feat: set createDatabase to false in TestDumpToFile() (#3924)

controllers/auth.go

@@ -555,8 +555,11 @@ func (c *ApiController) Login() {
 				c.ResponseError(c.T("auth:The login method: login with LDAP is not enabled for the application"))
 				return
 			}
+
+			clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+
 			var enableCaptcha bool
-			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); err != nil {
+			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username, clientIp); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if enableCaptcha {
@@ -1222,27 +1225,26 @@ func (c *ApiController) GetQRCode() {
 func (c *ApiController) GetCaptchaStatus() {
 	organization := c.Input().Get("organization")
 	userId := c.Input().Get("userId")
-	user, err := object.GetUserByFields(organization, userId)
+	applicationName := c.Input().Get("application")
+
+	application, err := object.GetApplication(fmt.Sprintf("admin/%s", applicationName))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-
+	if application == nil {
-	captchaEnabled := false
+		c.ResponseError("application not found")
-	if user != nil {
+		return
-		var failedSigninLimit int
-		failedSigninLimit, _, err = object.GetFailedSigninConfigByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user.SigninWrongTimes >= failedSigninLimit {
-			captchaEnabled = true
-		}
 	}
 
+	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	captchaEnabled, err := object.CheckToEnableCaptcha(application, organization, userId, clientIp)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
 	c.ResponseOk(captchaEnabled)
+	return
 }
 
 // Callback

idp/douyin.go

@@ -190,7 +190,7 @@ func (idp *DouyinIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 
 	userInfo := UserInfo{
 		Id:          douyinUserInfo.Data.OpenId,
-		Username:    douyinUserInfo.Data.Nickname,
+		Username:    douyinUserInfo.Data.OpenId,
 		DisplayName: douyinUserInfo.Data.Nickname,
 		AvatarUrl:   douyinUserInfo.Data.Avatar,
 	}

object/check.go

@@ -593,31 +593,41 @@ func CheckUpdateUser(oldUser, user *User, lang string) string {
 	return ""
 }
 
-func CheckToEnableCaptcha(application *Application, organization, username string) (bool, error) {
+func CheckToEnableCaptcha(application *Application, organization, username string, clientIp string) (bool, error) {
 	if len(application.Providers) == 0 {
 		return false, nil
 	}
 
 	for _, providerItem := range application.Providers {
-		if providerItem.Provider == nil {
+		if providerItem.Provider == nil || providerItem.Provider.Category != "Captcha" {
 			continue
 		}
-		if providerItem.Provider.Category == "Captcha" {
+
-			if providerItem.Rule == "Dynamic" {
+		if providerItem.Rule == "Internet-Only" {
-				user, err := GetUserByFields(organization, username)
+			if util.IsInternetIp(clientIp) {
+				return true, nil
+			}
+		}
+
+		if providerItem.Rule == "Dynamic" {
+			user, err := GetUserByFields(organization, username)
+			if err != nil {
+				return false, err
+			}
+
+			if user != nil {
+				failedSigninLimit, _, err := GetFailedSigninConfigByUser(user)
 				if err != nil {
 					return false, err
 				}
 
-				failedSigninLimit := application.FailedSigninLimit
+				return user.SigninWrongTimes >= failedSigninLimit, nil
-				if failedSigninLimit == 0 {
-					failedSigninLimit = DefaultFailedSigninLimit
-				}
-
-				return user != nil && user.SigninWrongTimes >= failedSigninLimit, nil
 			}
-			return providerItem.Rule == "Always", nil
+
+			return false, nil
 		}
+
+		return providerItem.Rule == "Always", nil
 	}
 
 	return false, nil

object/init_data_dump_test.go

@@ -20,6 +20,7 @@ package object
 import "testing"
 
 func TestDumpToFile(t *testing.T) {
+	createDatabase = false
 	InitConfig()
 
 	err := DumpToFile("./init_data_dump.json")

object/organization.go

@@ -536,7 +536,13 @@ func IsNeedPromptMfa(org *Organization, user *User) bool {
 	if org == nil || user == nil {
 		return false
 	}
-	for _, item := range org.MfaItems {
+
+	mfaItems := org.MfaItems
+
+	if len(user.MfaItems) > 0 {
+		mfaItems = user.MfaItems
+	}
+	for _, item := range mfaItems {
 		if item.Rule == "Required" {
 			if item.Name == EmailType && !user.MfaEmailEnabled {
 				return true

