feat: use only one salt arg in CredManager.IsPasswordCorrect() (#3936 )

feat: move needUpdatePassword to response's Data3 field to avoid refresh token conflict (#3931 )
feat: CredManager.GetHashedPassword() only contains one salt arg now (#3928 )
2025-07-08 00:50:28 +08:00 · 2025-07-07 17:56:25 +08:00 · 2025-07-05 22:48:44 +08:00 · 2025-07-05 18:41:37 +08:00 · 2025-07-03 22:50:23 +08:00 · 2025-07-03 20:53:15 +08:00
98 changed files with 639 additions and 324 deletions
--- a/controllers/account.go
+++ b/controllers/account.go
@ -42,6 +42,7 @@ type Response struct {
 	Name   string      `json:"name"`
 	Data   interface{} `json:"data"`
 	Data2  interface{} `json:"data2"`
+	Data3  interface{} `json:"data3"`
 }

 type Captcha struct {
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -132,7 +132,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	if form.Type == ResponseTypeLogin {
 		c.SetSessionUsername(userId)
 		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
-		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data3: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeCode {
 		clientId := c.Input().Get("clientId")
 		responseType := c.Input().Get("responseType")
@ -154,7 +154,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		}

 		resp = codeToResponse(code)
-		resp.Data2 = user.NeedUpdatePassword
+		resp.Data3 = user.NeedUpdatePassword
 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
 			c.SetSessionUsername(userId)
@ -168,7 +168,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			token, _ := object.GetTokenByUser(application, user, scope, nonce, c.Ctx.Request.Host)
 			resp = tokenToResponse(token)

-			resp.Data2 = user.NeedUpdatePassword
+			resp.Data3 = user.NeedUpdatePassword
 		}
 	} else if form.Type == ResponseTypeDevice {
 		authCache, ok := object.DeviceAuthMap.LoadAndDelete(form.UserCode)
@ -195,14 +195,14 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob

 		object.DeviceAuthMap.Store(authCacheCast.UserName, deviceAuthCacheDeviceCodeCast)

-		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data3: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeSaml { // saml flow
 		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
 			return
 		}
-		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]interface{}{"redirectUrl": redirectUrl, "method": method, "needUpdatePassword": user.NeedUpdatePassword}}
+		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]interface{}{"redirectUrl": redirectUrl, "method": method}, Data3: user.NeedUpdatePassword}

 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
@ -555,8 +555,11 @@ func (c *ApiController) Login() {
 				c.ResponseError(c.T("auth:The login method: login with LDAP is not enabled for the application"))
 				return
 			}
+
+			clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+
 			var enableCaptcha bool
-			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); err != nil {
+			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username, clientIp); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if enableCaptcha {
@ -1222,27 +1225,26 @@ func (c *ApiController) GetQRCode() {
 func (c *ApiController) GetCaptchaStatus() {
 	organization := c.Input().Get("organization")
 	userId := c.Input().Get("userId")
-	user, err := object.GetUserByFields(organization, userId)
+	applicationName := c.Input().Get("application")
+
+	application, err := object.GetApplication(fmt.Sprintf("admin/%s", applicationName))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-
-	captchaEnabled := false
-	if user != nil {
-		var failedSigninLimit int
-		failedSigninLimit, _, err = object.GetFailedSigninConfigByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user.SigninWrongTimes >= failedSigninLimit {
-			captchaEnabled = true
-		}
+	if application == nil {
+		c.ResponseError("application not found")
+		return
 	}

+	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	captchaEnabled, err := object.CheckToEnableCaptcha(application, organization, userId, clientIp)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
 	c.ResponseOk(captchaEnabled)
+	return
 }

 // Callback
--- a/controllers/group_upload.go
+++ b/controllers/group_upload.go
@ -51,6 +51,6 @@ func (c *ApiController) UploadGroups() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("group_upload:Failed to import groups"))
+		c.ResponseError(c.T("general:Failed to import groups"))
 	}
 }
--- a/controllers/permission_upload.go
+++ b/controllers/permission_upload.go
@ -49,6 +49,6 @@ func (c *ApiController) UploadPermissions() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
+		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/controllers/product.go
+++ b/controllers/product.go
@ -182,7 +182,7 @@ func (c *ApiController) BuyProduct() {
 	paidUserName := c.Input().Get("userName")
 	owner, _ := util.GetOwnerAndNameFromId(id)
 	userId := util.GetId(owner, paidUserName)
-	if paidUserName != "" && !c.IsAdmin() {
+	if paidUserName != "" && paidUserName != c.GetSessionUsername() && !c.IsAdmin() {
 		c.ResponseError(c.T("general:Only admin user can specify user"))
 		return
 	}
--- a/controllers/role_upload.go
+++ b/controllers/role_upload.go
@ -49,6 +49,6 @@ func (c *ApiController) UploadRoles() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
+		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/controllers/user.go
+++ b/controllers/user.go
@ -574,7 +574,7 @@ func (c *ApiController) SetPassword() {
 	targetUser.LastChangePasswordTime = util.GetCurrentTime()

 	if user.Ldap == "" {
-		_, err = object.UpdateUser(userId, targetUser, []string{"password", "need_update_password", "password_type", "last_change_password_time"}, false)
+		_, err = object.UpdateUser(userId, targetUser, []string{"password", "password_salt", "need_update_password", "password_type", "last_change_password_time"}, false)
 	} else {
 		if isAdmin {
 			err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage())
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@ -67,6 +67,6 @@ func (c *ApiController) UploadUsers() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
+		c.ResponseError(c.T("general:Failed to import users"))
 	}
 }
--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@ -23,7 +23,7 @@ func NewArgon2idCredManager() *Argon2idCredManager {
 	return cm
 }

-func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
 	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
 	if err != nil {
 		return ""
@ -31,7 +31,7 @@ func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt strin
 	return hash
 }

-func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
 	return match
 }
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@ -9,7 +9,7 @@ func NewBcryptCredManager() *BcryptCredManager {
 	return cm
 }

-func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return ""
@ -17,7 +17,7 @@ func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string,
 	return string(bytes)
 }

-func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
 	return err == nil
 }
--- a/cred/manager.go
+++ b/cred/manager.go
@ -15,8 +15,8 @@
 package cred

 type CredManager interface {
-	GetHashedPassword(password string, userSalt string, organizationSalt string) string
-	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
+	GetHashedPassword(password string, salt string) string
+	IsPasswordCorrect(password string, passwordHash string, salt string) bool
 }

 func GetCredManager(passwordType string) CredManager {
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@ -37,14 +37,10 @@ func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
 	return cm
 }

-func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getMd5HexDigest(password)
-	if userSalt != "" {
-		res = getMd5HexDigest(res + userSalt)
-	}
-	return res
+func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
+	return getMd5HexDigest(getMd5HexDigest(password) + salt)
 }

-func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@ -28,13 +28,13 @@ func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
 	return cm
 }

-func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
 	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
-	decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
+	decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
 	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
 	return base64.StdEncoding.EncodeToString(res)
 }

-func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/pbkdf2_django.go
+++ b/cred/pbkdf2_django.go
@ -32,12 +32,8 @@ func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
 	return cm
 }

-func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
 	iterations := 260000
-	salt := userSalt
-	if salt == "" {
-		salt = organizationSalt
-	}

 	saltBytes := []byte(salt)
 	passwordBytes := []byte(password)
@ -46,7 +42,7 @@ func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt st
 	return "pbkdf2_sha256$" + strconv.Itoa(iterations) + "$" + salt + "$" + hashBase64
 }

-func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool {
+func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, _salt string) bool {
 	parts := strings.Split(passwordHash, "$")
 	if len(parts) != 4 {
 		return false
--- a/cred/plain.go
+++ b/cred/plain.go
@ -21,10 +21,10 @@ func NewPlainCredManager() *PlainCredManager {
 	return cm
 }

-func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
 	return password
 }

-func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	return hashedPwd == plainPwd
 }
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@ -37,14 +37,10 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
 	return cm
 }

-func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getSha256HexDigest(password)
-	if organizationSalt != "" {
-		res = getSha256HexDigest(res + organizationSalt)
-	}
-	return res
+func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
+	return getSha256HexDigest(getSha256HexDigest(password) + salt)
 }

-func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@ -23,12 +23,12 @@ func TestGetSaltedPassword(t *testing.T) {
 	password := "123456"
 	salt := "123"
 	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
+	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
 }

 func TestGetPassword(t *testing.T) {
 	password := "123456"
 	cm := NewSha256SaltCredManager()
 	// https://passwordsgenerator.net/sha256-hash-generator/
-	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
+	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
 }
--- a/cred/sha512-salt.go
+++ b/cred/sha512-salt.go
@ -37,14 +37,10 @@ func NewSha512SaltCredManager() *Sha512SaltCredManager {
 	return cm
 }

