:51:40 +08:00
Yang Luo	d9b97d70be	feat: change CRLF to LF for some files	2025-06-24 09:55:00 +08:00
Attack825	ca224fdd4c	feat: add group xlsx upload button (#3885 )	2025-06-17 23:43:38 +08:00
千石	37daea2bbc	feat: improve error message in ApplicationEditPage (#3886 )	2025-06-17 20:06:52 +08:00
千石	af231bf946	feat: add FieldValidationFilter to check object names (#3877 )	2025-06-17 16:11:35 +08:00
DacongDA	6dc7b4d533	feat: get-user API respects org's account item's view rules now (#3882 )	2025-06-16 20:09:21 +08:00
DacongDA	12cc0f429e	feat: remove support for Non trace verification for Alibaba cloud captcha verification (#3881 )	2025-06-13 00:36:29 +08:00
DacongDA	8cc22dec91	feat: upgrade Alibaba cloud captcha provider from v1 to v2 (#3879 )	2025-06-12 23:02:36 +08:00
千石	0c08ae5365	feat: Add support for email verification logic (#3875 )	2025-06-11 19:17:16 +08:00
Yang Luo	c3485268d3	feat: fix "Display name cannot be empty" in /update-user API	2025-06-11 00:32:05 +08:00
Yang Luo	64a4956c42	feat: improve getMemoryUsage()	2025-06-09 20:08:55 +08:00
DacongDA	855bdf47e8	feat: fix memory usage in sysinfo page (#3870 )	2025-06-09 00:31:34 +08:00