object/user.go

@@ -212,6 +212,7 @@ type User struct {
 
 	ManagedAccounts    []ManagedAccount `xorm:"managedAccounts blob" json:"managedAccounts"`
 	MfaAccounts        []MfaAccount     `xorm:"mfaAccounts blob" json:"mfaAccounts"`
+	MfaItems           []*MfaItem       `xorm:"varchar(300)" json:"mfaItems"`
 	NeedUpdatePassword bool             `json:"needUpdatePassword"`
 	IpWhitelist        string           `xorm:"varchar(200)" json:"ipWhitelist"`
 }
@@ -795,7 +796,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		}
 	}
 	if isAdmin {
-		columns = append(columns, "name", "id", "email", "phone", "country_code", "type", "balance")
+		columns = append(columns, "name", "id", "email", "phone", "country_code", "type", "balance", "mfa_items")
 	}
 
 	columns = append(columns, "updated_time")

routers/base.go

@@ -185,17 +185,3 @@ func removePort(s string) string {
 	}
 	return ipStr
 }
-
-func isHostIntranet(s string) bool {
-	ipStr, _, err := net.SplitHostPort(s)
-	if err != nil {
-		ipStr = s
-	}
-
-	ip := net.ParseIP(ipStr)
-	if ip == nil {
-		return false
-	}
-
-	return ip.IsPrivate() || ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast()
-}

routers/cors_filter.go

@@ -83,7 +83,7 @@ func CorsFilter(ctx *context.Context) {
 			setCorsHeaders(ctx, origin)
 		} else if originHostname == host {
 			setCorsHeaders(ctx, origin)
-		} else if isHostIntranet(host) {
+		} else if util.IsHostIntranet(host) {
 			setCorsHeaders(ctx, origin)
 		} else {
 			ok, err := object.IsOriginAllowed(origin)

util/network.go

@@ -0,0 +1,47 @@
+// Copyright 2025 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"net"
+)
+
+func IsInternetIp(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return !parsedIP.IsPrivate() && !parsedIP.IsLoopback() && !parsedIP.IsMulticast() && !parsedIP.IsUnspecified()
+}
+
+func IsHostIntranet(ip string) bool {
+	ipStr, _, err := net.SplitHostPort(ip)
+	if err != nil {
+		ipStr = ip
+	}
+
+	parsedIP := net.ParseIP(ipStr)
+	if parsedIP == nil {
+		return false
+	}
+
+	return parsedIP.IsPrivate() || parsedIP.IsLoopback() || parsedIP.IsLinkLocalUnicast() || parsedIP.IsLinkLocalMulticast()
+}

web/src/Setting.js

@@ -696,18 +696,27 @@ export const MfaRulePrompted = "Prompted";
 export const MfaRuleOptional = "Optional";
 
 export function isRequiredEnableMfa(user, organization) {
-  if (!user || !organization || !organization.mfaItems) {
+  if (!user || !organization || (!organization.mfaItems && !user.mfaItems)) {
     return false;
   }
   return getMfaItemsByRules(user, organization, [MfaRuleRequired]).length > 0;
 }
 
 export function getMfaItemsByRules(user, organization, mfaRules = []) {
-  if (!user || !organization || !organization.mfaItems) {
+  if (!user || !organization || (!organization.mfaItems && !user.mfaItems)) {
     return [];
   }
 
-  return organization.mfaItems.filter((mfaItem) => mfaRules.includes(mfaItem.rule))
+  let mfaItems = organization.mfaItems;
+  if (user.mfaItems && user.mfaItems.length !== 0) {
+    mfaItems = user.mfaItems;
+  }
+
+  if (mfaItems === null) {
+    return [];
+  }
+
+  return mfaItems.filter((mfaItem) => mfaRules.includes(mfaItem.rule))
     .filter((mfaItem) => user.multiFactorAuths.some((mfa) => mfa.mfaType === mfaItem.name && !mfa.enabled));
 }
 

web/src/UserEditPage.js

@@ -42,6 +42,7 @@ import * as MfaBackend from "./backend/MfaBackend";
 import AccountAvatar from "./account/AccountAvatar";
 import FaceIdTable from "./table/FaceIdTable";
 import MfaAccountTable from "./table/MfaAccountTable";
+import MfaTable from "./table/MfaTable";
 
 const {Option} = Select;
 
