Revert "feat: restrict redirectUrls for CAS login (#2118 )"

This reverts commit b7a37126ad.
2025-08-02 18:50:32 +08:00 · 2023-08-19 00:22:35 +08:00
499 changed files with 22152 additions and 64465 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,5 @@
-*.go linguist-detectable=true
-*.js linguist-detectable=false
-# Declare files that will always have LF line endings on checkout.
-# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
+*.go linguist-detectable=true
+*.js linguist-detectable=false
+# Declare files that will always have LF line endings on checkout.
+# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
 *.sh text eol=lf
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,6 +1,6 @@
 name: Build

-on: [ push, pull_request ]
+on: [push, pull_request]

 jobs:

@@ -35,7 +35,7 @@ jobs:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
-          node-version: 20
+          node-version: 16
          cache: 'yarn'
          cache-dependency-path: ./web/yarn.lock
      - run: yarn install && CI=false yarn run build
@@ -101,25 +101,24 @@ jobs:
        working-directory: ./
      - uses: actions/setup-node@v3
        with:
-          node-version: 20
+          node-version: 16
          cache: 'yarn'
          cache-dependency-path: ./web/yarn.lock
      - run: yarn install
        working-directory: ./web
      - uses: cypress-io/github-action@v5
        with:
-          browser: chrome
          start: yarn start
          wait-on: 'http://localhost:7001'
          wait-on-timeout: 210
          working-directory: ./web

-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: cypress-screenshots
          path: ./web/cypress/screenshots
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v3
        if: always()
        with:
          name: cypress-videos
@@ -138,7 +137,7 @@ jobs:
      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
-          node-version: 20
+          node-version: 16

      - name: Fetch Previous version
        id: get-previous-tag
@@ -147,7 +146,7 @@ jobs:
      - name: Release
        run: yarn global add semantic-release@17.4.4 && semantic-release
        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GH_BOT_TOKEN }}

      - name: Fetch Current version
        id: get-current-tag
@@ -168,8 +167,10 @@ jobs:
          elif [ ${old_array[1]} != ${new_array[1]} ]
          then 
              echo ::set-output name=push::'true'
+          
          else
              echo ::set-output name=push::'false'
+          
          fi

      - name: Set up QEMU
@@ -207,33 +208,3 @@ jobs:
          platforms: linux/amd64,linux/arm64
          push: true
          tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest
-
-      - uses: actions/checkout@v3
-        if: steps.should_push.outputs.push=='true'
-        with:
-          repository: casdoor/casdoor-helm
-          ref: 'master'
-          token: ${{ secrets.GH_BOT_TOKEN }}
-
-      - name: Update Helm Chart
-        if: steps.should_push.outputs.push=='true'
-        run: |
-          # Set the appVersion and version of the chart to the current tag
-          sed -i "s/appVersion: .*/appVersion: ${{steps.get-current-tag.outputs.tag }}/g" ./charts/casdoor/Chart.yaml
-          sed -i "s/version: .*/version: ${{steps.get-current-tag.outputs.tag }}/g" ./charts/casdoor/Chart.yaml
-
-          REGISTRY=oci://registry-1.docker.io/casbin
-          cd charts/casdoor
-          helm package .
-          PKG_NAME=$(ls *.tgz)
-          helm repo index . --url $REGISTRY --merge index.yaml
-          helm push $PKG_NAME $REGISTRY
-          rm $PKG_NAME
-
-          # Commit and push the changes back to the repository
-          git config --global user.name "casbin-bot"
-          git config --global user.email "bot@casbin.org"
-          git add Chart.yaml index.yaml
-          git commit -m "chore(helm): bump helm charts appVersion to ${{steps.get-current-tag.outputs.tag }}"
-          git tag ${{steps.get-current-tag.outputs.tag }}
-          git push origin HEAD:master --follow-tags
--- a/.github/workflows/migrate.yml
+++ b/.github/workflows/migrate.yml
@@ -0,0 +1,61 @@
+name: Migration Test
+
+on:
+  push:
+    paths:
+      - 'object/migrator**'
+  pull_request:
+    paths:
+      - 'object/migrator**'
+
+jobs:
+
+  db-migrator-test:
+    name: db-migrator-test
+    runs-on: ubuntu-latest
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_DATABASE: casdoor
+          MYSQL_ROOT_PASSWORD: 123456
+        ports:
+          - 3306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '^1.16.5'
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 16
+      - name: pull casdoor-master-latest
+        run: |
+          sudo apt update
+          sudo apt install git
+          sudo apt install net-tools
+          sudo mkdir tmp
+          cd tmp
+          sudo git clone https://github.com/casdoor/casdoor.git
+          cd ..
+        working-directory: ./
+      - name: run casdoor-master-latest
+        run: |
+          sudo nohup go run main.go &
+          sudo sleep 2m
+        working-directory: ./tmp/casdoor
+      - name: stop casdoor-master-latest
+        run: |
+          sudo kill -9 `sudo netstat -anltp | grep 8000 | awk '{print $7}' | cut -d / -f 1`
+        working-directory: ./
+      - name: run casdoor-current-version
+        run: |
+          sudo nohup go run ./main.go &
+          sudo sleep 2m
+        working-directory: ./
+      - name: test port-8000
+        run: |
+          if [[ `sudo netstat -anltp | grep 8000 | awk '{print $7}'` == "" ]];then echo 'db-migrator-test fail' && exit 1;fi;
+          echo 'db-migrator-test pass'
+        working-directory: ./
--- a/.gitignore
+++ b/.gitignore
@@ -18,7 +18,7 @@ bin/

 .idea/
 *.iml
-.vscode/settings.json
+.vscode/

 tmp/
 tmpFiles/
@@ -30,7 +30,5 @@ commentsRouter*.go

 # ignore build result
 casdoor
-server
-
-# include helm-chart
-!manifests/casdoor
+server_linux_arm64
+server_linux_amd64
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -1,15 +0,0 @@
-{
-    "version": "0.2.0",
-    "configurations": [
-        {
-            "name": "Debug",
-            "type": "go",
-            "request": "launch",
-            "mode": "auto",
-            "program": "${workspaceFolder}",
-            "cwd": "${workspaceFolder}",
-            "debugAdapter": "dlv-dap",
-            "args": ["--createDatabase=true"]
-        }
-    ]
-}
--- a/9
+++ b/9
@@ -1,10 +1,11 @@
-FROM --platform=$BUILDPLATFORM node:18.19.0 AS FRONT
+FROM node:16.18.0 AS FRONT
 WORKDIR /web
 COPY ./web .
-RUN yarn install --frozen-lockfile --network-timeout 1000000 && NODE_OPTIONS="--max-old-space-size=4096" yarn run build
+RUN yarn config set registry https://registry.npmmirror.com
+RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build


-FROM --platform=$BUILDPLATFORM golang:1.21.13 AS BACK
+FROM golang:1.19.9 AS BACK
 WORKDIR /go/src/casdoor
 COPY . .
 RUN ./build.sh
@@ -19,7 +20,6 @@ ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"

 RUN sed -i 's/https/http/' /etc/apk/repositories
 RUN apk add --update sudo
-RUN apk add tzdata
 RUN apk add curl
 RUN apk add ca-certificates && update-ca-certificates

@@ -64,6 +64,7 @@ COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build
+RUN mkdir tempFiles

 ENTRYPOINT ["/bin/bash"]
 CMD ["/docker-entrypoint.sh"]
--- a/3
+++ b/3
@@ -86,9 +86,6 @@ docker-build: ## Build docker image with the manager.
 docker-push: ## Push docker image with the manager.
 	docker push ${REGISTRY}/${IMG}:${IMG_TAG}