-func (cm *Sha512SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
-	res := getSha512HexDigest(password)
-	if organizationSalt != "" {
-		res = getSha512HexDigest(res + organizationSalt)
-	}
-	return res
+func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
+	return getSha512HexDigest(getSha512HexDigest(password) + salt)
 }

-func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/i18n/locales/ar/data.json
+++ b/i18n/locales/ar/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/cs/data.json
+++ b/i18n/locales/cs/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Nepodařilo se importovat uživatele",
    "Missing parameter": "Chybějící parametr",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Prosím, přihlaste se nejprve",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "Nové heslo nemůže obsahovat prázdné místo.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Nepodařilo se importovat uživatele"
-  },
  "util": {
    "No application is found for userId: %s": "Pro userId: %s nebyla nalezena žádná aplikace",
    "No provider for category: %s is found for application: %s": "Pro kategorii: %s nebyl nalezen žádný poskytovatel pro aplikaci: %s",
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Fehler beim Importieren von Benutzern",
    "Missing parameter": "Fehlender Parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Bitte zuerst einloggen",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Fehler beim Importieren von Benutzern"
-  },
  "util": {
    "No application is found for userId: %s": "Es wurde keine Anwendung für die Benutzer-ID gefunden: %s",
    "No provider for category: %s is found for application: %s": "Kein Anbieter für die Kategorie %s gefunden für die Anwendung: %s",
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Error al importar usuarios",
    "Missing parameter": "Parámetro faltante",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Por favor, inicia sesión primero",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Error al importar usuarios"
-  },
  "util": {
    "No application is found for userId: %s": "No se encuentra ninguna aplicación para el Id de usuario: %s",
    "No provider for category: %s is found for application: %s": "No se encuentra un proveedor para la categoría: %s para la aplicación: %s",
--- a/i18n/locales/fa/data.json
+++ b/i18n/locales/fa/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "عدم موفقیت در وارد کردن کاربران",
    "Missing parameter": "پارامتر گمشده",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "لطفاً ابتدا وارد شوید",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "رمز عبور جدید نمی‌تواند حاوی فاصله خالی باشد.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "عدم موفقیت در وارد کردن کاربران"
-  },
  "util": {
    "No application is found for userId: %s": "هیچ برنامه‌ای برای userId: %s یافت نشد",
    "No provider for category: %s is found for application: %s": "هیچ ارائه‌دهنده‌ای برای دسته‌بندی: %s برای برنامه: %s یافت نشد",
--- a/i18n/locales/fi/data.json
+++ b/i18n/locales/fi/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Échec de l'importation des utilisateurs",
    "Missing parameter": "Paramètre manquant",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Veuillez d'abord vous connecter",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Échec de l'importation des utilisateurs"
-  },
  "util": {
    "No application is found for userId: %s": "Aucune application n'a été trouvée pour l'identifiant d'utilisateur : %s",
    "No provider for category: %s is found for application: %s": "Aucun fournisseur pour la catégorie: %s n'est trouvé pour l'application: %s",
--- a/i18n/locales/he/data.json
+++ b/i18n/locales/he/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Gagal mengimpor pengguna",
    "Missing parameter": "Parameter hilang",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Silahkan login terlebih dahulu",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "Sandi baru tidak boleh mengandung spasi kosong.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Gagal mengimpor pengguna"
-  },
  "util": {
    "No application is found for userId: %s": "Tidak ditemukan aplikasi untuk userId: %s",
    "No provider for category: %s is found for application: %s": "Tidak ditemukan penyedia untuk kategori: %s untuk aplikasi: %s",
--- a/i18n/locales/it/data.json
+++ b/i18n/locales/it/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "ユーザーのインポートに失敗しました",
    "Missing parameter": "不足しているパラメーター",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "最初にログインしてください",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "ユーザーのインポートに失敗しました"
-  },
  "util": {
    "No application is found for userId: %s": "ユーザーIDに対するアプリケーションが見つかりません： %s",
    "No provider for category: %s is found for application: %s": "アプリケーション：%sのカテゴリ%sのプロバイダが見つかりません",
--- a/i18n/locales/kk/data.json
+++ b/i18n/locales/kk/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "사용자 가져오기를 실패했습니다",
    "Missing parameter": "누락된 매개변수",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "먼저 로그인 하십시오",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "사용자 가져오기를 실패했습니다"
-  },
  "util": {
    "No application is found for userId: %s": "어플리케이션을 찾을 수 없습니다. userId: %s",
    "No provider for category: %s is found for application: %s": "어플리케이션 %s에서 %s 카테고리를 위한 공급자가 찾을 수 없습니다",
--- a/i18n/locales/ms/data.json
+++ b/i18n/locales/ms/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/nl/data.json
+++ b/i18n/locales/nl/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/pl/data.json
+++ b/i18n/locales/pl/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/pt/data.json
+++ b/i18n/locales/pt/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Falha ao importar usuários",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Falha ao importar usuários"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Не удалось импортировать пользователей",
    "Missing parameter": "Отсутствующий параметр",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Пожалуйста, сначала войдите в систему",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Не удалось импортировать пользователей"
-  },
  "util": {
    "No application is found for userId: %s": "Не найдено заявки для пользователя с идентификатором: %s",
    "No provider for category: %s is found for application: %s": "Нет провайдера для категории: %s для приложения: %s",
--- a/i18n/locales/sk/data.json
+++ b/i18n/locales/sk/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Nepodarilo sa importovať používateľov",
    "Missing parameter": "Chýbajúci parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Najskôr sa prosím prihláste",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "Nové heslo nemôže obsahovať medzery.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Nepodarilo sa importovať používateľov"
-  },
  "util": {
    "No application is found for userId: %s": "Nebola nájdená žiadna aplikácia pre userId: %s",
    "No provider for category: %s is found for application: %s": "Pre aplikáciu: %s nebol nájdený žiadny poskytovateľ pre kategóriu: %s",
--- a/i18n/locales/sv/data.json
+++ b/i18n/locales/sv/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/tr/data.json
+++ b/i18n/locales/tr/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "Yeni şifreniz boşluk karakteri içeremez.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/uk/data.json
+++ b/i18n/locales/uk/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "New password cannot contain blank space.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
--- a/i18n/locales/vi/data.json
+++ b/i18n/locales/vi/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
+    "Failed to import groups": "Failed to import groups",
+    "Failed to import users": "Không thể nhập người dùng",
    "Missing parameter": "Thiếu tham số",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Vui lòng đăng nhập trước",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng.",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
-  "user_upload": {
-    "Failed to import users": "Không thể nhập người dùng"
-  },
  "util": {
    "No application is found for userId: %s": "Không tìm thấy ứng dụng cho ID người dùng: %s",
    "No provider for category: %s is found for application: %s": "Không tìm thấy nhà cung cấp cho danh mục: %s cho ứng dụng: %s",
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@ -92,6 +92,8 @@
    "the adapter: %s is not found": "适配器: %s 未找到"
  },
  "general": {
+    "Failed to import groups": "导入群组失败",
+    "Failed to import users": "导入用户失败",
    "Missing parameter": "缺少参数",
    "Only admin user can specify user": "仅管理员用户可以指定用户",
    "Please login first": "请先登录",
@ -162,9 +164,6 @@
    "New password cannot contain blank space.": "新密码不可以包含空格",
    "the user's owner and name should not be empty": "用户的组织和名称不能为空"
  },
-  "user_upload": {
-    "Failed to import users": "导入用户失败"
-  },
  "util": {
    "No application is found for userId: %s": "未找到用户: %s的应用",
    "No provider for category: %s is found for application: %s": "未找到类别为: %s的提供商来满足应用: %s",
--- a/idp/douyin.go
+++ b/idp/douyin.go
@ -190,7 +190,7 @@ func (idp *DouyinIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)

 	userInfo := UserInfo{
 		Id:          douyinUserInfo.Data.OpenId,
-		Username:    douyinUserInfo.Data.Nickname,
+		Username:    douyinUserInfo.Data.OpenId,
 		DisplayName: douyinUserInfo.Data.Nickname,
 		AvatarUrl:   douyinUserInfo.Data.Avatar,
 	}
--- a/main.go
+++ b/main.go
@ -45,6 +45,7 @@ func main() {
 	object.InitUserManager()
 	object.InitFromFile()
 	object.InitCasvisorConfig()
+	object.InitCleanupTokens()

 	util.SafeGoroutine(func() { object.RunSyncUsersJob() })
 	util.SafeGoroutine(func() { controllers.InitCLIDownloader() })
--- a/object/check.go
+++ b/object/check.go
@ -252,12 +252,12 @@ func CheckPassword(user *User, password string, lang string, options ...bool) er
 	credManager := cred.GetCredManager(passwordType)
 	if credManager != nil {
 		if organization.MasterPassword != "" {
-			if password == organization.MasterPassword || credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
+			if password == organization.MasterPassword || credManager.IsPasswordCorrect(password, organization.MasterPassword, organization.PasswordSalt) {
 				return resetUserSigninErrorTimes(user)
 			}
 		}