@@ -926,6 +927,19 @@ class UserEditPage extends React.Component {
           </Col>
         </Row>
       );
+    } else if (accountItem.name === "MFA items") {
+      return (<Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("general:MFA items"), i18next.t("general:MFA items - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <MfaTable
+            title={i18next.t("general:MFA items")}
+            table={this.state.user.mfaItems ?? []}
+            onUpdateTable={(value) => {this.updateUserField("mfaItems", value);}}
+          />
+        </Col>
+      </Row>);
     } else if (accountItem.name === "Multi-factor authentication") {
       return (
         !this.isSelfOrAdmin() ? null : (

web/src/auth/AuthBackend.js

@@ -163,7 +163,7 @@ export function getWechatQRCode(providerId) {
 }
 
 export function getCaptchaStatus(values) {
-  return fetch(`${Setting.ServerUrl}/api/get-captcha-status?organization=${values["organization"]}&userId=${values["username"]}`, {
+  return fetch(`${Setting.ServerUrl}/api/get-captcha-status?organization=${values["organization"]}&userId=${values["username"]}&application=${values["application"]}`, {
     method: "GET",
     credentials: "include",
     headers: {

web/src/auth/ForgetPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Col, Form, Input, Row, Select, Steps} from "antd";
+import {Button, Col, Form, Input, Popover, Row, Select, Steps} from "antd";
 import * as AuthBackend from "./AuthBackend";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as Util from "./Util";
@@ -385,30 +385,48 @@ class ForgetPage extends React.Component {
                 },
               ]}
             />
-            <Form.Item
+            <Popover placement="right" content={this.state.passwordPopover} open={this.state.passwordPopoverOpen}>
-              name="newPassword"
+              <Form.Item
-              hidden={this.state.current !== 2}
+                name="newPassword"
-              rules={[
+                hidden={this.state.current !== 2}
-                {
+                rules={[
-                  required: true,
+                  {
-                  validateTrigger: "onChange",
+                    required: true,
-                  validator: (rule, value) => {
+                    validateTrigger: "onChange",
-                    const errorMsg = PasswordChecker.checkPasswordComplexity(value, application.organizationObj.passwordOptions);
+                    validator: (rule, value) => {
-                    if (errorMsg === "") {
+                      const errorMsg = PasswordChecker.checkPasswordComplexity(value, application.organizationObj.passwordOptions);
-                      return Promise.resolve();
+                      if (errorMsg === "") {
-                    } else {
+                        return Promise.resolve();
-                      return Promise.reject(errorMsg);
+                      } else {
-                    }
+                        return Promise.reject(errorMsg);
+                      }
+                    },
                   },
-                },
+                ]}
-              ]}
+                hasFeedback
-              hasFeedback
+              >
-            >
+                <Input.Password
-              <Input.Password
+                  prefix={<LockOutlined />}
-                prefix={<LockOutlined />}
+                  placeholder={i18next.t("general:Password")}
-                placeholder={i18next.t("general:Password")}
+                  onChange={(e) => {
-              />
+                    this.setState({
-            </Form.Item>
+                      passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, e.target.value),
+                    });
+                  }}
+                  onFocus={() => {
+                    this.setState({
+                      passwordPopoverOpen: true,
+                      passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, this.form.current?.getFieldValue("newPassword") ?? ""),
+                    });
+                  }}
+                  onBlur={() => {
+                    this.setState({
+                      passwordPopoverOpen: false,
+                    });
+                  }}
+                />
+              </Form.Item>
+            </Popover>
             <Form.Item
               name="confirm"
               dependencies={["newPassword"]}

