feat: show the popover on the top when window's width too small and close popover when password options is empty (#3952 )

feat: change Subscription's StartTime and EndTime to string
fix: refactor the code in CheckPassword()
2025-07-19 04:13:50 +08:00 · 2025-07-10 19:56:05 +08:00 · 2025-07-10 14:11:40 +08:00 · 2025-07-10 00:49:13 +08:00 · 2025-07-09 22:07:44 +08:00 · 2025-07-09 00:32:00 +08:00
28 changed files with 135 additions and 102 deletions
--- a/conf/conf.go
+++ b/conf/conf.go
@ -66,7 +66,11 @@ func GetConfigBool(key string) bool {
 func GetConfigInt64(key string) (int64, error) {
 	value := GetConfigString(key)
 	num, err := strconv.ParseInt(value, 10, 64)
-	return num, err
+	if err != nil {
 		return 0, fmt.Errorf("GetConfigInt64(%s) error, %s", key, err.Error())
 	}
 	return num, nil
 }
 func GetConfigDataSourceName() string {
--- a/controllers/account.go
+++ b/controllers/account.go
@ -42,6 +42,7 @@ type Response struct {
 	Name   string      `json:"name"`
 	Data   interface{} `json:"data"`
 	Data2  interface{} `json:"data2"`
 	Data3  interface{} `json:"data3"`
 }
 type Captcha struct {
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -132,7 +132,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	if form.Type == ResponseTypeLogin {
 		c.SetSessionUsername(userId)
 		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
-		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data3: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeCode {
 		clientId := c.Input().Get("clientId")
 		responseType := c.Input().Get("responseType")
@ -154,7 +154,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		}
 		resp = codeToResponse(code)
-		resp.Data2 = user.NeedUpdatePassword
+		resp.Data3 = user.NeedUpdatePassword
 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
 			c.SetSessionUsername(userId)
@ -168,7 +168,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			token, _ := object.GetTokenByUser(application, user, scope, nonce, c.Ctx.Request.Host)
 			resp = tokenToResponse(token)
-			resp.Data2 = user.NeedUpdatePassword
+			resp.Data3 = user.NeedUpdatePassword
 		}
 	} else if form.Type == ResponseTypeDevice {
 		authCache, ok := object.DeviceAuthMap.LoadAndDelete(form.UserCode)
@ -195,14 +195,14 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		object.DeviceAuthMap.Store(authCacheCast.UserName, deviceAuthCacheDeviceCodeCast)
-		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data3: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeSaml { // saml flow
 		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
 			return
 		}
-		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]interface{}{"redirectUrl": redirectUrl, "method": method, "needUpdatePassword": user.NeedUpdatePassword}}
+		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]interface{}{"redirectUrl": redirectUrl, "method": method}, Data3: user.NeedUpdatePassword}
 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
--- a/controllers/token.go
+++ b/controllers/token.go
@ -16,6 +16,7 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
 	"time"
 	"github.com/beego/beego/utils/pagination"
@ -460,7 +461,18 @@ func (c *ApiController) IntrospectToken() {
 	}
 	if token != nil {
 		application, err = object.GetApplication(fmt.Sprintf("%s/%s", token.Owner, token.Application))
 		if err != nil {
 			c.ResponseTokenError(err.Error())
 			return
 		}
 		if application == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), token.Application))
 			return
 		}
 		introspectionResponse.TokenType = token.TokenType
 		introspectionResponse.ClientId = application.ClientId
 	}
 	c.Data["json"] = introspectionResponse
--- a/controllers/user.go
+++ b/controllers/user.go
@ -574,7 +574,7 @@ func (c *ApiController) SetPassword() {
 	targetUser.LastChangePasswordTime = util.GetCurrentTime()
 	if user.Ldap == "" {
-		_, err = object.UpdateUser(userId, targetUser, []string{"password", "need_update_password", "password_type", "last_change_password_time"}, false)
+		_, err = object.UpdateUser(userId, targetUser, []string{"password", "password_salt", "need_update_password", "password_type", "last_change_password_time"}, false)