-deps: ## Run dependencies for local development
-	docker compose up -d db
-
 lint-install: ## Install golangci-lint
 	@# The following installs a specific version of golangci-lint, which is appropriate for a CI server to avoid different results from build to build
 	go get github.com/golangci/golangci-lint/cmd/golangci-lint@v1.40.1
--- a/README.md
+++ b/README.md
@@ -1,102 +1,88 @@
-<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
-<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
-<p align="center">
-  <a href="#badge">
-    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
-    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/releases/latest">
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
-  </a>
-</p>
-
-<p align="center">
-  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
-    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
-    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/issues">
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="#">
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/network">
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://crowdin.com/project/casdoor-site">
-    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
-  </a>
-  <a href="https://discord.gg/5rPsrAzK7S">
-    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
-  </a>
-</p>
-
-<p align="center">
-  <sup>Sponsored by</sup>
-  <br>
-  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin">
-    <picture>
-      <source media="(prefers-color-scheme: dark)" srcset="https://cdn.casbin.org/img/stytch-white.png">
-      <source media="(prefers-color-scheme: light)" srcset="https://cdn.casbin.org/img/stytch-charcoal.png">
-      <img src="https://cdn.casbin.org/img/stytch-charcoal.png" width="275">
-    </picture>
-  </a><br/>
-  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin"><b>Build auth with fraud prevention, faster.</b><br/> Try Stytch for API-first authentication, user & org management, multi-tenant SSO, MFA, device fingerprinting, and more.</a>
-  <br>
-</p>
-
-## Online demo
-
- Read-only site: https://door.casdoor.com (any modification operation will fail)
- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
-
-## Documentation
-
-https://casdoor.org
-
-## Install
-
- By source code: https://casdoor.org/docs/basic/server-installation
- By Docker: https://casdoor.org/docs/basic/try-with-docker
- By Kubernetes Helm: https://casdoor.org/docs/basic/try-with-helm
-
-## How to connect to Casdoor?
-
-https://casdoor.org/docs/how-to-connect/overview
-
-## Casdoor Public API
-
- Docs: https://casdoor.org/docs/basic/public-api
- Swagger: https://door.casdoor.com/swagger
-
-## Integrations
-
-https://casdoor.org/docs/category/integrations
-
-## How to contact?
-
- Discord: https://discord.gg/5rPsrAzK7S
- Contact: https://casdoor.org/help
-
-## Contribute
-
-For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
-
-### I18n translation
-
-If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
-
-## License
-
-[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
+<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
+<h3 align="center">A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.</h3>
+<p align="center">
+  <a href="#badge">
+    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
+  </a>
+  <a href="https://hub.docker.com/r/casbin/casdoor">
+    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
+    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/releases/latest">
+    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
+  </a>
+  <a href="https://hub.docker.com/repository/docker/casbin/casdoor">
+    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
+    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
+    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/issues">
+    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="#">
+    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/network">
+    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://crowdin.com/project/casdoor-site">
+    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
+  </a>
+  <a href="https://discord.gg/5rPsrAzK7S">
+    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
+  </a>
+</p>
+
+## Online demo
+
+- Read-only site: https://door.casdoor.com (any modification operation will fail)
+- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
+
+## Documentation
+
+https://casdoor.org
+
+## Install
+
+- By source code: https://casdoor.org/docs/basic/server-installation
+- By Docker: https://casdoor.org/docs/basic/try-with-docker
+
+## How to connect to Casdoor?
+
+https://casdoor.org/docs/how-to-connect/overview
+
+## Casdoor Public API
+
+- Docs: https://casdoor.org/docs/basic/public-api
+- Swagger: https://door.casdoor.com/swagger
+
+## Integrations
+
+https://casdoor.org/docs/category/integrations
+
+## How to contact?
+
+- Discord: https://discord.gg/5rPsrAzK7S
+- Forum: https://forum.casbin.com
+- Contact: https://tawk.to/chat/623352fea34c2456412b8c51/1fuc7od6e
+
+## Contribute
+
+For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
+
+### I18n translation
+
+If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
+
+## License
+
+[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -46,14 +46,11 @@ p, *, *, POST, /api/login, *, *
 p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
-p, *, *, POST, /api/callback, *, *
-p, *, *, POST, /api/device-auth, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
 p, *, *, GET, /api/user, *, *
 p, *, *, GET, /api/health, *, *
-p, *, *, *, /api/webhook, *, *
-p, *, *, GET, /api/get-qrcode, *, *
+p, *, *, POST, /api/webhook, *, *
 p, *, *, GET, /api/get-webhook-event, *, *
 p, *, *, GET, /api/get-captcha-status, *, *
 p, *, *, *, /api/login/oauth, *, *
@@ -78,14 +75,11 @@ p, *, *, POST, /api/verify-code, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
 p, *, *, GET, /.well-known/openid-configuration, *, *
-p, *, *, GET, /.well-known/webfinger, *, *
 p, *, *, *, /.well-known/jwks, *, *
 p, *, *, GET, /api/get-saml-login, *, *
 p, *, *, POST, /api/acs, *, *
 p, *, *, GET, /api/saml/metadata, *, *
-p, *, *, *, /api/saml/redirect, *, *
 p, *, *, *, /cas, *, *
-p, *, *, *, /scim, *, *
 p, *, *, *, /api/webauthn, *, *
 p, *, *, GET, /api/get-release, *, *
 p, *, *, GET, /api/get-default-application, *, *
@@ -93,21 +87,12 @@ p, *, *, GET, /api/get-prometheus-info, *, *
 p, *, *, *, /api/metrics, *, *
 p, *, *, GET, /api/get-pricing, *, *
 p, *, *, GET, /api/get-plan, *, *
-p, *, *, GET, /api/get-subscription, *, *
-p, *, *, GET, /api/get-provider, *, *
 p, *, *, GET, /api/get-organization-names, *, *
-p, *, *, GET, /api/get-all-objects, *, *
-p, *, *, GET, /api/get-all-actions, *, *
-p, *, *, GET, /api/get-all-roles, *, *
-p, *, *, GET, /api/run-casbin-command, *, *
-p, *, *, POST, /api/refresh-engines, *, *
-p, *, *, GET, /api/get-invitation-info, *, *
-p, *, *, GET, /api/faceid-signin-begin, *, *
 `

 		sa := stringadapter.NewAdapter(ruleText)
 		// load all rules from string adapter to enforcer's memory
-		err = sa.LoadPolicy(Enforcer.GetModel())
+		err := sa.LoadPolicy(Enforcer.GetModel())
 		if err != nil {
 			panic(err)
 		}
@@ -134,20 +119,10 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		panic(err)
 	}

-	if subOwner == "app" {
+	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 		return true
 	}

-	if user != nil {
-		if user.IsDeleted {
-			return false
-		}
-
-		if user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
-			return true
-		}
-	}
-
 	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
 	if err != nil {
 		panic(err)
@@ -158,16 +133,11 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o

 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
-		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" || urlPath == "/api/verify-code" || urlPath == "/api/check-user-password" || strings.HasPrefix(urlPath, "/api/mfa/") || urlPath == "/api/webhook" || urlPath == "/api/get-qrcode" || urlPath == "/api/refresh-engines" {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information
-			if (subOwner == objOwner && subName == objName || subOwner == "app") && !(subOwner == "built-in" && subName == "admin") {
-				return true
-			}
-			return false
-		} else if urlPath == "/api/upload-resource" {
-			if subOwner == "app" && subName == "app-casibase" {
+			if subOwner == objOwner && subName == objName && !(subOwner == "built-in" && subName == "admin") {
 				return true
 			}
 			return false
--- a/build.sh
+++ b/build.sh
@@ -8,6 +8,5 @@ else
    echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
    export GOPROXY="https://goproxy.cn,direct"
 fi
-
 CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server_linux_amd64 .
 CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o server_linux_arm64 .
--- a/captcha/aliyun.go
+++ b/captcha/aliyun.go
@@ -15,51 +15,32 @@
 package captcha

 import (
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	openapiutil "github.com/alibabacloud-go/openapi-util/service"
-	teaUtil "github.com/alibabacloud-go/tea-utils/v2/service"
-	"github.com/alibabacloud-go/tea/tea"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/casdoor/casdoor/util"
 )

-const AliyunCaptchaVerifyUrl = "captcha.cn-shanghai.aliyuncs.com"
+const AliyunCaptchaVerifyUrl = "http://afs.aliyuncs.com"

-type VerifyCaptchaRequest struct {
-	CaptchaVerifyParam *string `json:"CaptchaVerifyParam,omitempty" xml:"CaptchaVerifyParam,omitempty"`
-	SceneId            *string `json:"SceneId,omitempty" xml:"SceneId,omitempty"`
+type captchaSuccessResponse struct {
+	Code int    `json:"Code"`
+	Msg  string `json:"Msg"`
 }

-type VerifyCaptchaResponseBodyResult struct {
-	VerifyResult *bool `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
+type captchaFailResponse struct {
+	Code    string `json:"Code"`
+	Message string `json:"Message"`
 }