web/src/auth/LoginPage.js

@@ -134,6 +134,8 @@ class LoginPage extends React.Component {
         return CaptchaRule.Always;
       } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Dynamic")) {
         return CaptchaRule.Dynamic;
+      } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Internet-Only")) {
+        return CaptchaRule.InternetOnly;
       } else {
         return CaptchaRule.Never;
       }
@@ -443,6 +445,9 @@ class LoginPage extends React.Component {
       } else if (captchaRule === CaptchaRule.Dynamic) {
         this.checkCaptchaStatus(values);
         return;
+      } else if (captchaRule === CaptchaRule.InternetOnly) {
+        this.checkCaptchaStatus(values);
+        return;
       }
     }
     this.login(values);
@@ -961,9 +966,23 @@ class LoginPage extends React.Component {
     const captchaProviderItems = this.getCaptchaProviderItems(application);
     const alwaysProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Always");
     const dynamicProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Dynamic");
-    const provider = alwaysProviderItems.length > 0
+    const internetOnlyProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Internet-Only");
-      ? alwaysProviderItems[0].provider
+
-      : dynamicProviderItems[0].provider;
+    // Select provider based on the active captcha rule, not fixed priority
+    const captchaRule = this.getCaptchaRule(this.getApplicationObj());
+    let provider = null;
+
+    if (captchaRule === CaptchaRule.Always && alwaysProviderItems.length > 0) {
+      provider = alwaysProviderItems[0].provider;
+    } else if (captchaRule === CaptchaRule.Dynamic && dynamicProviderItems.length > 0) {
+      provider = dynamicProviderItems[0].provider;
+    } else if (captchaRule === CaptchaRule.InternetOnly && internetOnlyProviderItems.length > 0) {
+      provider = internetOnlyProviderItems[0].provider;
+    }
+
+    if (!provider) {
+      return null;
+    }
 
     return <CaptchaModal
       owner={provider.owner}

web/src/auth/SignupPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Form, Input, Radio, Result, Row, Select, message} from "antd";
+import {Button, Form, Input, Popover, Radio, Result, Row, Select, message} from "antd";
 import * as Setting from "../Setting";
 import * as AuthBackend from "./AuthBackend";
 import * as ProviderButton from "./ProviderButton";
@@ -607,28 +607,45 @@ class SignupPage extends React.Component {
       }
     } else if (signupItem.name === "Password") {
       return (
-        <Form.Item
+        <Popover placement="right" content={this.state.passwordPopover} open={this.state.passwordPopoverOpen}>
-          name="password"
+          <Form.Item
-          className="signup-password"
+            name="password"
-          label={signupItem.label ? signupItem.label : i18next.t("general:Password")}
+            className="signup-password"
-          rules={[
+            label={signupItem.label ? signupItem.label : i18next.t("general:Password")}
-            {
+            rules={[
-              required: required,
+              {
-              validateTrigger: "onChange",
+                required: required,
-              validator: (rule, value) => {
+                validateTrigger: "onChange",
-                const errorMsg = PasswordChecker.checkPasswordComplexity(value, application.organizationObj.passwordOptions);
+                validator: (rule, value) => {
-                if (errorMsg === "") {
+                  const errorMsg = PasswordChecker.checkPasswordComplexity(value, application.organizationObj.passwordOptions);
-                  return Promise.resolve();
+                  if (errorMsg === "") {
-                } else {
+                    return Promise.resolve();
-                  return Promise.reject(errorMsg);
+                  } else {
-                }
+                    return Promise.reject(errorMsg);
+                  }
+                },
               },
-            },
+            ]}
-          ]}
+            hasFeedback
-          hasFeedback
+          >
-        >
+            <Input.Password className="signup-password-input" placeholder={signupItem.placeholder} onChange={(e) => {
-          <Input.Password className="signup-password-input" placeholder={signupItem.placeholder} />
+              this.setState({
-        </Form.Item>
+                passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, e.target.value),
+              });
+            }}
+            onFocus={() => {
+              this.setState({
+                passwordPopoverOpen: true,
+                passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, this.form.current?.getFieldValue("password") ?? ""),
+              });
+            }}
+            onBlur={() => {
+              this.setState({
+                passwordPopoverOpen: false,
+              });
+            }} />
+          </Form.Item>
+        </Popover>
       );
     } else if (signupItem.name === "Confirm password") {
       return (

web/src/auth/mfa/MfaVerifyTotpForm.js

@@ -1,4 +1,4 @@
-import {CopyOutlined, UserOutlined} from "@ant-design/icons";
+import {CopyOutlined} from "@ant-design/icons";
 import {Button, Col, Form, Input, QRCode, Space} from "antd";
 import copy from "copy-to-clipboard";
 import i18next from "i18next";
@@ -47,11 +47,11 @@ export const MfaVerifyTotpForm = ({mfaProps, onFinish}) => {
         name="passcode"
         rules={[{required: true, message: "Please input your passcode"}]}
       >
-        <Input
+        <Input.OTP
           style={{marginTop: 24}}
-          prefix={<UserOutlined />}
+          onChange={() => {
-          placeholder={i18next.t("mfa:Passcode")}
+            form.submit();
-          autoComplete="off"
+          }}
         />
       </Form.Item>
       <Form.Item>

web/src/common/PasswordChecker.js

@@ -13,6 +13,8 @@
 // limitations under the License.
 