 	} else {
 		if isAdmin {
 			err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage())
--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@ -23,7 +23,7 @@ func NewArgon2idCredManager() *Argon2idCredManager {
 	return cm
 }
-func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
 	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
 	if err != nil {
 		return ""
@ -31,7 +31,7 @@ func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt strin
 	return hash
 }
-func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
 	return match
 }
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@ -9,7 +9,7 @@ func NewBcryptCredManager() *BcryptCredManager {
 	return cm
 }
-func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return ""
@ -17,7 +17,7 @@ func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string,
 	return string(bytes)
 }
-func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
 	return err == nil
 }
--- a/cred/manager.go
+++ b/cred/manager.go
@ -15,8 +15,8 @@
 package cred
 type CredManager interface {
-	GetHashedPassword(password string, userSalt string, organizationSalt string) string
+	GetHashedPassword(password string, salt string) string
-	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
+	IsPasswordCorrect(password string, passwordHash string, salt string) bool
 }
 func GetCredManager(passwordType string) CredManager {
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@ -37,14 +37,10 @@ func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
 	return cm
 }
-func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
-	res := getMd5HexDigest(password)
+	return getMd5HexDigest(getMd5HexDigest(password) + salt)
 	if userSalt != "" {
 		res = getMd5HexDigest(res + userSalt)
 	}
 	return res
 }
-func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@ -28,13 +28,13 @@ func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
 	return cm
 }
-func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
 	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
-	decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
+	decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
 	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
 	return base64.StdEncoding.EncodeToString(res)
 }
-func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/pbkdf2_django.go
+++ b/cred/pbkdf2_django.go
@ -32,12 +32,8 @@ func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
 	return cm
 }
-func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
 	iterations := 260000
 	salt := userSalt
 	if salt == "" {
 		salt = organizationSalt
 	}
 	saltBytes := []byte(salt)
 	passwordBytes := []byte(password)
@ -46,7 +42,7 @@ func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt st
 	return "pbkdf2_sha256$" + strconv.Itoa(iterations) + "$" + salt + "$" + hashBase64
 }
-func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool {
+func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, _salt string) bool {
 	parts := strings.Split(passwordHash, "$")
 	if len(parts) != 4 {
 		return false
--- a/cred/plain.go
+++ b/cred/plain.go
@ -21,10 +21,10 @@ func NewPlainCredManager() *PlainCredManager {
 	return cm
 }
-func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
 	return password
 }
-func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
 	return hashedPwd == plainPwd
 }
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@ -37,14 +37,10 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
 	return cm
 }
-func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
-	res := getSha256HexDigest(password)
+	return getSha256HexDigest(getSha256HexDigest(password) + salt)
 	if organizationSalt != "" {
 		res = getSha256HexDigest(res + organizationSalt)
 	}
 	return res
 }
-func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@ -23,12 +23,12 @@ func TestGetSaltedPassword(t *testing.T) {
 	password := "123456"
 	salt := "123"
 	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
+	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
 }
 func TestGetPassword(t *testing.T) {
 	password := "123456"