-		if credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt, organization.PasswordSalt) {
+		if credManager.IsPasswordCorrect(password, user.Password, organization.PasswordSalt) || credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt) {
 			return resetUserSigninErrorTimes(user)
 		}

@ -593,31 +593,41 @@ func CheckUpdateUser(oldUser, user *User, lang string) string {
 	return ""
 }

-func CheckToEnableCaptcha(application *Application, organization, username string) (bool, error) {
+func CheckToEnableCaptcha(application *Application, organization, username string, clientIp string) (bool, error) {
 	if len(application.Providers) == 0 {
 		return false, nil
 	}

 	for _, providerItem := range application.Providers {
-		if providerItem.Provider == nil {
+		if providerItem.Provider == nil || providerItem.Provider.Category != "Captcha" {
 			continue
 		}
-		if providerItem.Provider.Category == "Captcha" {
-			if providerItem.Rule == "Dynamic" {
-				user, err := GetUserByFields(organization, username)
+
+		if providerItem.Rule == "Internet-Only" {
+			if util.IsInternetIp(clientIp) {
+				return true, nil
+			}
+		}
+
+		if providerItem.Rule == "Dynamic" {
+			user, err := GetUserByFields(organization, username)
+			if err != nil {
+				return false, err
+			}
+
+			if user != nil {
+				failedSigninLimit, _, err := GetFailedSigninConfigByUser(user)
 				if err != nil {
 					return false, err
 				}

-				failedSigninLimit := application.FailedSigninLimit
-				if failedSigninLimit == 0 {
-					failedSigninLimit = DefaultFailedSigninLimit
-				}
-
-				return user != nil && user.SigninWrongTimes >= failedSigninLimit, nil
+				return user.SigninWrongTimes >= failedSigninLimit, nil
 			}
-			return providerItem.Rule == "Always", nil
+
+			return false, nil
 		}
+
+		return providerItem.Rule == "Always", nil
 	}

 	return false, nil
--- a/object/init_data_dump_test.go
+++ b/object/init_data_dump_test.go
@ -20,6 +20,7 @@ package object
 import "testing"

 func TestDumpToFile(t *testing.T) {
+	createDatabase = false
 	InitConfig()

 	err := DumpToFile("./init_data_dump.json")
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@ -260,15 +260,15 @@ func AutoAdjustLdapUser(users []LdapUser) []LdapUser {
 	res := make([]LdapUser, len(users))
 	for i, user := range users {
 		res[i] = LdapUser{
-			UidNumber:         user.UidNumber,
-			Uid:               user.Uid,
-			Cn:                user.Cn,
-			GroupId:           user.GidNumber,
-			Uuid:              user.GetLdapUuid(),
-			DisplayName:       user.DisplayName,
-			Email:             util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
-			Mobile:            util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
-			RegisteredAddress: util.ReturnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
+			UidNumber:   user.UidNumber,
+			Uid:         user.Uid,
+			Cn:          user.Cn,
+			GroupId:     user.GidNumber,
+			Uuid:        user.GetLdapUuid(),
+			DisplayName: user.DisplayName,
+			Email:       util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
+			Mobile:      util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
+			Address:     util.ReturnAnyNotEmpty(user.Address, user.PostalAddress, user.RegisteredAddress),
 		}
 	}
 	return res
--- a/object/organization.go
+++ b/object/organization.go
@ -222,7 +222,7 @@ func UpdateOrganization(id string, organization *Organization, isGlobalAdmin boo
 	if organization.MasterPassword != "" && organization.MasterPassword != "***" {
 		credManager := cred.GetCredManager(organization.PasswordType)
 		if credManager != nil {
-			hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, "", organization.PasswordSalt)
+			hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, organization.PasswordSalt)
 			organization.MasterPassword = hashedPassword
 		}
 	}
@ -536,7 +536,13 @@ func IsNeedPromptMfa(org *Organization, user *User) bool {
 	if org == nil || user == nil {
 		return false
 	}
-	for _, item := range org.MfaItems {
+
+	mfaItems := org.MfaItems
+
+	if len(user.MfaItems) > 0 {
+		mfaItems = user.MfaItems
+	}
+	for _, item := range mfaItems {
 		if item.Rule == "Required" {
 			if item.Name == EmailType && !user.MfaEmailEnabled {
 				return true
--- a/object/product.go
+++ b/object/product.go
@ -42,6 +42,7 @@ type Product struct {
 	IsRecharge  bool     `json:"isRecharge"`
 	Providers   []string `xorm:"varchar(255)" json:"providers"`
 	ReturnUrl   string   `xorm:"varchar(1000)" json:"returnUrl"`
+	SuccessUrl  string   `xorm:"varchar(1000)" json:"successUrl"`

 	State string `xorm:"varchar(100)" json:"state"`

@ -213,6 +214,10 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 			returnUrl = fmt.Sprintf("%s/buy-plan/%s/%s/result?subscription=%s", originFrontend, owner, pricingName, sub.Name)
 		}
 	}
+
+	if product.SuccessUrl != "" {
+		returnUrl = fmt.Sprintf("%s?transactionOwner=%s&transactionName=%s", product.SuccessUrl, owner, paymentName)
+	}
 	// Create an order
 	payReq := &pp.PayReq{
 		ProviderName:       providerName,
--- a/object/token_cleanup.go
+++ b/object/token_cleanup.go
@ -0,0 +1,93 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/robfig/cron/v3"
+)
+
+func CleanupTokens(tokenRetentionIntervalAfterExpiry int) error {
+	var sessions []*Token
+	err := ormer.Engine.Find(&sessions)
+	if err != nil {
+		return fmt.Errorf("failed to query expired tokens: %w", err)
+	}
+
+	currentTime := time.Now()
+	deletedCount := 0
+
+	for _, session := range sessions {
+		tokenString := session.AccessToken
+		token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
+		if err != nil {
+			fmt.Printf("Failed to parse token %s: %v\n", session.Name, err)
+			continue
+		}
+
+		if claims, ok := token.Claims.(jwt.MapClaims); ok {
+			exp, ok := claims["exp"].(float64)
+			if !ok {
+				fmt.Printf("Token %s does not have an 'exp' claim\n", session.Name)
+				continue
+			}
+			expireTime := time.Unix(int64(exp), 0)
+			tokenAfterExpiry := currentTime.Sub(expireTime).Seconds()
+			if tokenAfterExpiry > float64(tokenRetentionIntervalAfterExpiry) {
+				_, err = ormer.Engine.Delete(session)
+				if err != nil {
+					return fmt.Errorf("failed to delete expired token %s: %w", session.Name, err)
+				}
+				fmt.Printf("[%d] Deleted expired token: %s | Created: %s | Org: %s | App: %s | User: %s\n",
+					deletedCount, session.Name, session.CreatedTime, session.Organization, session.Application, session.User)
+				deletedCount++
+			}
+		} else {
+			fmt.Printf("Token %s is not valid\n", session.Name)
+		}
+	}
+	return nil
+}
+
+func getTokenRetentionInterval(days int) int {
+	if days <= 0 {
+		days = 30
+	}
+	return days * 24 * 3600
+}
+
+func InitCleanupTokens() {
+	schedule := "0 0 * * *"
+	interval := getTokenRetentionInterval(30)
+
+	if err := CleanupTokens(interval); err != nil {
+		fmt.Printf("Error cleaning up tokens at startup: %v\n", err)
+	}
+
+	cronJob := cron.New()
+	_, err := cronJob.AddFunc(schedule, func() {
+		if err := CleanupTokens(interval); err != nil {
+			fmt.Printf("Error cleaning up tokens: %v\n", err)
+		}
+	})
+	if err != nil {
+		fmt.Printf("Error scheduling token cleanup: %v\n", err)
+		return
+	}
+	cronJob.Start()
+}
--- a/object/user.go
+++ b/object/user.go
@ -212,6 +212,7 @@ type User struct {