 import i18next from "i18next";
+import React from "react";
+import {CheckCircleTwoTone, CloseCircleTwoTone} from "@ant-design/icons";
 
 function isValidOption_AtLeast6(password) {
   if (password.length < 6) {
@@ -52,6 +54,33 @@ function isValidOption_NoRepeat(password) {
   return "";
 }
 
+const checkers = {
+  AtLeast6: isValidOption_AtLeast6,
+  AtLeast8: isValidOption_AtLeast8,
+  Aa123: isValidOption_Aa123,
+  SpecialChar: isValidOption_SpecialChar,
+  NoRepeat: isValidOption_NoRepeat,
+};
+
+function getOptionDescription(option, password) {
+  switch (option) {
+  case "AtLeast6": return i18next.t("user:The password must have at least 6 characters");
+  case "AtLeast8": return i18next.t("user:The password must have at least 8 characters");
+  case "Aa123": return i18next.t("user:The password must contain at least one uppercase letter, one lowercase letter and one digit");
+  case "SpecialChar": return i18next.t("user:The password must contain at least one special character");
+  case "NoRepeat": return i18next.t("user:The password must not contain any repeated characters");
+  }
+}
+
+export function renderPasswordPopover(options, password) {
+  return <div style={{width: 240}} >
+    {options.map((option, idx) => {
+      return <div key={idx}>{checkers[option](password) === "" ? <CheckCircleTwoTone twoToneColor={"#52c41a"} /> :
+        <CloseCircleTwoTone twoToneColor={"#ff4d4f"} />} {getOptionDescription(option, password)}</div>;
+    })}
+  </div>;
+}
+
 export function checkPasswordComplexity(password, options) {
   if (password.length === 0) {
     return i18next.t("login:Please input your password!");
@@ -61,14 +90,6 @@ export function checkPasswordComplexity(password, options) {
     return "";
   }
 
-  const checkers = {
-    AtLeast6: isValidOption_AtLeast6,
-    AtLeast8: isValidOption_AtLeast8,
-    Aa123: isValidOption_Aa123,
-    SpecialChar: isValidOption_SpecialChar,
-    NoRepeat: isValidOption_NoRepeat,
-  };
-
   for (const option of options) {
     const checkerFunc = checkers[option];
     if (checkerFunc) {

web/src/common/modal/CaptchaModal.js

@@ -181,4 +181,5 @@ export const CaptchaRule = {
   Always: "Always",
   Never: "Never",
   Dynamic: "Dynamic",
+  InternetOnly: "Internet-Only",
 };

web/src/common/modal/PasswordModal.js

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import {Button, Col, Input, Modal, Row} from "antd";
+import {Button, Col, Input, Modal, Popover, Row} from "antd";
 import i18next from "i18next";
 import React from "react";
 import * as UserBackend from "../../backend/UserBackend";
@@ -35,6 +35,8 @@ export const PasswordModal = (props) => {
   const [rePasswordValid, setRePasswordValid] = React.useState(false);
   const [newPasswordErrorMessage, setNewPasswordErrorMessage] = React.useState("");
   const [rePasswordErrorMessage, setRePasswordErrorMessage] = React.useState("");
+  const [passwordPopoverOpen, setPasswordPopoverOpen] = React.useState(false);
+  const [passwordPopover, setPasswordPopover] = React.useState();
 