-type VerifyCaptchaResponseBody struct {
-	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
-	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
-	// Id of the request
-	RequestId *string                          `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
-	Result    *VerifyCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
-	Success   *bool                            `json:"Success,omitempty" xml:"Success,omitempty"`
-}
-
-type VerifyIntelligentCaptchaResponseBodyResult struct {
-	VerifyCode   *string `json:"VerifyCode,omitempty" xml:"VerifyCode,omitempty"`
-	VerifyResult *bool   `json:"VerifyResult,omitempty" xml:"VerifyResult,omitempty"`
-}
-
-type VerifyIntelligentCaptchaResponseBody struct {
-	Code    *string `json:"Code,omitempty" xml:"Code,omitempty"`
-	Message *string `json:"Message,omitempty" xml:"Message,omitempty"`
-	// Id of the request
-	RequestId *string                                     `json:"RequestId,omitempty" xml:"RequestId,omitempty"`
-	Result    *VerifyIntelligentCaptchaResponseBodyResult `json:"Result,omitempty" xml:"Result,omitempty" type:"Struct"`
-	Success   *bool                                       `json:"Success,omitempty" xml:"Success,omitempty"`
-}
-
-type VerifyIntelligentCaptchaResponse struct {
-	Headers    map[string]*string                    `json:"headers,omitempty" xml:"headers,omitempty" require:"true"`
-	StatusCode *int32                                `json:"statusCode,omitempty" xml:"statusCode,omitempty" require:"true"`
-	Body       *VerifyIntelligentCaptchaResponseBody `json:"body,omitempty" xml:"body,omitempty" require:"true"`
-}
 type AliyunCaptchaProvider struct{}

 func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
@@ -67,69 +48,68 @@ func NewAliyunCaptchaProvider() *AliyunCaptchaProvider {
 	return captcha
 }

-func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
-	config := &openapi.Config{}
-
-	config.Endpoint = tea.String(AliyunCaptchaVerifyUrl)
-	config.ConnectTimeout = tea.Int(5000)
-	config.ReadTimeout = tea.Int(5000)
-	config.AccessKeyId = tea.String(clientId)
-	config.AccessKeySecret = tea.String(clientSecret)
-
-	client := new(openapi.Client)
-	err := client.Init(config)
-	if err != nil {
-		return false, err
-	}
-
-	request := VerifyCaptchaRequest{CaptchaVerifyParam: tea.String(token), SceneId: tea.String(clientId2)}
-
-	err = teaUtil.ValidateModel(&request)
-	if err != nil {
-		return false, err
-	}
-
-	runtime := &teaUtil.RuntimeOptions{}
-
-	body := map[string]interface{}{}
-	if !tea.BoolValue(teaUtil.IsUnset(request.CaptchaVerifyParam)) {
-		body["CaptchaVerifyParam"] = request.CaptchaVerifyParam
-	}
-
-	if !tea.BoolValue(teaUtil.IsUnset(request.SceneId)) {
-		body["SceneId"] = request.SceneId
-	}
-
-	req := &openapi.OpenApiRequest{
-		Body: openapiutil.ParseToMap(body),
-	}
-	params := &openapi.Params{
-		Action:      tea.String("VerifyIntelligentCaptcha"),
-		Version:     tea.String("2023-03-05"),
-		Protocol:    tea.String("HTTPS"),
-		Pathname:    tea.String("/"),
-		Method:      tea.String("POST"),
-		AuthType:    tea.String("AK"),
-		Style:       tea.String("RPC"),
-		ReqBodyType: tea.String("formData"),
-		BodyType:    tea.String("json"),
-	}
-
-	res := &VerifyIntelligentCaptchaResponse{}
-
-	resBody, err := client.CallApi(params, req, runtime)
-	if err != nil {
-		return false, err
-	}
-
-	err = tea.Convert(resBody, &res)
-	if err != nil {
-		return false, err
-	}
-
-	if res.Body.Result.VerifyResult != nil && *res.Body.Result.VerifyResult {
-		return true, nil
-	}
-
-	return false, nil
+func contentEscape(str string) string {
+	str = strings.Replace(str, " ", "%20", -1)
+	str = url.QueryEscape(str)
+	return str
+}
+
+func (captcha *AliyunCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+	pathData, err := url.ParseQuery(token)
+	if err != nil {
+		return false, err
+	}
+
+	pathData["Action"] = []string{"AuthenticateSig"}
+	pathData["Format"] = []string{"json"}
+	pathData["SignatureMethod"] = []string{"HMAC-SHA1"}
+	pathData["SignatureNonce"] = []string{strconv.FormatInt(time.Now().UnixNano(), 10)}
+	pathData["SignatureVersion"] = []string{"1.0"}
+	pathData["Timestamp"] = []string{time.Now().UTC().Format("2006-01-02T15:04:05Z")}
+	pathData["Version"] = []string{"2018-01-12"}
+
+	var keys []string
+	for k := range pathData {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	sortQuery := ""
+	for _, k := range keys {
+		sortQuery += k + "=" + contentEscape(pathData[k][0]) + "&"
+	}
+	sortQuery = strings.TrimSuffix(sortQuery, "&")
+
+	stringToSign := fmt.Sprintf("GET&%s&%s", url.QueryEscape("/"), url.QueryEscape(sortQuery))
+
+	signature := util.GetHmacSha1(clientSecret+"&", stringToSign)
+
+	resp, err := http.Get(fmt.Sprintf("%s?%s&Signature=%s", AliyunCaptchaVerifyUrl, sortQuery, url.QueryEscape(signature)))
+	if err != nil {
+		return false, err
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return false, err
+	}
+
+	return handleCaptchaResponse(body)
+}
+
+func handleCaptchaResponse(body []byte) (bool, error) {
+	captchaResp := &captchaSuccessResponse{}
+	err := json.Unmarshal(body, captchaResp)
+	if err != nil {
+		captchaFailResp := &captchaFailResponse{}
+		err = json.Unmarshal(body, captchaFailResp)
+		if err != nil {
+			return false, err
+		}
+
+		return false, errors.New(captchaFailResp.Message)
+	}
+
+	return true, nil
 }
--- a/captcha/default.go
+++ b/captcha/default.go
@@ -23,6 +23,6 @@ func NewDefaultCaptchaProvider() *DefaultCaptchaProvider {
 	return captcha
 }

-func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *DefaultCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	return object.VerifyCaptcha(clientSecret, token), nil
 }
--- a/captcha/geetest.go
+++ b/captcha/geetest.go
@@ -35,7 +35,7 @@ func NewGEETESTCaptchaProvider() *GEETESTCaptchaProvider {
 	return captcha
 }

-func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *GEETESTCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	pathData, err := url.ParseQuery(token)
 	if err != nil {
 		return false, err
--- a/captcha/hcaptcha.go
+++ b/captcha/hcaptcha.go
@@ -32,7 +32,7 @@ func NewHCaptchaProvider() *HCaptchaProvider {
 	return captcha
 }

-func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *HCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/captcha/provider.go
+++ b/captcha/provider.go
@@ -17,7 +17,7 @@ package captcha
 import "fmt"

 type CaptchaProvider interface {
-	VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error)
+	VerifyCaptcha(token, clientSecret string) (bool, error)
 }

 func GetCaptchaProvider(captchaType string) CaptchaProvider {
@@ -26,10 +26,6 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 		return NewDefaultCaptchaProvider()
 	case "reCAPTCHA":
 		return NewReCaptchaProvider()
-	case "reCAPTCHA v2":
-		return NewReCaptchaProvider()
-	case "reCAPTCHA v3":
-		return NewReCaptchaProvider()
 	case "Aliyun Captcha":
 		return NewAliyunCaptchaProvider()
 	case "hCaptcha":
@@ -43,11 +39,11 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 	return nil
 }

-func VerifyCaptchaByCaptchaType(captchaType, token, clientId, clientSecret, clientId2 string) (bool, error) {
+func VerifyCaptchaByCaptchaType(captchaType, token, clientSecret string) (bool, error) {
 	provider := GetCaptchaProvider(captchaType)
 	if provider == nil {
 		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
 	}

-	return provider.VerifyCaptcha(token, clientId, clientSecret, clientId2)
+	return provider.VerifyCaptcha(token, clientSecret)
 }
--- a/captcha/recaptcha.go
+++ b/captcha/recaptcha.go
@@ -32,7 +32,7 @@ func NewReCaptchaProvider() *ReCaptchaProvider {
 	return captcha
 }

-func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *ReCaptchaProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@@ -32,7 +32,7 @@ func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
 	return captcha
 }