 	ManagedAccounts    []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
 	MfaAccounts        []MfaAccount     `xorm:"mfaAccounts blob" json:"mfaAccounts"`
+	MfaItems           []*MfaItem       `xorm:"varchar(300)" json:"mfaItems"`
 	NeedUpdatePassword bool             `json:"needUpdatePassword"`
 	IpWhitelist        string           `xorm:"varchar(200)" json:"ipWhitelist"`
 }
@ -795,7 +796,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		}
 	}
 	if isAdmin {
-		columns = append(columns, "name", "id", "email", "phone", "country_code", "type", "balance")
+		columns = append(columns, "name", "id", "email", "phone", "country_code", "type", "balance", "mfa_items")
 	}

 	columns = append(columns, "updated_time")
--- a/object/user_cred.go
+++ b/object/user_cred.go
@ -42,8 +42,9 @@ func (user *User) UpdateUserHash() error {
 func (user *User) UpdateUserPassword(organization *Organization) {
 	credManager := cred.GetCredManager(organization.PasswordType)
 	if credManager != nil {
-		hashedPassword := credManager.GetHashedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
+		hashedPassword := credManager.GetHashedPassword(user.Password, organization.PasswordSalt)
 		user.Password = hashedPassword
 		user.PasswordType = organization.PasswordType
+		user.PasswordSalt = organization.PasswordSalt
 	}
 }
--- a/routers/base.go
+++ b/routers/base.go
@ -185,17 +185,3 @@ func removePort(s string) string {
 	}
 	return ipStr
 }
-
-func isHostIntranet(s string) bool {
-	ipStr, _, err := net.SplitHostPort(s)
-	if err != nil {
-		ipStr = s
-	}
-
-	ip := net.ParseIP(ipStr)
-	if ip == nil {
-		return false
-	}
-
-	return ip.IsPrivate() || ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast()
-}
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@ -83,7 +83,7 @@ func CorsFilter(ctx *context.Context) {
 			setCorsHeaders(ctx, origin)
 		} else if originHostname == host {
 			setCorsHeaders(ctx, origin)
-		} else if isHostIntranet(host) {
+		} else if util.IsHostIntranet(host) {
 			setCorsHeaders(ctx, origin)
 		} else {
 			ok, err := object.IsOriginAllowed(origin)
--- a/routers/field_validation_filter.go
+++ b/routers/field_validation_filter.go
@ -23,7 +23,7 @@ import (
 	"github.com/beego/beego/context"
 )

-var forbiddenChars = `/?:@#&%=+;`
+var forbiddenChars = `/?:#&%=+;`

 func FieldValidationFilter(ctx *context.Context) {
 	if ctx.Input.Method() != "POST" {
--- a/util/network.go
+++ b/util/network.go
@ -0,0 +1,47 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"net"
+)
+
+func IsInternetIp(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return !parsedIP.IsPrivate() && !parsedIP.IsLoopback() && !parsedIP.IsMulticast() && !parsedIP.IsUnspecified()
+}
+
+func IsHostIntranet(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return parsedIP.IsPrivate() || parsedIP.IsLoopback() || parsedIP.IsLinkLocalUnicast() || parsedIP.IsLinkLocalMulticast()
+}
--- a/web/src/ProductEditPage.js
+++ b/web/src/ProductEditPage.js
@ -288,6 +288,16 @@ class ProductEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("product:Success URL"), i18next.t("product:Success URL - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={this.state.product.successUrl} onChange={e => {
+              this.updateProductField("successUrl", e.target.value);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:State"), i18next.t("general:State - Tooltip"))} :
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@ -696,18 +696,27 @@ export const MfaRulePrompted = "Prompted";
 export const MfaRuleOptional = "Optional";

 export function isRequiredEnableMfa(user, organization) {
-  if (!user || !organization || !organization.mfaItems) {
+  if (!user || !organization || (!organization.mfaItems && !user.mfaItems)) {
    return false;
  }
  return getMfaItemsByRules(user, organization, [MfaRuleRequired]).length > 0;
 }

 export function getMfaItemsByRules(user, organization, mfaRules = []) {
-  if (!user || !organization || !organization.mfaItems) {
+  if (!user || !organization || (!organization.mfaItems && !user.mfaItems)) {
    return [];
  }

-  return organization.mfaItems.filter((mfaItem) => mfaRules.includes(mfaItem.rule))
+  let mfaItems = organization.mfaItems;
+  if (user.mfaItems && user.mfaItems.length !== 0) {
+    mfaItems = user.mfaItems;
+  }
+
+  if (mfaItems === null) {
+    return [];
+  }
+
+  return mfaItems.filter((mfaItem) => mfaRules.includes(mfaItem.rule))
    .filter((mfaItem) => user.multiFactorAuths.some((mfa) => mfa.mfaType === mfaItem.name && !mfa.enabled));
 }

--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -42,6 +42,7 @@ import * as MfaBackend from "./backend/MfaBackend";
 import AccountAvatar from "./account/AccountAvatar";
 import FaceIdTable from "./table/FaceIdTable";
 import MfaAccountTable from "./table/MfaAccountTable";
+import MfaTable from "./table/MfaTable";

 const {Option} = Select;

@ -926,6 +927,19 @@ class UserEditPage extends React.Component {
          </Col>
        </Row>
      );
+    } else if (accountItem.name === "MFA items") {
+      return (<Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("general:MFA items"), i18next.t("general:MFA items - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <MfaTable
+            title={i18next.t("general:MFA items")}
+            table={this.state.user.mfaItems ?? []}
+            onUpdateTable={(value) => {this.updateUserField("mfaItems", value);}}
+          />
+        </Col>
+      </Row>);
    } else if (accountItem.name === "Multi-factor authentication") {
      return (
        !this.isSelfOrAdmin() ? null : (
--- a/web/src/auth/AuthBackend.js
+++ b/web/src/auth/AuthBackend.js
@ -163,7 +163,7 @@ export function getWechatQRCode(providerId) {
 }

 export function getCaptchaStatus(values) {
-  return fetch(`${Setting.ServerUrl}/api/get-captcha-status?organization=${values["organization"]}&userId=${values["username"]}`, {
+  return fetch(`${Setting.ServerUrl}/api/get-captcha-status?organization=${values["organization"]}&userId=${values["username"]}&application=${values["application"]}`, {
    method: "GET",
    credentials: "include",
    headers: {
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@ -166,7 +166,7 @@ class AuthCallback extends React.Component {
          const responseType = this.getResponseType();
          const handleLogin = (res) => {
            if (responseType === "login") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", signinUrl);
                Setting.goToLinkSoft(this, `/forget/${applicationName}`);
                return;
@ -176,7 +176,7 @@ class AuthCallback extends React.Component {
              const link = Setting.getFromLink();
              Setting.goToLink(link);
            } else if (responseType === "code") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", signinUrl);
                Setting.goToLinkSoft(this, `/forget/${applicationName}`);
                return;
@ -185,7 +185,7 @@ class AuthCallback extends React.Component {
              Setting.goToLink(`${oAuthParams.redirectUri}${concatChar}code=${code}&state=${oAuthParams.state}`);
            // Setting.showMessage("success", `Authorization code: ${res.data}`);
            } else if (responseType === "token" || responseType === "id_token") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", signinUrl);
                Setting.goToLinkSoft(this, `/forget/${applicationName}`);
                return;
@ -207,7 +207,7 @@ class AuthCallback extends React.Component {
                  relayState: oAuthParams.relayState,
                });
              } else {
-                if (res.data2.needUpdatePassword) {
+                if (res.data3) {
                  sessionStorage.setItem("signinUrl", signinUrl);
                  Setting.goToLinkSoft(this, `/forget/${applicationName}`);
                  return;
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Col, Form, Input, Row, Select, Steps} from "antd";
+import {Button, Col, Form, Input, Popover, Row, Select, Steps} from "antd";
 import * as AuthBackend from "./AuthBackend";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as Util from "./Util";
@ -385,30 +385,48 @@ class ForgetPage extends React.Component {
                },
              ]}
            />
-            <Form.Item
-              name="newPassword"
-              hidden={this.state.current !== 2}
-              rules={[
-                {
-                  required: true,
-                  validateTrigger: "onChange",
-                  validator: (rule, value) => {
-                    const errorMsg = PasswordChecker.checkPasswordComplexity(value, application.organizationObj.passwordOptions);
-                    if (errorMsg === "") {
-                      return Promise.resolve();
-                    } else {
-                      return Promise.reject(errorMsg);
-                    }
+            <Popover placement="right" content={this.state.passwordPopover} open={this.state.passwordPopoverOpen}>
+              <Form.Item
+                name="newPassword"
+                hidden={this.state.current !== 2}
+                rules={[
+                  {
+                    required: true,
+                    validateTrigger: "onChange",
+                    validator: (rule, value) => {
+                      const errorMsg = PasswordChecker.checkPasswordComplexity(value, application.organizationObj.passwordOptions);
+                      if (errorMsg === "") {
+                        return Promise.resolve();
+                      } else {
+                        return Promise.reject(errorMsg);
+                      }
+                    },
                  },
-                },
-              ]}
-              hasFeedback
-            >
-              <Input.Password
-                prefix={<LockOutlined />}
-                placeholder={i18next.t("general:Password")}
-              />
-            </Form.Item>
+                ]}
+                hasFeedback
+              >
+                <Input.Password
+                  prefix={<LockOutlined />}
+                  placeholder={i18next.t("general:Password")}
+                  onChange={(e) => {
+                    this.setState({
+                      passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, e.target.value),
+                    });
+                  }}
+                  onFocus={() => {
+                    this.setState({
+                      passwordPopoverOpen: true,
+                      passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, this.form.current?.getFieldValue("newPassword") ?? ""),
+                    });
+                  }}
+                  onBlur={() => {
+                    this.setState({
+                      passwordPopoverOpen: false,
+                    });
+                  }}
+                />
+              </Form.Item>
+            </Popover>
            <Form.Item
              name="confirm"
              dependencies={["newPassword"]}
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -134,6 +134,8 @@ class LoginPage extends React.Component {
        return CaptchaRule.Always;
      } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Dynamic")) {
        return CaptchaRule.Dynamic;
+      } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Internet-Only")) {
+        return CaptchaRule.InternetOnly;
      } else {
        return CaptchaRule.Never;
      }
@ -443,6 +445,9 @@ class LoginPage extends React.Component {
      } else if (captchaRule === CaptchaRule.Dynamic) {
        this.checkCaptchaStatus(values);
        return;
+      } else if (captchaRule === CaptchaRule.InternetOnly) {
+        this.checkCaptchaStatus(values);
+        return;
      }
    }
    this.login(values);
@ -491,9 +496,9 @@ class LoginPage extends React.Component {
            const responseType = values["type"];