   React.useEffect(() => {
     if (organization) {
@@ -130,12 +132,26 @@ export const PasswordModal = (props) => {
             </Row>
           ) : null}
           <Row style={{width: "100%", marginBottom: "20px"}}>
-            <Input.Password
+            <Popover placement="right" content={passwordPopover} open={passwordPopoverOpen}>
-              addonBefore={i18next.t("user:New Password")}
+              <Input.Password
-              placeholder={i18next.t("user:input password")}
+                addonBefore={i18next.t("user:New Password")}
-              onChange={(e) => {handleNewPassword(e.target.value);}}
+                placeholder={i18next.t("user:input password")}
-              status={(!newPasswordValid && newPasswordErrorMessage) ? "error" : undefined}
+                onChange={(e) => {
-            />
+                  handleNewPassword(e.target.value);
+                  setPasswordPopoverOpen(true);
+                  setPasswordPopover(PasswordChecker.renderPasswordPopover(passwordOptions, e.target.value));
+
+                }}
+                onFocus={() => {
+                  setPasswordPopoverOpen(true);
+                  setPasswordPopover(PasswordChecker.renderPasswordPopover(passwordOptions, newPassword));
+                }}
+                onBlur={() => {
+                  setPasswordPopoverOpen(false);
+                }}
+                status={(!newPasswordValid && newPasswordErrorMessage) ? "error" : undefined}
+              />
+            </Popover>
           </Row>
           {!newPasswordValid && newPasswordErrorMessage && <div style={{color: "red", marginTop: "-20px"}}>{newPasswordErrorMessage}</div>}
           <Row style={{width: "100%", marginBottom: "20px"}}>

web/src/locales/ar/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/cs/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Přizpůsobit hlavičku vstupní stránky vaší aplikace",
     "Incremental": "Inkrementální",
     "Input": "Vstup",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Kód pozvánky",
     "Left": "Vlevo",

web/src/locales/de/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Links",

web/src/locales/en/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/es/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Izquierda",

web/src/locales/fa/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "کد head صفحه ورود برنامه خود را سفارشی کنید",
     "Incremental": "افزایشی",
     "Input": "ورودی",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "کد دعوت",
     "Left": "چپ",

web/src/locales/fi/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/fr/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incrémentale",
     "Input": "Saisie",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Code d'invitation",
     "Left": "Gauche",

web/src/locales/he/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/id/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Kiri",

web/src/locales/it/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/ja/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "左",

web/src/locales/kk/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/ko/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "왼쪽",

web/src/locales/ms/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/nl/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/pl/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/pt/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Código de convite",
     "Left": "Esquerda",

web/src/locales/ru/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Последовательный",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Код приглашения",
     "Left": "Левый",

web/src/locales/sk/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Vlastný HTML kód pre hlavičku vašej vstupnej stránky aplikácie",
     "Incremental": "Postupný",
     "Input": "Vstup",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Kód pozvania",
     "Left": "Vľavo",

web/src/locales/sv/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Left",

web/src/locales/tr/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Incremental",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Davet Kodu",
     "Left": "Sol",

web/src/locales/uk/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Налаштуйте тег head на сторінці входу до програми",
     "Incremental": "Інкрементний",
     "Input": "Введення",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Код запрошення",
     "Left": "Ліворуч",

web/src/locales/vi/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "Custom the head tag of your application entry page",
     "Incremental": "Tăng",
     "Input": "Input",
+    "Internet-Only": "Internet-Only",
     "Invalid characters in application name": "Invalid characters in application name",
     "Invitation code": "Invitation code",
     "Left": "Trái",

web/src/locales/zh/data.json

@@ -76,6 +76,7 @@
     "Header HTML - Tooltip": "自定义应用页面的head标签",
     "Incremental": "递增",
     "Input": "输入",
+    "Internet-Only": "外网启用",
     "Invalid characters in application name": "应用名称内有非法字符",
     "Invitation code": "邀请码",
     "Left": "居左",

web/src/table/AccountTable.js

@@ -110,6 +110,7 @@ class AccountTable extends React.Component {
       {name: "Managed accounts", label: i18next.t("user:Managed accounts")},
       {name: "Face ID", label: i18next.t("user:Face ID")},
       {name: "MFA accounts", label: i18next.t("user:MFA accounts")},
+      {name: "MFA items", label: i18next.t("general:MFA items")},
     ];
   };
 

web/src/table/ProviderTable.js

@@ -255,6 +255,7 @@ class ProviderTable extends React.Component {
                 <Option key="None" value="None">{i18next.t("general:None")}</Option>
                 <Option key="Dynamic" value="Dynamic">{i18next.t("application:Dynamic")}</Option>
                 <Option key="Always" value="Always">{i18next.t("application:Always")}</Option>
+                <Option key="Internet-Only" value="Internet-Only">{i18next.t("application:Internet-Only")}</Option>
               </Select>
             );
           } else if (record.provider?.category === "SMS" || record.provider?.category === "Email") {