-func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientId, clientSecret, clientId2 string) (bool, error) {
+func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
 	reqData := url.Values{
 		"secret":   {clientSecret},
 		"response": {token},
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -8,30 +8,18 @@ dbName = casdoor
 tableNamePrefix =
 showSql = false
 redisEndpoint =
-defaultStorageProvider =
+defaultStorageProvider = 
 isCloudIntranet = false
 authState = "casdoor"
 socks5Proxy = "127.0.0.1:10808"
 verificationCodeTimeout = 10
-initScore = 0
+initScore = 2000
 logPostOnly = true
-isUsernameLowered = false
 origin =
-originFrontend =
 staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
-enableErrorMask = false
-enableGzip = true
-inactiveTimeoutMinutes =
 ldapServerPort = 389
-ldapsCertId = ""
-ldapsServerPort = 636
-radiusServerPort = 1812
-radiusDefaultOrganization = "built-in"
-radiusSecret = "secret"
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
-logConfig = {"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
-initDataNewOnly = false
-initDataFile = "./init_data.json"
-frontendBaseDir = "../cc_0"
+logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
+initDataFile = "./init_data.json"
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -15,7 +15,7 @@
 package conf

 import (
-	"fmt"
+	"encoding/json"
 	"os"
 	"runtime"
 	"strconv"
@@ -24,6 +24,15 @@ import (
 	"github.com/beego/beego"
 )

+type Quota struct {
+	Organization int `json:"organization"`
+	User         int `json:"user"`
+	Application  int `json:"application"`
+	Provider     int `json:"provider"`
+}
+
+var quota = &Quota{-1, -1, -1, -1}
+
 func init() {
 	// this array contains the beego configuration items that may be modified via env
 	presetConfigItems := []string{"httpport", "appname"}
@@ -35,6 +44,17 @@ func init() {
 			}
 		}
 	}
+	initQuota()
+}
+
+func initQuota() {
+	res := beego.AppConfig.String("quota")
+	if res != "" {
+		err := json.Unmarshal([]byte(res), quota)
+		if err != nil {
+			panic(err)
+		}
+	}
 }

 func GetConfigString(key string) string {
@@ -47,7 +67,7 @@ func GetConfigString(key string) string {
 		if key == "staticBaseUrl" {
 			res = "https://cdn.casbin.org"
 		} else if key == "logConfig" {
-			res = fmt.Sprintf("{\"filename\": \"logs/%s.log\", \"maxdays\":99999, \"perm\":\"0770\"}", beego.AppConfig.String("appname"))
+			res = "{\"filename\": \"logs/casdoor.log\", \"maxdays\":99999, \"perm\":\"0770\"}"
 		}
 	}

@@ -66,19 +86,12 @@ func GetConfigBool(key string) bool {
 func GetConfigInt64(key string) (int64, error) {
 	value := GetConfigString(key)
 	num, err := strconv.ParseInt(value, 10, 64)
-	if err != nil {
-		return 0, fmt.Errorf("GetConfigInt64(%s) error, %s", key, err.Error())
-	}
-
-	return num, nil
+	return num, err
 }

 func GetConfigDataSourceName() string {
 	dataSourceName := GetConfigString("dataSourceName")
-	return ReplaceDataSourceNameByDocker(dataSourceName)
-}

-func ReplaceDataSourceNameByDocker(dataSourceName string) string {
 	runningInDocker := os.Getenv("RUNNING_IN_DOCKER")
 	if runningInDocker == "true" {
 		// https://stackoverflow.com/questions/48546124/what-is-linux-equivalent-of-host-docker-internal
@@ -88,6 +101,7 @@ func ReplaceDataSourceNameByDocker(dataSourceName string) string {
 			dataSourceName = strings.ReplaceAll(dataSourceName, "localhost", "host.docker.internal")
 		}
 	}
+
 	return dataSourceName
 }

@@ -114,3 +128,17 @@ func GetConfigBatchSize() int {
 	}
 	return res
 }
+
+func GetConfigQuota() *Quota {
+	return quota
+}
+
+func GetConfigRealDataSourceName(driverName string) string {
+	var dataSourceName string
+	if driverName != "mysql" {
+		dataSourceName = GetConfigDataSourceName()
+	} else {
+		dataSourceName = GetConfigDataSourceName() + GetConfigString("dbName")
+	}
+	return dataSourceName
+}
--- a/conf/conf_quota.go
+++ b/conf/conf_quota.go
@@ -1,48 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package conf
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego"
-)
-
-type Quota struct {
-	Organization int `json:"organization"`
-	User         int `json:"user"`
-	Application  int `json:"application"`
-	Provider     int `json:"provider"`
-}
-
-var quota = &Quota{-1, -1, -1, -1}
-
-func init() {
-	initQuota()
-}
-
-func initQuota() {
-	res := beego.AppConfig.String("quota")
-	if res != "" {
-		err := json.Unmarshal([]byte(res), quota)
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
-func GetConfigQuota() *Quota {
-	return quota
-}
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@@ -115,7 +115,7 @@ func TestGetConfigLogs(t *testing.T) {
 		description string
 		expected    string
 	}{
-		{"Default log config", `{"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
+		{"Default log config", `{"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
 	}

 	err := beego.LoadAppConfig("ini", "app.conf")
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"strconv"
 	"strings"

 	"github.com/casdoor/casdoor/form"
@@ -32,7 +33,6 @@ const (
 	ResponseTypeIdToken = "id_token"
 	ResponseTypeSaml    = "saml"
 	ResponseTypeCas     = "cas"
-	ResponseTypeDevice  = "device"
 )

 type Response struct {
@@ -42,12 +42,9 @@ type Response struct {
 	Name   string      `json:"name"`
 	Data   interface{} `json:"data"`
 	Data2  interface{} `json:"data2"`
-	Data3  interface{} `json:"data3"`
 }

 type Captcha struct {
-	Owner         string `json:"owner"`
-	Name          string `json:"name"`
 	Type          string `json:"type"`
 	AppKey        string `json:"appKey"`
 	Scene         string `json:"scene"`
@@ -60,17 +57,6 @@ type Captcha struct {
 	SubType       string `json:"subType"`
 }

-// this API is used by "Api URL" of Flarum's FoF Passport plugin
-// https://github.com/FriendsOfFlarum/passport
-type LaravelResponse struct {
-	Id              string `json:"id"`
-	Name            string `json:"name"`
-	Email           string `json:"email"`
-	EmailVerifiedAt string `json:"email_verified_at"`
-	CreatedAt       string `json:"created_at"`
-	UpdatedAt       string `json:"updated_at"`
-}
-
 // Signup
 // @Tag Login API
 // @Title Signup
@@ -97,10 +83,6 @@ func (c *ApiController) Signup() {
 		c.ResponseError(err.Error())
 		return
 	}
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-		return
-	}

 	if !application.EnableSignUp {
 		c.ResponseError(c.T("account:The application does not allow to sign up new account"))
@@ -113,80 +95,56 @@ func (c *ApiController) Signup() {
 		return
 	}

-	if organization == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s does not exist"), authForm.Organization))
-		return
-	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	err = object.CheckEntryIp(clientIp, nil, application, organization, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	msg := object.CheckUserSignup(application, organization, &authForm, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	invitation, msg := object.CheckInvitationCode(application, organization, &authForm, c.GetAcceptLanguage())
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-	invitationName := ""
-	if invitation != nil {
-		invitationName = invitation.Name
-	}
-
-	userEmailVerified := false
-
 	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && authForm.Email != "" {
-		var checkResult *object.VerifyResult
-		checkResult, err = object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(c.T(err.Error()))
-			return
-		}
+		checkResult := object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
 		if checkResult.Code != object.VerificationSuccess {
 			c.ResponseError(checkResult.Msg)
 			return
 		}
-
-		userEmailVerified = true
 	}

 	var checkPhone string
 	if application.IsSignupItemVisible("Phone") && application.GetSignupItemRule("Phone") != "No verification" && authForm.Phone != "" {
 		checkPhone, _ = util.GetE164Number(authForm.Phone, authForm.CountryCode)
-
-		var checkResult *object.VerifyResult
-		checkResult, err = object.CheckVerificationCode(checkPhone, authForm.PhoneCode, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(c.T(err.Error()))
-			return
-		}
+		checkResult := object.CheckVerificationCode(checkPhone, authForm.PhoneCode, c.GetAcceptLanguage())
 		if checkResult.Code != object.VerificationSuccess {
 			c.ResponseError(checkResult.Msg)
 			return
 		}
 	}

-	id, err := object.GenerateIdForNewUser(application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	id := util.GenerateId()
+	if application.GetSignupItemRule("ID") == "Incremental" {
+		lastUser, err := object.GetLastUser(authForm.Organization)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		lastIdInt := -1
+		if lastUser != nil {
+			lastIdInt = util.ParseInt(lastUser.Id)
+		}
+
+		id = strconv.Itoa(lastIdInt + 1)
 	}

 	username := authForm.Username
 	if !application.IsSignupItemVisible("Username") {
-		if organization.UseEmailAsUsername && application.IsSignupItemVisible("Email") {
-			username = authForm.Email
-		} else {
-			username = id
-		}
+		username = id
+	}
+
+	password := authForm.Password
+	msg = object.CheckPasswordComplexityByOrg(organization, password)
+	if msg != "" {
+		c.ResponseError(msg)
+		return
 	}

 	initScore, err := organization.GetInitScore()
@@ -195,28 +153,14 @@ func (c *ApiController) Signup() {
 		return
 	}