            if (responseType === "login") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
-                Setting.goToLink(this, `/forget/${this.state.applicationName}`);
+                Setting.goToLinkSoft(this, `/forget/${this.state.applicationName}`);
              }
              Setting.showMessage("success", i18next.t("application:Logged in successfully"));
              this.props.onLoginSuccess();
@ -505,9 +510,9 @@ class LoginPage extends React.Component {
                userCodeStatus: "success",
              });
            } else if (responseType === "token" || responseType === "id_token") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
-                Setting.goToLink(this, `/forget/${this.state.applicationName}`);
+                Setting.goToLinkSoft(this, `/forget/${this.state.applicationName}`);
              }
              const amendatoryResponseType = responseType === "token" ? "access_token" : responseType;
              const accessToken = res.data;
@ -517,9 +522,9 @@ class LoginPage extends React.Component {
                this.props.onLoginSuccess(window.location.href);
                return;
              }
-              if (res.data2.needUpdatePassword) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
-                Setting.goToLink(this, `/forget/${this.state.applicationName}`);
+                Setting.goToLinkSoft(this, `/forget/${this.state.applicationName}`);
              }
              if (res.data2.method === "POST") {
                this.setState({
@ -961,9 +966,23 @@ class LoginPage extends React.Component {
    const captchaProviderItems = this.getCaptchaProviderItems(application);
    const alwaysProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Always");
    const dynamicProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Dynamic");
-    const provider = alwaysProviderItems.length > 0
-      ? alwaysProviderItems[0].provider
-      : dynamicProviderItems[0].provider;
+    const internetOnlyProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Internet-Only");
+
+    // Select provider based on the active captcha rule, not fixed priority
+    const captchaRule = this.getCaptchaRule(this.getApplicationObj());
+    let provider = null;
+
+    if (captchaRule === CaptchaRule.Always && alwaysProviderItems.length > 0) {
+      provider = alwaysProviderItems[0].provider;
+    } else if (captchaRule === CaptchaRule.Dynamic && dynamicProviderItems.length > 0) {
+      provider = dynamicProviderItems[0].provider;
+    } else if (captchaRule === CaptchaRule.InternetOnly && internetOnlyProviderItems.length > 0) {
+      provider = internetOnlyProviderItems[0].provider;
+    }
+
+    if (!provider) {
+      return null;
+    }

    return <CaptchaModal
      owner={provider.owner}
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@ -278,7 +278,7 @@ const authInfo = {
    endpoint: "https://www.tiktok.com/auth/authorize/",
  },
  Tumblr: {
-    scope: "email",
+    scope: "basic",
    endpoint: "https://www.tumblr.com/oauth2/authorize",
  },
  Twitch: {
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Form, Input, Radio, Result, Row, Select, message} from "antd";
+import {Button, Form, Input, Popover, Radio, Result, Row, Select, message} from "antd";
 import * as Setting from "../Setting";
 import * as AuthBackend from "./AuthBackend";
 import * as ProviderButton from "./ProviderButton";
@ -607,28 +607,45 @@ class SignupPage extends React.Component {
      }
    } else if (signupItem.name === "Password") {
      return (
-        <Form.Item
-          name="password"
-          className="signup-password"
-          label={signupItem.label ? signupItem.label : i18next.t("general:Password")}
-          rules={[
-            {
-              required: required,
-              validateTrigger: "onChange",
-              validator: (rule, value) => {
-                const errorMsg = PasswordChecker.checkPasswordComplexity(value, application.organizationObj.passwordOptions);
-                if (errorMsg === "") {
-                  return Promise.resolve();
-                } else {
-                  return Promise.reject(errorMsg);
-                }
+        <Popover placement="right" content={this.state.passwordPopover} open={this.state.passwordPopoverOpen}>
+          <Form.Item
+            name="password"
+            className="signup-password"
+            label={signupItem.label ? signupItem.label : i18next.t("general:Password")}
+            rules={[
+              {
+                required: required,
+                validateTrigger: "onChange",
+                validator: (rule, value) => {
+                  const errorMsg = PasswordChecker.checkPasswordComplexity(value, application.organizationObj.passwordOptions);
+                  if (errorMsg === "") {
+                    return Promise.resolve();
+                  } else {
+                    return Promise.reject(errorMsg);
+                  }
+                },
              },
-            },
-          ]}
-          hasFeedback
-        >
-          <Input.Password className="signup-password-input" placeholder={signupItem.placeholder} />
-        </Form.Item>
+            ]}
+            hasFeedback
+          >
+            <Input.Password className="signup-password-input" placeholder={signupItem.placeholder} onChange={(e) => {
+              this.setState({
+                passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, e.target.value),
+              });
+            }}
+            onFocus={() => {
+              this.setState({
+                passwordPopoverOpen: true,
+                passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, this.form.current?.getFieldValue("password") ?? ""),
+              });
+            }}
+            onBlur={() => {
+              this.setState({
+                passwordPopoverOpen: false,
+              });
+            }} />
+          </Form.Item>
+        </Popover>
      );
    } else if (signupItem.name === "Confirm password") {
      return (
--- a/web/src/auth/mfa/MfaVerifyTotpForm.js
+++ b/web/src/auth/mfa/MfaVerifyTotpForm.js
@ -1,4 +1,4 @@
-import {CopyOutlined, UserOutlined} from "@ant-design/icons";
+import {CopyOutlined} from "@ant-design/icons";
 import {Button, Col, Form, Input, QRCode, Space} from "antd";
 import copy from "copy-to-clipboard";
 import i18next from "i18next";
@ -47,11 +47,11 @@ export const MfaVerifyTotpForm = ({mfaProps, onFinish}) => {
        name="passcode"
        rules={[{required: true, message: "Please input your passcode"}]}
      >
-        <Input
+        <Input.OTP
          style={{marginTop: 24}}
-          prefix={<UserOutlined />}
-          placeholder={i18next.t("mfa:Passcode")}
-          autoComplete="off"
+          onChange={() => {
+            form.submit();
+          }}
        />
      </Form.Item>
      <Form.Item>
--- a/web/src/common/PasswordChecker.js
+++ b/web/src/common/PasswordChecker.js
@ -13,6 +13,8 @@
 // limitations under the License.

 import i18next from "i18next";
+import React from "react";
+import {CheckCircleTwoTone, CloseCircleTwoTone} from "@ant-design/icons";

 function isValidOption_AtLeast6(password) {
  if (password.length < 6) {
@ -52,6 +54,33 @@ function isValidOption_NoRepeat(password) {
  return "";
 }