 	cm := NewSha256SaltCredManager()
 	// https://passwordsgenerator.net/sha256-hash-generator/
-	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
+	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
 }
--- a/cred/sha512-salt.go
+++ b/cred/sha512-salt.go
@ -37,14 +37,10 @@ func NewSha512SaltCredManager() *Sha512SaltCredManager {
 	return cm
 }
-func (cm *Sha512SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
-	res := getSha512HexDigest(password)
+	return getSha512HexDigest(getSha512HexDigest(password) + salt)
 	if organizationSalt != "" {
 		res = getSha512HexDigest(res + organizationSalt)
 	}
 	return res
 }
-func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
 }
--- a/object/check.go
+++ b/object/check.go
@ -220,10 +220,15 @@ func checkSigninErrorTimes(user *User, lang string) error {
 }
 func CheckPassword(user *User, password string, lang string, options ...bool) error {
 	if password == "" {
 		return fmt.Errorf(i18n.Translate(lang, "check:Password cannot be empty"))
 	}
 	enableCaptcha := false
 	if len(options) > 0 {
 		enableCaptcha = options[0]
 	}
 	// check the login error times
 	if !enableCaptcha {
 		err := checkSigninErrorTimes(user, lang)
@ -236,35 +241,31 @@ func CheckPassword(user *User, password string, lang string, options ...bool) er
 	if err != nil {
 		return err
 	}
 	if organization == nil {
 		return fmt.Errorf(i18n.Translate(lang, "check:Organization does not exist"))
 	}
 	if password == "" {
 		return fmt.Errorf(i18n.Translate(lang, "check:Password cannot be empty"))
 	}
 	passwordType := user.PasswordType
 	if passwordType == "" {
 		passwordType = organization.PasswordType
 	}
 	credManager := cred.GetCredManager(passwordType)
-	if credManager != nil {
+	if credManager == nil {
 		if organization.MasterPassword != "" {
 			if password == organization.MasterPassword || credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
 				return resetUserSigninErrorTimes(user)
 			}
 		}
 		if credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt, organization.PasswordSalt) {
 			return resetUserSigninErrorTimes(user)
 		}
 		return recordSigninErrorInfo(user, lang, enableCaptcha)
 	} else {
 		return fmt.Errorf(i18n.Translate(lang, "check:unsupported password type: %s"), organization.PasswordType)
 	}
 	if organization.MasterPassword != "" {
 		if password == organization.MasterPassword || credManager.IsPasswordCorrect(password, organization.MasterPassword, organization.PasswordSalt) {
 			return resetUserSigninErrorTimes(user)
 		}
 	}
 	if !credManager.IsPasswordCorrect(password, user.Password, organization.PasswordSalt) && !credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt) {
 		return recordSigninErrorInfo(user, lang, enableCaptcha)
 	}
 	return resetUserSigninErrorTimes(user)
 }
 func CheckPasswordComplexityByOrg(organization *Organization, password string) string {
--- a/object/get-dashboard.go
+++ b/object/get-dashboard.go
@ -103,7 +103,7 @@ func GetDashboard(owner string) (*map[string][]int64, error) {
 func countCreatedBefore(dashboardMapItem DashboardMapItem, before time.Time) int64 {
 	count := dashboardMapItem.itemCount
 	for _, e := range dashboardMapItem.dashboardDateItems {
-		createdTime, _ := time.Parse("2006-01-02T15:04:05-07:00", e.CreatedTime)
+		createdTime, _ := time.Parse(time.RFC3339, e.CreatedTime)
 		if createdTime.Before(before) {
 			count++
 		}
--- a/object/organization.go
+++ b/object/organization.go
@ -222,7 +222,7 @@ func UpdateOrganization(id string, organization *Organization, isGlobalAdmin boo
 	if organization.MasterPassword != "" && organization.MasterPassword != "***" {
 		credManager := cred.GetCredManager(organization.PasswordType)
 		if credManager != nil {
-			hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, "", organization.PasswordSalt)
+			hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, organization.PasswordSalt)
 			organization.MasterPassword = hashedPassword
 		}
 	}
--- a/object/plan.go
+++ b/object/plan.go
@ -49,17 +49,21 @@ func (plan *Plan) GetId() string {
 	return fmt.Sprintf("%s/%s", plan.Owner, plan.Name)
 }