-	userType := "normal-user"
-	if authForm.Plan != "" && authForm.Pricing != "" {
-		err = object.CheckPricingAndPlan(authForm.Organization, authForm.Pricing, authForm.Plan)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		userType = "paid-user"
-	}
-
 	user := &object.User{
 		Owner:             authForm.Organization,
 		Name:              username,
 		CreatedTime:       util.GetCurrentTime(),
 		Id:                id,
-		Type:              userType,
+		Type:              "normal-user",
 		Password:          authForm.Password,
 		DisplayName:       authForm.Name,
-		Gender:            authForm.Gender,
-		Bio:               authForm.Bio,
-		Tag:               authForm.Tag,
-		Education:         authForm.Education,
 		Avatar:            organization.DefaultAvatar,
 		Email:             authForm.Email,
 		Phone:             authForm.Phone,
@@ -227,14 +171,12 @@ func (c *ApiController) Signup() {
 		Region:            authForm.Region,
 		Score:             initScore,
 		IsAdmin:           false,
+		IsGlobalAdmin:     false,
 		IsForbidden:       false,
 		IsDeleted:         false,
 		SignupApplication: application.Name,
 		Properties:        map[string]string{},
 		Karma:             0,
-		Invitation:        invitationName,
-		InvitationCode:    authForm.InvitationCode,
-		EmailVerified:     userEmailVerified,
 	}

 	if len(organization.Tags) > 0 {
@@ -252,15 +194,7 @@ func (c *ApiController) Signup() {
 		}
 	}

-	if invitation != nil && invitation.SignupGroup != "" {
-		user.Groups = []string{invitation.SignupGroup}
-	}
-
-	if application.DefaultGroup != "" && user.Groups == nil {
-		user.Groups = []string{application.DefaultGroup}
-	}
-
-	affected, err := object.AddUser(user, c.GetAcceptLanguage())
+	affected, err := object.AddUser(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -277,37 +211,36 @@ func (c *ApiController) Signup() {
 		return
 	}

-	if invitation != nil {
-		invitation.UsedCount += 1
-		_, err := object.UpdateInvitation(invitation.GetId(), invitation, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	if user.Type == "normal-user" {
+	if application.HasPromptPage() {
+		// The prompt page needs the user to be signed in
 		c.SetSessionUsername(user.GetId())
 	}

-	if authForm.Email != "" {
-		err = object.DisableVerificationCode(authForm.Email)
+	err = object.DisableVerificationCode(authForm.Email)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	err = object.DisableVerificationCode(checkPhone)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	isSignupFromPricing := authForm.Plan != "" && authForm.Pricing != ""
+	if isSignupFromPricing {
+		_, err = object.Subscribe(organization.Name, user.Name, authForm.Plan, authForm.Pricing)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 	}

-	if checkPhone != "" {
-		err = object.DisableVerificationCode(checkPhone)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.Ctx.Input.SetParam("recordUserId", user.GetId())
-	c.Ctx.Input.SetParam("recordSignup", "true")
+	record := object.NewRecord(c.Ctx)
+	record.Organization = application.Organization
+	record.User = user.Name
+	util.SafeGoroutine(func() { object.AddRecord(record) })

 	userId := user.GetId()
 	util.LogInfo(c.Ctx, "API: [%s] is signed up as new user", userId)
@@ -323,7 +256,7 @@ func (c *ApiController) Signup() {
 // @Param   post_logout_redirect_uri    query    string  false     "post_logout_redirect_uri"
 // @Param   state     query    string  false     "state"
 // @Success 200 {object} controllers.Response The Response object
-// @router /logout [post]
+// @router /logout [get,post]
 func (c *ApiController) Logout() {
 	// https://openid.net/specs/openid-connect-rpinitiated-1_0-final.html
 	accessToken := c.Input().Get("id_token_hint")
@@ -340,7 +273,6 @@ func (c *ApiController) Logout() {
 		}

 		c.ClearUserSession()
-		c.ClearTokenSession()
 		owner, username := util.GetOwnerAndNameFromId(user)
 		_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 		if err != nil {
@@ -368,55 +300,43 @@ func (c *ApiController) Logout() {
 			return
 		}

-		_, application, token, err := object.ExpireTokenByAccessToken(accessToken)
+		affected, application, token, err := object.ExpireTokenByAccessToken(accessToken)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-		if token == nil {
+
+		if !affected {
 			c.ResponseError(c.T("token:Token not found, invalid accessToken"))
 			return
 		}
+
 		if application == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist")), token.Application)
 			return
 		}

-		if user == "" {
-			user = util.GetId(token.Organization, token.User)
-		}
+		if application.IsRedirectUriValid(redirectUri) {
+			if user == "" {
+				user = util.GetId(token.Organization, token.User)
+			}

-		c.ClearUserSession()
-		c.ClearTokenSession()
-		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-		owner, username := util.GetOwnerAndNameFromId(user)
+			c.ClearUserSession()
+			// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
+			owner, username := util.GetOwnerAndNameFromId(user)

-		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
-		if redirectUri == "" {
-			c.ResponseOk()
-			return
-		} else {
-			if application.IsRedirectUriValid(redirectUri) {
-				redirectUrl := redirectUri
-				if state != "" {
-					if strings.Contains(redirectUri, "?") {
-						redirectUrl = fmt.Sprintf("%s&state=%s", strings.TrimSuffix(redirectUri, "/"), state)
-					} else {
-						redirectUrl = fmt.Sprintf("%s?state=%s", strings.TrimSuffix(redirectUri, "/"), state)
-					}
-				}
-				c.Ctx.Redirect(http.StatusFound, redirectUrl)
-			} else {
-				c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
+			_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
+			if err != nil {
+				c.ResponseError(err.Error())
 				return
 			}
+
+			util.LogInfo(c.Ctx, "API: [%s] logged out", user)
+
+			c.Ctx.Redirect(http.StatusFound, fmt.Sprintf("%s?state=%s", strings.TrimRight(redirectUri, "/"), state))
+		} else {
+			c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
+			return
 		}
 	}
 }
@@ -468,21 +388,6 @@ func (c *ApiController) GetAccount() {
 		return
 	}

-	if organization != nil && len(organization.CountryCodes) == 1 && u != nil && u.CountryCode == "" {
-		u.CountryCode = organization.CountryCodes[0]
-	}
-
-	accessToken := c.GetSessionToken()
-	if accessToken == "" {
-		accessToken, err = object.GetAccessTokenByUser(user, c.Ctx.Request.Host)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.SetSessionToken(accessToken)
-	}
-	u.AccessToken = accessToken
-
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
@@ -509,12 +414,7 @@ func (c *ApiController) GetUserinfo() {

 	scope, aud := c.GetSessionOidc()
 	host := c.Ctx.Request.Host
-
-	userInfo, err := object.GetUserInfo(user, scope, aud, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	userInfo := object.GetUserInfo(user, scope, aud, host)

 	c.Data["json"] = userInfo
 	c.ServeJSON()
@@ -525,7 +425,7 @@ func (c *ApiController) GetUserinfo() {
 // @Title UserInfo2
 // @Tag Account API
 // @Description return Laravel compatible user information according to OAuth 2.0
-// @Success 200 {object} controllers.LaravelResponse The Response object
+// @Success 200 {object} LaravelResponse The Response object
 // @router /user [get]
 func (c *ApiController) GetUserinfo2() {
 	user, ok := c.RequireSignedInUser()
@@ -533,6 +433,17 @@ func (c *ApiController) GetUserinfo2() {
 		return
 	}

+	// this API is used by "Api URL" of Flarum's FoF Passport plugin
+	// https://github.com/FriendsOfFlarum/passport
+	type LaravelResponse struct {
+		Id              string `json:"id"`
+		Name            string `json:"name"`
+		Email           string `json:"email"`
+		EmailVerifiedAt string `json:"email_verified_at"`
+		CreatedAt       string `json:"created_at"`
+		UpdatedAt       string `json:"updated_at"`
+	}
+
 	response := LaravelResponse{
 		Id:              user.Id,
 		Name:            user.Name,
@@ -549,8 +460,7 @@ func (c *ApiController) GetUserinfo2() {
 // GetCaptcha ...
 // @Tag Login API
 // @Title GetCaptcha
-// @router /get-captcha [get]
-// @Success 200 {object} object.Userinfo The Response object
+// @router /api/get-captcha [get]
 func (c *ApiController) GetCaptcha() {
 	applicationId := c.Input().Get("applicationId")
 	isCurrentProvider := c.Input().Get("isCurrentProvider")
@@ -569,16 +479,14 @@ func (c *ApiController) GetCaptcha() {
 				return
 			}