+const checkers = {
+  AtLeast6: isValidOption_AtLeast6,
+  AtLeast8: isValidOption_AtLeast8,
+  Aa123: isValidOption_Aa123,
+  SpecialChar: isValidOption_SpecialChar,
+  NoRepeat: isValidOption_NoRepeat,
+};
+
+function getOptionDescription(option, password) {
+  switch (option) {
+  case "AtLeast6": return i18next.t("user:The password must have at least 6 characters");
+  case "AtLeast8": return i18next.t("user:The password must have at least 8 characters");
+  case "Aa123": return i18next.t("user:The password must contain at least one uppercase letter, one lowercase letter and one digit");
+  case "SpecialChar": return i18next.t("user:The password must contain at least one special character");
+  case "NoRepeat": return i18next.t("user:The password must not contain any repeated characters");
+  }
+}
+
+export function renderPasswordPopover(options, password) {
+  return <div style={{width: 240}} >
+    {options.map((option, idx) => {
+      return <div key={idx}>{checkers[option](password) === "" ? <CheckCircleTwoTone twoToneColor={"#52c41a"} /> :
+        <CloseCircleTwoTone twoToneColor={"#ff4d4f"} />} {getOptionDescription(option, password)}</div>;
+    })}
+  </div>;
+}
+
 export function checkPasswordComplexity(password, options) {
  if (password.length === 0) {
    return i18next.t("login:Please input your password!");
@ -61,14 +90,6 @@ export function checkPasswordComplexity(password, options) {
    return "";
  }

-  const checkers = {
-    AtLeast6: isValidOption_AtLeast6,
-    AtLeast8: isValidOption_AtLeast8,
-    Aa123: isValidOption_Aa123,
-    SpecialChar: isValidOption_SpecialChar,
-    NoRepeat: isValidOption_NoRepeat,
-  };
-
  for (const option of options) {
    const checkerFunc = checkers[option];
    if (checkerFunc) {
--- a/web/src/common/modal/CaptchaModal.js
+++ b/web/src/common/modal/CaptchaModal.js
@ -181,4 +181,5 @@ export const CaptchaRule = {
  Always: "Always",
  Never: "Never",
  Dynamic: "Dynamic",
+  InternetOnly: "Internet-Only",
 };
--- a/web/src/common/modal/PasswordModal.js
+++ b/web/src/common/modal/PasswordModal.js
@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-import {Button, Col, Input, Modal, Row} from "antd";
+import {Button, Col, Input, Modal, Popover, Row} from "antd";
 import i18next from "i18next";
 import React from "react";
 import * as UserBackend from "../../backend/UserBackend";
@ -35,6 +35,8 @@ export const PasswordModal = (props) => {
  const [rePasswordValid, setRePasswordValid] = React.useState(false);
  const [newPasswordErrorMessage, setNewPasswordErrorMessage] = React.useState("");
  const [rePasswordErrorMessage, setRePasswordErrorMessage] = React.useState("");
+  const [passwordPopoverOpen, setPasswordPopoverOpen] = React.useState(false);
+  const [passwordPopover, setPasswordPopover] = React.useState();