-func GetDuration(period string) (startTime time.Time, endTime time.Time) {
+func getDuration(period string) (string, string, error) {
 	startTime := time.Now()
 	var endTime time.Time
 	if period == PeriodYearly {
 		startTime = time.Now()
 		endTime = startTime.AddDate(1, 0, 0)
 	} else if period == PeriodMonthly {
 		startTime = time.Now()
 		endTime = startTime.AddDate(0, 1, 0)
 	} else {
-		panic(fmt.Sprintf("invalid period: %s", period))
+		return "", "", fmt.Errorf("invalid period: %s", period)
 	}
-	return
+
 	startTimeString := startTime.Format(time.RFC3339)
 	endTimeString := endTime.Format(time.RFC3339)
 	return startTimeString, endTimeString, nil
 }
 func GetPlanCount(owner, field, value string) (int64, error) {
--- a/object/product.go
+++ b/object/product.go
@ -206,11 +206,17 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 			if plan == nil {
 				return nil, nil, fmt.Errorf("the plan: %s does not exist", planName)
 			}
-			sub := NewSubscription(owner, user.Name, plan.Name, paymentName, plan.Period)
+
 			sub, err := NewSubscription(owner, user.Name, plan.Name, paymentName, plan.Period)
 			if err != nil {
 				return nil, nil, err
 			}
 			_, err = AddSubscription(sub)
 			if err != nil {
 				return nil, nil, err
 			}
 			returnUrl = fmt.Sprintf("%s/buy-plan/%s/%s/result?subscription=%s", originFrontend, owner, pricingName, sub.Name)
 		}
 	}
--- a/object/subscription.go
+++ b/object/subscription.go
@ -48,8 +48,8 @@ type Subscription struct {
 	Plan    string `xorm:"varchar(100)" json:"plan"`
 	Payment string `xorm:"varchar(100)" json:"payment"`
-	StartTime time.Time         `json:"startTime"`
+	StartTime string            `xorm:"varchar(100)" json:"startTime"`
-	EndTime   time.Time         `json:"endTime"`
+	EndTime   string            `xorm:"varchar(100)" json:"endTime"`
 	Period    string            `xorm:"varchar(100)" json:"period"`
 	State     SubscriptionState `xorm:"varchar(100)" json:"state"`
 }
@ -84,9 +84,19 @@ func (sub *Subscription) UpdateState() error {
 	}
 	if sub.State == SubStateActive || sub.State == SubStateUpcoming || sub.State == SubStateExpired {
-		if sub.EndTime.Before(time.Now()) {
+		startTime, err := time.Parse(time.RFC3339, sub.StartTime)
 		if err != nil {
 			return err
 		}
 		endTime, err := time.Parse(time.RFC3339, sub.EndTime)
 		if err != nil {
 			return err
 		}
 		if endTime.Before(time.Now()) {
 			sub.State = SubStateExpired
-		} else if sub.StartTime.After(time.Now()) {
+		} else if startTime.After(time.Now()) {
 			sub.State = SubStateUpcoming
 		} else {
 			sub.State = SubStateActive
@ -103,10 +113,15 @@ func (sub *Subscription) UpdateState() error {
 	return nil
 }
-func NewSubscription(owner, userName, planName, paymentName, period string) *Subscription {
+func NewSubscription(owner, userName, planName, paymentName, period string) (*Subscription, error) {
-	startTime, endTime := GetDuration(period)
+	startTime, endTime, err := getDuration(period)
 	if err != nil {
 		return nil, err
 	}
 	id := util.GenerateId()[:6]
-	return &Subscription{
+
 	res := &Subscription{
 		Owner:       owner,
 		Name:        "sub_" + id,
 		DisplayName: "New Subscription - " + id,
@ -121,6 +136,7 @@ func NewSubscription(owner, userName, planName, paymentName, period string) *Sub
 		Period:    period,
 		State:     SubStatePending, // waiting for payment complete
 	}
 	return res, nil
 }
 func GetSubscriptionCount(owner, field, value string) (int64, error) {
--- a/object/user_cred.go
+++ b/object/user_cred.go
@ -42,8 +42,9 @@ func (user *User) UpdateUserHash() error {
 func (user *User) UpdateUserPassword(organization *Organization) {
 	credManager := cred.GetCredManager(organization.PasswordType)
 	if credManager != nil {
-		hashedPassword := credManager.GetHashedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
+		hashedPassword := credManager.GetHashedPassword(user.Password, organization.PasswordSalt)
 		user.Password = hashedPassword
 		user.PasswordType = organization.PasswordType
 		user.PasswordSalt = organization.PasswordSalt
 	}
 }
--- a/routers/auto_signin_filter.go
+++ b/routers/auto_signin_filter.go