-			c.ResponseOk(Captcha{Owner: captchaProvider.Owner, Name: captchaProvider.Name, Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
+			c.ResponseOk(Captcha{Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
 			return
 		} else if captchaProvider.Type != "" {
 			c.ResponseOk(Captcha{
-				Owner:         captchaProvider.Owner,
-				Name:          captchaProvider.Name,
 				Type:          captchaProvider.Type,
 				SubType:       captchaProvider.SubType,
 				ClientId:      captchaProvider.ClientId,
-				ClientSecret:  "***",
+				ClientSecret:  captchaProvider.ClientSecret,
 				ClientId2:     captchaProvider.ClientId2,
 				ClientSecret2: captchaProvider.ClientSecret2,
 			})
--- a/controllers/application.go
+++ b/controllers/application.go
@@ -62,13 +62,13 @@ func (c *ApiController) GetApplications() {
 		}

 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		application, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		app, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		applications := object.GetMaskedApplications(application, userId)
+		applications := object.GetMaskedApplications(app, userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -84,36 +84,13 @@ func (c *ApiController) GetApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")

-	application, err := object.GetApplication(id)
+	app, err := object.GetApplication(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	if c.Input().Get("withKey") != "" && application != nil && application.Cert != "" {
-		cert, err := object.GetCert(util.GetId(application.Owner, application.Cert))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if cert == nil {
-			cert, err = object.GetCert(util.GetId(application.Organization, application.Cert))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-
-		if cert != nil {
-			application.CertPublicKey = cert.Certificate
-		}
-	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	object.CheckEntryIp(clientIp, nil, application, nil, c.GetAcceptLanguage())
-
-	c.ResponseOk(object.GetMaskedApplication(application, userId))
+	c.ResponseOk(object.GetMaskedApplication(app, userId))
 }

 // GetUserApplication
@@ -142,10 +119,6 @@ func (c *ApiController) GetUserApplication() {
 		c.ResponseError(err.Error())
 		return
 	}
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The organization: %s should have one application at least"), user.Owner))
-		return
-	}

 	c.ResponseOk(object.GetMaskedApplication(application, userId))
 }
@@ -180,12 +153,6 @@ func (c *ApiController) GetOrganizationApplications() {
 			return
 		}

-		applications, err = object.GetAllowedApplications(applications, userId, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
 		c.ResponseOk(object.GetMaskedApplications(applications, userId))
 	} else {
 		limit := util.ParseInt(limit)
@@ -197,19 +164,13 @@ func (c *ApiController) GetOrganizationApplications() {
 		}

 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		applications, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		app, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		applications, err = object.GetAllowedApplications(applications, userId, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications = object.GetMaskedApplications(applications, userId)
+		applications := object.GetMaskedApplications(app, userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -232,11 +193,6 @@ func (c *ApiController) UpdateApplication() {
 		return
 	}

-	if err = object.CheckIpWhitelist(application.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application))
 	c.ServeJSON()
 }
@@ -267,11 +223,6 @@ func (c *ApiController) AddApplication() {
 		return
 	}

-	if err = object.CheckIpWhitelist(application.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.AddApplication(&application))
 	c.ServeJSON()
 }
--- a/controllers/auth.go
+++ b/controllers/auth.go
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -61,10 +61,6 @@ func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {
 		return true
 	}

-	if user == nil || user2 == nil {
-		return false
-	}
-
 	if user.Owner == user2.Owner && user.Name == user2.Name {
 		return true
 	}
@@ -73,7 +69,7 @@ func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {

 func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 	username := c.GetSessionUsername()
-	if object.IsAppUser(username) {
+	if strings.HasPrefix(username, "app/") {
 		// e.g., "app/app-casnode"
 		return true, nil
 	}
@@ -83,7 +79,7 @@ func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 		return false, nil
 	}

-	return user.IsGlobalAdmin(), user
+	return user.Owner == "built-in" || user.IsGlobalAdmin, user
 }

 func (c *ApiController) getCurrentUser() *object.User {
@@ -122,15 +118,6 @@ func (c *ApiController) GetSessionUsername() string {
 	return user.(string)
 }

-func (c *ApiController) GetSessionToken() string {
-	accessToken := c.GetSession("accessToken")
-	if accessToken == nil {
-		return ""
-	}
-
-	return accessToken.(string)
-}
-
 func (c *ApiController) GetSessionApplication() *object.Application {
 	clientId := c.GetSession("aud")
 	if clientId == nil {
@@ -150,10 +137,6 @@ func (c *ApiController) ClearUserSession() {
 	c.SetSessionData(nil)
 }

-func (c *ApiController) ClearTokenSession() {
-	c.SetSessionToken("")
-}
-
 func (c *ApiController) GetSessionOidc() (string, string) {
 	sessionData := c.GetSessionData()
 	if sessionData != nil &&
@@ -180,10 +163,6 @@ func (c *ApiController) SetSessionUsername(user string) {
 	c.SetSession("username", user)
 }

-func (c *ApiController) SetSessionToken(accessToken string) {
-	c.SetSession("accessToken", accessToken)
-}
-
 // GetSessionData ...
 func (c *ApiController) GetSessionData() *SessionData {
 	session := c.GetSession("SessionData")
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -35,11 +35,6 @@ const (
 	UnauthorizedService      string = "UNAUTHORIZED_SERVICE"
 )

-func queryUnescape(service string) string {
-	s, _ := url.QueryUnescape(service)
-	return s
-}
-
 func (c *RootController) CasValidate() {
 	ticket := c.Input().Get("ticket")
 	service := c.Input().Get("service")
@@ -65,25 +60,24 @@ func (c *RootController) CasServiceValidate() {
 	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
-	c.CasP3ProxyValidate()
+	c.CasP3ServiceAndProxyValidate()
 }

 func (c *RootController) CasProxyValidate() {
-	// https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#26-proxyvalidate-cas-20
-	// "/proxyValidate" should accept both service tickets and proxy tickets.
-	c.CasP3ProxyValidate()
-}
-
-func (c *RootController) CasP3ServiceValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
-	if !strings.HasPrefix(ticket, "ST") {
+	if !strings.HasPrefix(ticket, "PT") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
-	c.CasP3ProxyValidate()
+	c.CasP3ServiceAndProxyValidate()
 }

-func (c *RootController) CasP3ProxyValidate() {
+func queryUnescape(service string) string {
+	s, _ := url.QueryUnescape(service)
+	return s
+}
+
+func (c *RootController) CasP3ServiceAndProxyValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
 	service := c.Input().Get("service")
@@ -121,17 +115,15 @@ func (c *RootController) CasP3ProxyValidate() {
 		pgtiou := serviceResponse.Success.ProxyGrantingTicket
 		// todo: check whether it is https
 		pgtUrlObj, err := url.Parse(pgtUrl)
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
-			return
-		}
-
 		if pgtUrlObj.Scheme != "https" {
 			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, "callback is not https", format)
 			return
 		}
-
 		// make a request to pgturl passing pgt and pgtiou
+		if err != nil {
+			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
+			return
+		}
 		param := pgtUrlObj.Query()
 		param.Add("pgtId", pgt)
 		param.Add("pgtIou", pgtiou)
@@ -271,6 +263,7 @@ func (c *RootController) sendCasAuthenticationResponseErr(code, msg, format stri
 			Message: msg,
 		},
 	}
+
 	if format == "json" {
 		c.Data["json"] = serviceResponse
 		c.ServeJSON()
--- a/controllers/casbin_api.go
+++ b/controllers/casbin_api.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"

 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -24,13 +23,12 @@ import (

 // Enforce
 // @Title Enforce
-// @Tag Enforcer API
+// @Tag Enforce API
 // @Description Call Casbin Enforce API
-// @Param   body    body   []string  true   "Casbin request"
+// @Param   body    body   object.CasbinRequest  true   "Casbin request"
 // @Param   permissionId    query   string  false   "permission id"
 // @Param   modelId    query   string  false   "model id"
 // @Param   resourceId    query   string  false   "resource id"
-// @Param   owner    query   string  false   "owner"
 // @Success 200 {object} controllers.Response The Response object
 // @router /enforce [post]
 func (c *ApiController) Enforce() {
@@ -38,14 +36,8 @@ func (c *ApiController) Enforce() {
 	modelId := c.Input().Get("modelId")
 	resourceId := c.Input().Get("resourceId")
 	enforcerId := c.Input().Get("enforcerId")
-	owner := c.Input().Get("owner")