  React.useEffect(() => {
    if (organization) {
@ -130,12 +132,26 @@ export const PasswordModal = (props) => {
            </Row>
          ) : null}
          <Row style={{width: "100%", marginBottom: "20px"}}>
-            <Input.Password
-              addonBefore={i18next.t("user:New Password")}
-              placeholder={i18next.t("user:input password")}
-              onChange={(e) => {handleNewPassword(e.target.value);}}
-              status={(!newPasswordValid && newPasswordErrorMessage) ? "error" : undefined}
-            />
+            <Popover placement="right" content={passwordPopover} open={passwordPopoverOpen}>
+              <Input.Password
+                addonBefore={i18next.t("user:New Password")}
+                placeholder={i18next.t("user:input password")}
+                onChange={(e) => {
+                  handleNewPassword(e.target.value);
+                  setPasswordPopoverOpen(true);
+                  setPasswordPopover(PasswordChecker.renderPasswordPopover(passwordOptions, e.target.value));
+
+                }}
+                onFocus={() => {
+                  setPasswordPopoverOpen(true);
+                  setPasswordPopover(PasswordChecker.renderPasswordPopover(passwordOptions, newPassword));
+                }}
+                onBlur={() => {
+                  setPasswordPopoverOpen(false);
+                }}
+                status={(!newPasswordValid && newPasswordErrorMessage) ? "error" : undefined}
+              />
+            </Popover>
          </Row>
          {!newPasswordValid && newPasswordErrorMessage && <div style={{color: "red", marginTop: "-20px"}}>{newPasswordErrorMessage}</div>}
          <Row style={{width: "100%", marginBottom: "20px"}}>
--- a/web/src/locales/ar/data.json
+++ b/web/src/locales/ar/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/cs/data.json
+++ b/web/src/locales/cs/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Přizpůsobit hlavičku vstupní stránky vaší aplikace",
    "Incremental": "Inkrementální",
    "Input": "Vstup",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Kód pozvánky",
    "Left": "Vlevo",
    "Logged in successfully": "Úspěšně přihlášen",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Nadřazená skupina - Tooltip",
    "Physical": "Fyzická",
    "Show all": "Zobrazit vše",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtuální",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Prodáno",
    "Sold - Tooltip": "Prodávané množství",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Štítek produktu",
    "Test buy page..": "Testovací stránka nákupu..",
    "There is no payment channel for this product.": "Pro tento produkt neexistuje žádný platební kanál.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Název hostitele",
    "IdP": "IdP",
    "IdP certificate": "Certifikát IdP",
-    "Intelligent Validation": "Inteligentní validace",
    "Internal": "Interní",
    "Issuer URL": "URL vydavatele",
    "Issuer URL - Tooltip": "URL vydavatele",
@ -946,7 +950,6 @@
    "Silent": "Tiché",
    "Site key": "Klíč stránky",
    "Site key - Tooltip": "Nápověda ke klíči stránky",
-    "Sliding Validation": "Posuvné ověření",
    "Sub type": "Podtyp",
    "Sub type - Tooltip": "Nápověda k podtypu",
    "Subject": "Subject",
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Links",
    "Logged in successfully": "Erfolgreich eingeloggt",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Verkauft",
    "Sold - Tooltip": "Menge verkauft",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag des Produkts",
    "Test buy page..": "Testkaufseite.",
    "There is no payment channel for this product.": "Es gibt keinen Zahlungskanal für dieses Produkt.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name des Hosts",
    "IdP": "IdP",
    "IdP certificate": "IdP-Zertifikat",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer-URL",
    "Issuer URL - Tooltip": "Emittenten-URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site-Key",
    "Site key - Tooltip": "Seitenschlüssel",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Untertyp",
    "Sub type - Tooltip": "Unterart",
    "Subject": "Subject",
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Izquierda",
    "Logged in successfully": "Acceso satisfactorio",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Vendido",
    "Sold - Tooltip": "Cantidad vendida",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Etiqueta de producto",
    "Test buy page..": "Página de compra de prueba.",
    "There is no payment channel for this product.": "No hay canal de pago para este producto.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Nombre del anfitrión",
    "IdP": "IdP = Proveedor de Identidad",
    "IdP certificate": "Certificado de proveedor de identidad (IdP)",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "URL del emisor",
    "Issuer URL - Tooltip": "URL del emisor",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Clave del sitio",
    "Site key - Tooltip": "Clave del sitio",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Subtipo",
    "Sub type - Tooltip": "Subtipo",
    "Subject": "Subject",
--- a/web/src/locales/fa/data.json
+++ b/web/src/locales/fa/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "کد head صفحه ورود برنامه خود را سفارشی کنید",
    "Incremental": "افزایشی",
    "Input": "ورودی",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "کد دعوت",
    "Left": "چپ",
    "Logged in successfully": "با موفقیت وارد شدید",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "گروه والد - راهنمای ابزار",
    "Physical": "فیزیکی",
    "Show all": "نمایش همه",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "مجازی",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "فروخته شده",
    "Sold - Tooltip": "تعداد فروخته شده",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "برچسب محصول",
    "Test buy page..": "صفحه تست خرید..",
    "There is no payment channel for this product.": "برای این محصول کانال پرداختی وجود ندارد.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "نام میزبان",
    "IdP": "IdP",
    "IdP certificate": "گواهی IdP",
-    "Intelligent Validation": "اعتبارسنجی هوشمند",
    "Internal": "داخلی",
    "Issuer URL": "آدرس صادرکننده",
    "Issuer URL - Tooltip": "آدرس صادرکننده",
@ -946,7 +950,6 @@
    "Silent": "بی‌صدا",
    "Site key": "کلید سایت",
    "Site key - Tooltip": "کلید سایت",
-    "Sliding Validation": "اعتبارسنجی کشویی",
    "Sub type": "زیرنوع",
    "Sub type - Tooltip": "زیرنوع",
    "Subject": "Subject",
--- a/web/src/locales/fi/data.json
+++ b/web/src/locales/fi/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incrémentale",
    "Input": "Saisie",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Code d'invitation",
    "Left": "Gauche",
    "Logged in successfully": "Connexion réussie",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Groupe parent - Infobulle",
    "Physical": "Physique",
    "Show all": "Tout afficher",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtuel",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Vendu",
    "Sold - Tooltip": "Quantité vendue",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Étiquette de produit",
    "Test buy page..": "Page d'achat de test.",
    "There is no payment channel for this product.": "Il n'y a aucun canal de paiement pour ce produit.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Nom d'hôte",
    "IdP": "IdP (Identité Fournisseur)",
    "IdP certificate": "Certificat IdP",
-    "Intelligent Validation": "Validation intelligente",
    "Internal": "Interne",
    "Issuer URL": "URL de l'émetteur",
    "Issuer URL - Tooltip": "URL de l'émetteur",
@ -946,7 +950,6 @@
    "Silent": "Silencieux",
    "Site key": "Clé de site",
    "Site key - Tooltip": "Clé de site",
-    "Sliding Validation": "Validation glissante",
    "Sub type": "Sous-type",
    "Sub type - Tooltip": "Sous-type",
    "Subject": "Subject",
--- a/web/src/locales/he/data.json
+++ b/web/src/locales/he/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/id/data.json
+++ b/web/src/locales/id/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Kiri",
    "Logged in successfully": "Berhasil masuk",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Terjual",
    "Sold - Tooltip": "Jumlah terjual",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag produk",
    "Test buy page..": "Halaman pembelian uji coba.",
    "There is no payment channel for this product.": "Tidak ada saluran pembayaran untuk produk ini.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Nama tuan rumah",
    "IdP": "IdP",
    "IdP certificate": "Sertifikat IdP",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "URL penerbit",
    "Issuer URL - Tooltip": "URL Penerbit",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Kunci situs",
    "Site key - Tooltip": "Kunci situs atau kunci halaman web",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub jenis",
    "Sub type - Tooltip": "Sub jenis",
    "Subject": "Subject",
--- a/web/src/locales/it/data.json
+++ b/web/src/locales/it/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "左",
    "Logged in successfully": "正常にログインしました",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "売れました",
    "Sold - Tooltip": "販売数量",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "製品のタグ",
    "Test buy page..": "テスト購入ページ。",
    "There is no payment channel for this product.": "この製品には支払いチャネルがありません。",
@ -860,7 +865,6 @@
    "Host - Tooltip": "ホストの名前",
    "IdP": "IdP",
    "IdP certificate": "IdP証明書",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "発行者のURL",
    "Issuer URL - Tooltip": "発行者URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "サイトキー",
    "Site key - Tooltip": "サイトキー",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "サブタイプ",
    "Sub type - Tooltip": "サブタイプ",
    "Subject": "Subject",
--- a/web/src/locales/kk/data.json
+++ b/web/src/locales/kk/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "왼쪽",
    "Logged in successfully": "성공적으로 로그인했습니다",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "팔렸습니다",
    "Sold - Tooltip": "판매량",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "제품 태그",
    "Test buy page..": "시험 구매 페이지.",
    "There is no payment channel for this product.": "이 제품에 대한 결제 채널이 없습니다.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "호스트의 이름",
    "IdP": "IdP",
    "IdP certificate": "IdP 인증서",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "발행자 URL",
    "Issuer URL - Tooltip": "발급자 URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "사이트 키",
    "Site key - Tooltip": "사이트 키",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "하위 유형",
    "Sub type - Tooltip": "서브 타입",
    "Subject": "Subject",
--- a/web/src/locales/ms/data.json
+++ b/web/src/locales/ms/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/nl/data.json
+++ b/web/src/locales/nl/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/pl/data.json
+++ b/web/src/locales/pl/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/pt/data.json
+++ b/web/src/locales/pt/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Código de convite",
    "Left": "Esquerda",
    "Logged in successfully": "Login realizado com sucesso",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Vendido",
    "Sold - Tooltip": "Quantidade vendida",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag do produto",
    "Test buy page..": "Página de teste de compra...",
    "There is no payment channel for this product.": "Não há canal de pagamento disponível para este produto.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Nome do host",
    "IdP": "IdP",
    "IdP certificate": "Certificado IdP",
-    "Intelligent Validation": "Validação inteligente",
    "Internal": "Interno",
    "Issuer URL": "URL do Emissor",
    "Issuer URL - Tooltip": "URL do Emissor",
@ -946,7 +950,6 @@
    "Silent": "Silencioso",
    "Site key": "Chave do site",
    "Site key - Tooltip": "Chave do site",
-    "Sliding Validation": "Validação deslizante",
    "Sub type": "Subtipo",
    "Sub type - Tooltip": "Subtipo",
    "Subject": "Subject",
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Последовательный",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Код приглашения",
    "Left": "Левый",
    "Logged in successfully": "Успешный вход в систему",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Продано",
    "Sold - Tooltip": "Количество проданных",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Метка продукта",
    "Test buy page..": "Страница для тестовой покупки.",
    "There is no payment channel for this product.": "Для этого продукта нет канала оплаты.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Имя хоста",
    "IdP": "ИдП",
    "IdP certificate": "Сертификат IdP",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "URL выпускающего органа",
    "Issuer URL - Tooltip": "URL эмитента",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Ключ сайта",
    "Site key - Tooltip": "Ключ сайта",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Подтип",
    "Sub type - Tooltip": "Подтип",
    "Subject": "Subject",
--- a/web/src/locales/sk/data.json
+++ b/web/src/locales/sk/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Vlastný HTML kód pre hlavičku vašej vstupnej stránky aplikácie",
    "Incremental": "Postupný",
    "Input": "Vstup",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Kód pozvania",
    "Left": "Vľavo",
    "Logged in successfully": "Úspešne prihlásený",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Nadradená skupina - Nápoveda",
    "Physical": "Fyzická",
    "Show all": "Zobraziť všetko",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtuálna",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Predané",
    "Sold - Tooltip": "Množstvo predaných kusov",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Štítok produktu",
    "Test buy page..": "Testovať stránku nákupu..",
    "There is no payment channel for this product.": "Pre tento produkt neexistuje platobný kanál.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Názov hostiteľa",
    "IdP": "IdP",
    "IdP certificate": "Certifikát IdP",
-    "Intelligent Validation": "Inteligentné overenie",
    "Internal": "Interný",
    "Issuer URL": "URL vydavateľa",
    "Issuer URL - Tooltip": "URL vydavateľa",
@ -946,7 +950,6 @@
    "Silent": "Tichý",
    "Site key": "Kľúč stránky",
    "Site key - Tooltip": "Kľúč stránky",
-    "Sliding Validation": "Posuvné overenie",
    "Sub type": "Podtyp",
    "Sub type - Tooltip": "Podtyp",
    "Subject": "Subject",
--- a/web/src/locales/sv/data.json
+++ b/web/src/locales/sv/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/tr/data.json
+++ b/web/src/locales/tr/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Incremental",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Davet Kodu",
    "Left": "Sol",
    "Logged in successfully": "Başarıyla giriş yapıldı",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Sold",
    "Sold - Tooltip": "Quantity sold",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Tag of product",
    "Test buy page..": "Test buy page..",
    "There is no payment channel for this product.": "There is no payment channel for this product.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Name of host",
    "IdP": "IdP",
    "IdP certificate": "IdP certificate",
-    "Intelligent Validation": "Intelligent Validation",
    "Internal": "Internal",
    "Issuer URL": "Issuer URL",
    "Issuer URL - Tooltip": "Issuer URL",
@ -946,7 +950,6 @@
    "Silent": "Silent",
    "Site key": "Site key",
    "Site key - Tooltip": "Site key",
-    "Sliding Validation": "Sliding Validation",
    "Sub type": "Sub type",
    "Sub type - Tooltip": "Sub type",
    "Subject": "Subject",
--- a/web/src/locales/uk/data.json
+++ b/web/src/locales/uk/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Налаштуйте тег head на сторінці входу до програми",
    "Incremental": "Інкрементний",
    "Input": "Введення",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Код запрошення",
    "Left": "Ліворуч",
    "Logged in successfully": "Успішно ввійшли",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Батьківська група - підказка",
    "Physical": "фізичний",
    "Show all": "Покажи все",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Віртуальний",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Продано",
    "Sold - Tooltip": "Продана кількість",
    "Stripe": "смужка",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Тег товару",
    "Test buy page..": "Сторінка тестової покупки..",
    "There is no payment channel for this product.": "Для цього продукту немає платіжного каналу.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Ім'я хоста",
    "IdP": "IDP",
    "IdP certificate": "сертифікат IdP",
-    "Intelligent Validation": "Інтелектуальна перевірка",
    "Internal": "внутрішній",
    "Issuer URL": "URL-адреса емітента",
    "Issuer URL - Tooltip": "URL-адреса емітента",
@ -946,7 +950,6 @@
    "Silent": "Мовчазний",
    "Site key": "Ключ сайту",
    "Site key - Tooltip": "Ключ сайту",
-    "Sliding Validation": "Ковзна перевірка",
    "Sub type": "Підтип",
    "Sub type - Tooltip": "Підтип",
    "Subject": "Subject",
--- a/web/src/locales/vi/data.json
+++ b/web/src/locales/vi/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "Custom the head tag of your application entry page",
    "Incremental": "Tăng",
    "Input": "Input",
+    "Internet-Only": "Internet-Only",
+    "Invalid characters in application name": "Invalid characters in application name",
    "Invitation code": "Invitation code",
    "Left": "Trái",
    "Logged in successfully": "Đăng nhập thành công",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "Parent group - Tooltip",
    "Physical": "Physical",
    "Show all": "Show all",
+    "Upload (.xlsx)": "Upload (.xlsx)",
    "Virtual": "Virtual",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page"
  },
@ -778,6 +781,8 @@
    "Sold": "Đã bán",
    "Sold - Tooltip": "Số lượng bán ra",
    "Stripe": "Stripe",
+    "Success URL": "Success URL",
+    "Success URL - Tooltip": "URL to return to after purchase",
    "Tag - Tooltip": "Nhãn sản phẩm",
    "Test buy page..": "Trang mua thử.",
    "There is no payment channel for this product.": "Không có kênh thanh toán cho sản phẩm này.",
@ -860,7 +865,6 @@
    "Host - Tooltip": "Tên của người chủ chỗ ở",
    "IdP": "IdP",
    "IdP certificate": "Chứng chỉ IdP",
-    "Intelligent Validation": "Xác nhận thông minh",
    "Internal": "Nội bộ",
    "Issuer URL": "Địa chỉ URL của người phát hành",
    "Issuer URL - Tooltip": "Địa chỉ URL của nhà phát hành",
@ -946,7 +950,6 @@
    "Silent": "Im lặng",
    "Site key": "Khóa trang web",
    "Site key - Tooltip": "Khóa trang web",
-    "Sliding Validation": "Xác nhận trượt ngang",
    "Sub type": "Loại phụ",
    "Sub type - Tooltip": "Loại phụ",
    "Subject": "Subject",
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@ -76,6 +76,8 @@
    "Header HTML - Tooltip": "自定义应用页面的head标签",
    "Incremental": "递增",
    "Input": "输入",
+    "Internet-Only": "外网启用",
+    "Invalid characters in application name": "应用名称内有非法字符",
    "Invitation code": "邀请码",
    "Left": "居左",
    "Logged in successfully": "登录成功",
@ -454,6 +456,7 @@
    "Parent group - Tooltip": "上级组",
    "Physical": "实体组",
    "Show all": "显示全部",
+    "Upload (.xlsx)": "上传(.xlsx)",
    "Virtual": "虚拟组",
    "You need to delete all subgroups first. You can view the subgroups in the left group tree of the [Organizations] -\u003e [Groups] page": "您需要先删除所有子组。您可以在 [组织] -\u003e [群组] 页面左侧的群组树中查看子组"
  },
@ -778,6 +781,8 @@
    "Sold": "售出",
    "Sold - Tooltip": "已售出的数量",
    "Stripe": "Stripe",
+    "Success URL": "成功URL",
+    "Success URL - Tooltip": "支付后跳转的URL",
    "Tag - Tooltip": "商品类别",
    "Test buy page..": "测试购买页面..",
    "There is no payment channel for this product.": "该商品没有付款方式。",
@ -860,7 +865,6 @@
    "Host - Tooltip": "主机名",
    "IdP": "身份提供商",
    "IdP certificate": "IdP公钥证书",
-    "Intelligent Validation": "智能验证",
    "Internal": "内部",
    "Issuer URL": "Issuer链接",
    "Issuer URL - Tooltip": "Issuer链接URL",
@ -946,7 +950,6 @@
    "Silent": "静默",
    "Site key": "Site key",
    "Site key - Tooltip": "站点密钥",
-    "Sliding Validation": "滑块验证",
    "Sub type": "子类型",
    "Sub type - Tooltip": "子类型",
    "Subject": "主题",
--- a/web/src/table/AccountTable.js
+++ b/web/src/table/AccountTable.js
@ -110,6 +110,7 @@ class AccountTable extends React.Component {
      {name: "Managed accounts", label: i18next.t("user:Managed accounts")},
      {name: "Face ID", label: i18next.t("user:Face ID")},
      {name: "MFA accounts", label: i18next.t("user:MFA accounts")},
+      {name: "MFA items", label: i18next.t("general:MFA items")},
    ];
  };