@ -66,6 +66,10 @@ func AutoSigninFilter(ctx *context.Context) {
 			responseError(ctx, err.Error())
 			return
 		}
 		if application == nil {
 			responseError(ctx, fmt.Sprintf("No application is found for userId: app/%s", token.Application))
 			return
 		}
 		setSessionUser(ctx, userId)
 		setSessionOidc(ctx, token.Scope, application.ClientId)
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@ -166,7 +166,7 @@ class AuthCallback extends React.Component {
          const responseType = this.getResponseType();
          const handleLogin = (res) => {
            if (responseType === "login") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", signinUrl);
                Setting.goToLinkSoft(this, `/forget/${applicationName}`);
                return;
@ -176,7 +176,7 @@ class AuthCallback extends React.Component {
              const link = Setting.getFromLink();
              Setting.goToLink(link);
            } else if (responseType === "code") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", signinUrl);
                Setting.goToLinkSoft(this, `/forget/${applicationName}`);
                return;
@ -185,7 +185,7 @@ class AuthCallback extends React.Component {
              Setting.goToLink(`${oAuthParams.redirectUri}${concatChar}code=${code}&state=${oAuthParams.state}`);
            // Setting.showMessage("success", `Authorization code: ${res.data}`);
            } else if (responseType === "token" || responseType === "id_token") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", signinUrl);
                Setting.goToLinkSoft(this, `/forget/${applicationName}`);
                return;
@ -207,7 +207,7 @@ class AuthCallback extends React.Component {
                  relayState: oAuthParams.relayState,
                });
              } else {
-                if (res.data2.needUpdatePassword) {
+                if (res.data3) {
                  sessionStorage.setItem("signinUrl", signinUrl);
                  Setting.goToLinkSoft(this, `/forget/${applicationName}`);
                  return;
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@ -385,7 +385,7 @@ class ForgetPage extends React.Component {
                },
              ]}
            />
-            <Popover placement="right" content={this.state.passwordPopover} open={this.state.passwordPopoverOpen}>
+            <Popover placement={window.innerWidth >= 960 ? "right" : "top"} content={this.state.passwordPopover} open={this.state.passwordPopoverOpen}>
              <Form.Item
                name="newPassword"
                hidden={this.state.current !== 2}
@ -415,7 +415,7 @@ class ForgetPage extends React.Component {
                  }}
                  onFocus={() => {
                    this.setState({
-                      passwordPopoverOpen: true,
+                      passwordPopoverOpen: application.organizationObj.passwordOptions?.length > 0,
                      passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, this.form.current?.getFieldValue("newPassword") ?? ""),
                    });
                  }}
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -496,9 +496,9 @@ class LoginPage extends React.Component {
            const responseType = values["type"];
            if (responseType === "login") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
-                Setting.goToLink(this, `/forget/${this.state.applicationName}`);
+                Setting.goToLinkSoft(this, `/forget/${this.state.applicationName}`);
              }
              Setting.showMessage("success", i18next.t("application:Logged in successfully"));
              this.props.onLoginSuccess();
@ -510,9 +510,9 @@ class LoginPage extends React.Component {
                userCodeStatus: "success",
              });
            } else if (responseType === "token" || responseType === "id_token") {
-              if (res.data2) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
-                Setting.goToLink(this, `/forget/${this.state.applicationName}`);
+                Setting.goToLinkSoft(this, `/forget/${this.state.applicationName}`);
              }