-	if len(c.Ctx.Input.RequestBody) == 0 {
-		c.ResponseError("The request body should not be empty")
-		return
-	}
-
-	var request []string
+	var request object.CasbinRequest
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -59,22 +51,13 @@ func (c *ApiController) Enforce() {
 			return
 		}

-		res := []bool{}
-		keyRes := []string{}
-
-		// type transformation
-		interfaceRequest := util.StringToInterfaceArray(request)
-
-		enforceResult, err := enforcer.Enforce(interfaceRequest...)
+		res, err := enforcer.Enforce(request...)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		res = append(res, enforceResult)
-		keyRes = append(keyRes, enforcer.GetModelAndAdapter())
-
-		c.ResponseOk(res, keyRes)
+		c.ResponseOk(res)
 		return
 	}

@@ -84,24 +67,22 @@ func (c *ApiController) Enforce() {
 			c.ResponseError(err.Error())
 			return
 		}
-		if permission == nil {
-			c.ResponseError(fmt.Sprintf(c.T("permission:The permission: \"%s\" doesn't exist"), permissionId))
-			return
-		}

 		res := []bool{}
-		keyRes := []string{}

-		enforceResult, err := object.Enforce(permission, request)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
+		if permission == nil {
+			res = append(res, false)
+		} else {
+			enforceResult, err := object.Enforce(permission, &request)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
+
+			res = append(res, enforceResult)
 		}

-		res = append(res, enforceResult)
-		keyRes = append(keyRes, permission.GetModelAndAdapter())
-
-		c.ResponseOk(res, keyRes)
+		c.ResponseOk(res)
 		return
 	}

@@ -119,57 +100,48 @@ func (c *ApiController) Enforce() {
 			c.ResponseError(err.Error())
 			return
 		}
-	} else if owner != "" {
-		permissions, err = object.GetPermissions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
 	} else {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}

 	res := []bool{}
-	keyRes := []string{}
+
 	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for key, permissionIds := range listPermissionIdMap {
+	for _, permissionIds := range listPermissionIdMap {
 		firstPermission, err := object.GetPermission(permissionIds[0])
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		enforceResult, err := object.Enforce(firstPermission, request, permissionIds...)
+		enforceResult, err := object.Enforce(firstPermission, &request, permissionIds...)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

 		res = append(res, enforceResult)
-		keyRes = append(keyRes, key)
 	}

-	c.ResponseOk(res, keyRes)
+	c.ResponseOk(res)
 }

 // BatchEnforce
 // @Title BatchEnforce
-// @Tag Enforcer API
+// @Tag Enforce API
 // @Description Call Casbin BatchEnforce API
-// @Param   body    body   []string  true   "array of casbin requests"
+// @Param   body    body   object.CasbinRequest  true   "array of casbin requests"
 // @Param   permissionId    query   string  false   "permission id"
 // @Param   modelId    query   string  false   "model id"
-// @Param   owner    query   string  false   "owner"
 // @Success 200 {object} controllers.Response The Response object
 // @router /batch-enforce [post]
 func (c *ApiController) BatchEnforce() {
 	permissionId := c.Input().Get("permissionId")
 	modelId := c.Input().Get("modelId")
 	enforcerId := c.Input().Get("enforcerId")
-	owner := c.Input().Get("owner")

-	var requests [][]string
+	var requests []object.CasbinRequest
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -183,22 +155,13 @@ func (c *ApiController) BatchEnforce() {
 			return
 		}

-		res := [][]bool{}
-		keyRes := []string{}
-
-		// type transformation
-		interfaceRequests := util.StringToInterfaceArray2d(requests)
-
-		enforceResult, err := enforcer.BatchEnforce(interfaceRequests)
+		res, err := enforcer.BatchEnforce(requests)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		res = append(res, enforceResult)
-		keyRes = append(keyRes, enforcer.GetModelAndAdapter())
-
-		c.ResponseOk(res, keyRes)
+		c.ResponseOk(res)
 		return
 	}

@@ -208,24 +171,28 @@ func (c *ApiController) BatchEnforce() {
 			c.ResponseError(err.Error())
 			return
 		}
-		if permission == nil {
-			c.ResponseError(fmt.Sprintf(c.T("permission:The permission: \"%s\" doesn't exist"), permissionId))
-			return
-		}

 		res := [][]bool{}
-		keyRes := []string{}

-		enforceResult, err := object.BatchEnforce(permission, requests)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
+		if permission == nil {
+			l := len(requests)
+			resRequest := make([]bool, l)
+			for i := 0; i < l; i++ {
+				resRequest[i] = false
+			}
+
+			res = append(res, resRequest)
+		} else {
+			enforceResult, err := object.BatchEnforce(permission, &requests)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
+
+			res = append(res, enforceResult)
 		}

-		res = append(res, enforceResult)
-		keyRes = append(keyRes, permission.GetModelAndAdapter())
-
-		c.ResponseOk(res, keyRes)
+		c.ResponseOk(res)
 		return
 	}

@@ -237,19 +204,13 @@ func (c *ApiController) BatchEnforce() {
 			c.ResponseError(err.Error())
 			return
 		}
-	} else if owner != "" {
-		permissions, err = object.GetPermissions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
 	} else {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}

 	res := [][]bool{}
-	keyRes := []string{}
+
 	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
 	for _, permissionIds := range listPermissionIdMap {
 		firstPermission, err := object.GetPermission(permissionIds[0])
@@ -258,72 +219,44 @@ func (c *ApiController) BatchEnforce() {
 			return
 		}

-		enforceResult, err := object.BatchEnforce(firstPermission, requests, permissionIds...)
+		enforceResult, err := object.BatchEnforce(firstPermission, &requests, permissionIds...)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

 		res = append(res, enforceResult)
-		keyRes = append(keyRes, firstPermission.GetModelAndAdapter())
 	}

-	c.ResponseOk(res, keyRes)
+	c.ResponseOk(res)
 }

 func (c *ApiController) GetAllObjects() {
-	userId := c.Input().Get("userId")
+	userId := c.GetSessionUsername()
 	if userId == "" {
-		userId = c.GetSessionUsername()
-		if userId == "" {
-			c.ResponseError(c.T("general:Please login first"))
-			return
-		}
-	}
-
-	objects, err := object.GetAllObjects(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}

-	c.ResponseOk(objects)
+	c.ResponseOk(object.GetAllObjects(userId))
 }

 func (c *ApiController) GetAllActions() {
-	userId := c.Input().Get("userId")
+	userId := c.GetSessionUsername()
 	if userId == "" {
-		userId = c.GetSessionUsername()
-		if userId == "" {
-			c.ResponseError(c.T("general:Please login first"))
-			return
-		}
-	}
-
-	actions, err := object.GetAllActions(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}

-	c.ResponseOk(actions)
+	c.ResponseOk(object.GetAllActions(userId))
 }

 func (c *ApiController) GetAllRoles() {
-	userId := c.Input().Get("userId")
+	userId := c.GetSessionUsername()
 	if userId == "" {
-		userId = c.GetSessionUsername()
-		if userId == "" {
-			c.ResponseError(c.T("general:Please login first"))
-			return
-		}
-	}
-
-	roles, err := object.GetAllRoles(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}