--- a/web/src/table/LdapTable.js
+++ b/web/src/table/LdapTable.js
@ -100,7 +100,7 @@ class LdapTable extends React.Component {
        sorter: (a, b) => a.serverName.localeCompare(b.serverName),
        render: (text, record, index) => {
          return (
-            <Link to={`/ldaps/${record.id}`}>
+            <Link to={`/ldap/${record.owner}/${record.id}`}>
              {text}
            </Link>
          );
--- a/web/src/table/ProviderTable.js
+++ b/web/src/table/ProviderTable.js
@ -255,6 +255,7 @@ class ProviderTable extends React.Component {
                <Option key="None" value="None">{i18next.t("general:None")}</Option>
                <Option key="Dynamic" value="Dynamic">{i18next.t("application:Dynamic")}</Option>
                <Option key="Always" value="Always">{i18next.t("application:Always")}</Option>
+                <Option key="Internet-Only" value="Internet-Only">{i18next.t("application:Internet-Only")}</Option>
              </Select>
            );
          } else if (record.provider?.category === "SMS" || record.provider?.category === "Email") {
Author	SHA1	Message	Date
raiki02	9bbe5afb7c	feat: use only one salt arg in CredManager.IsPasswordCorrect() (#3936 )	2025-07-07 17:56:25 +08:00
DacongDA	b42391c6ce	feat: move needUpdatePassword to response's Data3 field to avoid refresh token conflict (#3931 )	2025-07-05 22:48:44 +08:00
Raiki	fb035a5353	feat: CredManager.GetHashedPassword() only contains one salt arg now (#3928 )	2025-07-05 18:41:37 +08:00
Raiki	b1f68a60a4	feat: set createDatabase to false in TestDumpToFile() (#3924 )	2025-07-03 22:50:23 +08:00
Robin Ye	201d704a31	feat: improve TikTok username generation logic (#3923 )	2025-07-03 20:53:15 +08:00
Robin Ye	bf91ad6c97	feat: add Internet-Only captcha rule (#3919 )	2025-07-03 02:39:06 +08:00
Yang Luo	3ccc0339c7	feat: improve CheckToEnableCaptcha() logic	2025-07-03 02:32:07 +08:00
DacongDA	1f2b0a3587	feat: add user's MFA items (#3921 )	2025-07-02 23:05:07 +08:00
DacongDA	0b3feb0d5f	feat: use Input.OTP to input totp code (#3922 )	2025-07-02 18:22:59 +08:00
DacongDA	568c0e2c3d	feat: show Organization.PasswordOptions in login UI (#3913 )	2025-06-28 22:13:00 +08:00
Yang Luo	f4ad2b4034	feat: remove "@" from name's forbidden chars	2025-06-27 18:41:50 +08:00
Attack825	c9f8727890	feat: fix bug in InitCleanupTokens() (#3910 )	2025-06-27 02:08:18 +08:00
DacongDA	e2e3c1fbb8	feat: support Product.SuccessUrl (#3908 )	2025-06-26 22:52:07 +08:00
David	73915ac0a0	feat: fix issue that LDAP user address was not syncing (#3905 )	2025-06-26 09:38:16 +08:00
Attack825	bf9d55ff40	feat: add InitCleanupTokens() (#3903 )	2025-06-26 09:31:59 +08:00
XiangYe	b36fb50239	feat: fix check bug to allow logged-in users to buy product (#3897 )	2025-06-25 10:49:20 +08:00
Øßfusion	4307baa759	feat: fix Tumblr OAuth's wrong scope (#3898 )	2025-06-25 09:55:02 +08:00
David	3964bae1df	feat: fix org's LDAP table wrong link (#3900 )	2025-06-25 09:51:40 +08:00