              const amendatoryResponseType = responseType === "token" ? "access_token" : responseType;
              const accessToken = res.data;
@ -522,9 +522,9 @@ class LoginPage extends React.Component {
                this.props.onLoginSuccess(window.location.href);
                return;
              }
-              if (res.data2.needUpdatePassword) {
+              if (res.data3) {
                sessionStorage.setItem("signinUrl", window.location.pathname + window.location.search);
-                Setting.goToLink(this, `/forget/${this.state.applicationName}`);
+                Setting.goToLinkSoft(this, `/forget/${this.state.applicationName}`);
              }
              if (res.data2.method === "POST") {
                this.setState({
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@ -607,7 +607,7 @@ class SignupPage extends React.Component {
      }
    } else if (signupItem.name === "Password") {
      return (
-        <Popover placement="right" content={this.state.passwordPopover} open={this.state.passwordPopoverOpen}>
+        <Popover placement={window.innerWidth >= 960 ? "right" : "top"} content={this.state.passwordPopover} open={this.state.passwordPopoverOpen}>
          <Form.Item
            name="password"
            className="signup-password"
@ -635,7 +635,7 @@ class SignupPage extends React.Component {
            }}
            onFocus={() => {
              this.setState({
-                passwordPopoverOpen: true,
+                passwordPopoverOpen: application.organizationObj.passwordOptions?.length > 0,
                passwordPopover: PasswordChecker.renderPasswordPopover(application.organizationObj.passwordOptions, this.form.current?.getFieldValue("password") ?? ""),
              });
            }}
--- a/web/src/common/modal/PasswordModal.js
+++ b/web/src/common/modal/PasswordModal.js
@ -132,18 +132,18 @@ export const PasswordModal = (props) => {
            </Row>
          ) : null}
          <Row style={{width: "100%", marginBottom: "20px"}}>
-            <Popover placement="right" content={passwordPopover} open={passwordPopoverOpen}>
+            <Popover placement={window.innerWidth >= 960 ? "right" : "top"} content={passwordPopover} open={passwordPopoverOpen}>
              <Input.Password
                addonBefore={i18next.t("user:New Password")}
                placeholder={i18next.t("user:input password")}
                onChange={(e) => {
                  handleNewPassword(e.target.value);
-                  setPasswordPopoverOpen(true);
+                  setPasswordPopoverOpen(passwordOptions?.length > 0);
                  setPasswordPopover(PasswordChecker.renderPasswordPopover(passwordOptions, e.target.value));
                }}
                onFocus={() => {
-                  setPasswordPopoverOpen(true);
+                  setPasswordPopoverOpen(passwordOptions?.length > 0);
                  setPasswordPopover(PasswordChecker.renderPasswordPopover(passwordOptions, newPassword));
                }}
                onBlur={() => {
Author	SHA1	Message	Date
DacongDA	ef14c84edc	feat: show the popover on the top when window's width too small and close popover when password options is empty (#3952 )	2025-07-10 19:56:05 +08:00
Yang Luo	cb5c7667b5	feat: change Subscription's StartTime and EndTime to string	2025-07-10 14:11:40 +08:00
Yang Luo	920ed87f75	fix: refactor the code in CheckPassword()	2025-07-10 00:49:13 +08:00
raiki02	6598f0ccdf	feat: use token's client ID instead in IntrospectToken() API (#3948 )	2025-07-09 22:07:44 +08:00
Yang Luo	8e71e23d75	feat: improve error message for GetConfigInt64()	2025-07-09 00:32:00 +08:00
Yang Luo	146a369f80	feat: improve error handling in AutoSigninFilter	2025-07-08 23:47:14 +08:00
raiki02	9bbe5afb7c	feat: use only one salt arg in CredManager.IsPasswordCorrect() (#3936 )	2025-07-07 17:56:25 +08:00
DacongDA	b42391c6ce	feat: move needUpdatePassword to response's Data3 field to avoid refresh token conflict (#3931 )	2025-07-05 22:48:44 +08:00
Raiki	fb035a5353	feat: CredManager.GetHashedPassword() only contains one salt arg now (#3928 )	2025-07-05 18:41:37 +08:00