-	c.ResponseOk(roles)
+	c.ResponseOk(object.GetAllRoles(userId))
 }
--- a/controllers/casbin_cli_api.go
+++ b/controllers/casbin_cli_api.go
@@ -1,247 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"os"
-	"os/exec"
-	"sort"
-	"strings"
-	"sync"
-	"time"
-)
-
-type CLIVersionInfo struct {
-	Version    string
-	BinaryPath string
-	BinaryTime time.Time
-}
-
-var (
-	cliVersionCache = make(map[string]*CLIVersionInfo)
-	cliVersionMutex sync.RWMutex
-)
-
-// getCLIVersion
-// @Title getCLIVersion
-// @Description Get CLI version with cache mechanism
-// @Param language string The language of CLI (go/java/rust etc.)
-// @Return string The version string of CLI
-// @Return error Error if CLI execution fails
-func getCLIVersion(language string) (string, error) {
-	binaryName := fmt.Sprintf("casbin-%s-cli", language)
-
-	binaryPath, err := exec.LookPath(binaryName)
-	if err != nil {
-		return "", fmt.Errorf("executable file not found: %v", err)
-	}
-
-	fileInfo, err := os.Stat(binaryPath)
-	if err != nil {
-		return "", fmt.Errorf("failed to get binary info: %v", err)
-	}
-
-	cliVersionMutex.RLock()
-	if info, exists := cliVersionCache[language]; exists {
-		if info.BinaryPath == binaryPath && info.BinaryTime == fileInfo.ModTime() {
-			cliVersionMutex.RUnlock()
-			return info.Version, nil
-		}
-	}
-	cliVersionMutex.RUnlock()
-
-	cmd := exec.Command(binaryName, "--version")
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		return "", fmt.Errorf("failed to get CLI version: %v", err)
-	}
-
-	version := strings.TrimSpace(string(output))
-
-	cliVersionMutex.Lock()
-	cliVersionCache[language] = &CLIVersionInfo{
-		Version:    version,
-		BinaryPath: binaryPath,
-		BinaryTime: fileInfo.ModTime(),
-	}
-	cliVersionMutex.Unlock()
-
-	return version, nil
-}
-
-func processArgsToTempFiles(args []string) ([]string, []string, error) {
-	tempFiles := []string{}
-	newArgs := []string{}
-	for i := 0; i < len(args); i++ {
-		if (args[i] == "-m" || args[i] == "-p") && i+1 < len(args) {
-			pattern := fmt.Sprintf("casbin_temp_%s_*.conf", args[i])
-			tempFile, err := os.CreateTemp("", pattern)
-			if err != nil {
-				return nil, nil, fmt.Errorf("failed to create temp file: %v", err)
-			}
-
-			_, err = tempFile.WriteString(args[i+1])
-			if err != nil {
-				tempFile.Close()
-				return nil, nil, fmt.Errorf("failed to write to temp file: %v", err)
-			}
-
-			tempFile.Close()
-			tempFiles = append(tempFiles, tempFile.Name())
-			newArgs = append(newArgs, args[i], tempFile.Name())
-			i++
-		} else {
-			newArgs = append(newArgs, args[i])
-		}
-	}
-	return tempFiles, newArgs, nil
-}
-
-// RunCasbinCommand
-// @Title RunCasbinCommand
-// @Tag Enforcer API
-// @Description Call Casbin CLI commands
-// @Success 200 {object} controllers.Response The Response object
-// @router /run-casbin-command [get]
-func (c *ApiController) RunCasbinCommand() {
-	if err := validateIdentifier(c); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	language := c.Input().Get("language")
-	argString := c.Input().Get("args")
-
-	if language == "" {
-		language = "go"
-	}
-	// use "casbin-go-cli" by default, can be also "casbin-java-cli", "casbin-node-cli", etc.
-	// the pre-built binary of "casbin-go-cli" can be found at: https://github.com/casbin/casbin-go-cli/releases
-	binaryName := fmt.Sprintf("casbin-%s-cli", language)
-
-	_, err := exec.LookPath(binaryName)
-	if err != nil {
-		c.ResponseError(fmt.Sprintf("executable file: %s not found in PATH", binaryName))
-		return
-	}
-
-	// RBAC model & policy example:
-	// https://door.casdoor.com/api/run-casbin-command?language=go&args=["enforce", "-m", "[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = g(r.sub, p.sub) %26%26 r.obj == p.obj %26%26 r.act == p.act", "-p", "p, alice, data1, read\np, bob, data2, write\np, data2_admin, data2, read\np, data2_admin, data2, write\ng, alice, data2_admin", "alice", "data1", "read"]
-	// Casbin CLI usage:
-	// https://github.com/jcasbin/casbin-java-cli?tab=readme-ov-file#get-started
-	var args []string
-	err = json.Unmarshal([]byte(argString), &args)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if len(args) > 0 && args[0] == "--version" {
-		version, err := getCLIVersion(language)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk(version)
-		return
-	}
-
-	tempFiles, processedArgs, err := processArgsToTempFiles(args)
-	defer func() {
-		for _, file := range tempFiles {
-			os.Remove(file)
-		}
-	}()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	command := exec.Command(binaryName, processedArgs...)
-	outputBytes, err := command.CombinedOutput()
-	if err != nil {
-		errorString := err.Error()
-		if outputBytes != nil {
-			output := string(outputBytes)
-			errorString = fmt.Sprintf("%s, error: %s", output, err.Error())
-		}
-
-		c.ResponseError(errorString)
-		return
-	}
-
-	output := string(outputBytes)
-	output = strings.TrimSuffix(output, "\n")
-	c.ResponseOk(output)
-}
-
-// validateIdentifier
-// @Title validateIdentifier
-// @Description Validate the request hash and timestamp
-// @Param hash string The SHA-256 hash string
-// @Return error Returns error if validation fails, nil if successful
-func validateIdentifier(c *ApiController) error {
-	language := c.Input().Get("language")
-	args := c.Input().Get("args")
-	hash := c.Input().Get("m")
-	timestamp := c.Input().Get("t")
-
-	if hash == "" || timestamp == "" || language == "" || args == "" {
-		return fmt.Errorf("invalid identifier")
-	}
-
-	requestTime, err := time.Parse(time.RFC3339, timestamp)
-	if err != nil {
-		return fmt.Errorf("invalid identifier")
-	}
-	timeDiff := time.Since(requestTime)
-	if timeDiff > 5*time.Minute || timeDiff < -5*time.Minute {
-		return fmt.Errorf("invalid identifier")
-	}
-
-	params := map[string]string{
-		"language": language,
-		"args":     args,
-	}
-
-	keys := make([]string, 0, len(params))
-	for k := range params {
-		keys = append(keys, k)
-	}
-	sort.Strings(keys)
-
-	var paramParts []string
-	for _, k := range keys {
-		paramParts = append(paramParts, fmt.Sprintf("%s=%s", k, params[k]))
-	}
-	paramString := strings.Join(paramParts, "&")
-
-	version := "casbin-editor-v1"
-	rawString := fmt.Sprintf("%s|%s|%s", version, timestamp, paramString)
-
-	hasher := sha256.New()
-	hasher.Write([]byte(rawString))
-
-	calculatedHash := strings.ToLower(hex.EncodeToString(hasher.Sum(nil)))
-	if calculatedHash != strings.ToLower(hash) {
-		return fmt.Errorf("invalid identifier")
-	}
-
-	return nil
-}
--- a/controllers/cert.go
+++ b/controllers/cert.go
@@ -39,13 +39,13 @@ func (c *ApiController) GetCerts() {
 	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
-		certs, err := object.GetMaskedCerts(object.GetCerts(owner))
+		maskedCerts, err := object.GetMaskedCerts(object.GetCerts(owner))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		c.ResponseOk(certs)
+		c.ResponseOk(maskedCerts)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetCertCount(owner, field, value)
@@ -65,13 +65,13 @@ func (c *ApiController) GetCerts() {
 	}
 }

-// GetGlobalCerts
-// @Title GetGlobalCerts
+// GetGlobleCerts
+// @Title GetGlobleCerts
 // @Tag Cert API
-// @Description get global certs
+// @Description get globle certs
 // @Success 200 {array} object.Cert The Response object
-// @router /get-global-certs [get]
-func (c *ApiController) GetGlobalCerts() {
+// @router /get-globle-certs [get]
+func (c *ApiController) GetGlobleCerts() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
@@ -80,13 +80,13 @@ func (c *ApiController) GetGlobalCerts() {
 	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
-		certs, err := object.GetMaskedCerts(object.GetGlobalCerts())
+		maskedCerts, err := object.GetMaskedCerts(object.GetGlobleCerts())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		c.ResponseOk(certs)
+		c.ResponseOk(maskedCerts)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGlobalCertsCount(field, value)
--- a/controllers/cli_downloader.go
+++ b/controllers/cli_downloader.go
@@ -1,519 +0,0 @@
-package controllers
-
-import (
-	"archive/tar"
-	"archive/zip"
-	"compress/gzip"
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"time"
-
-	"github.com/beego/beego"
-	"github.com/casdoor/casdoor/proxy"
-	"github.com/casdoor/casdoor/util"
-)
-
-const (
-	javaCliRepo    = "https://api.github.com/repos/jcasbin/casbin-java-cli/releases/latest"
-	goCliRepo      = "https://api.github.com/repos/casbin/casbin-go-cli/releases/latest"
-	rustCliRepo    = "https://api.github.com/repos/casbin-rs/casbin-rust-cli/releases/latest"
-	downloadFolder = "bin"
-)
-
-type ReleaseInfo struct {
-	TagName string `json:"tag_name"`
-	Assets  []struct {
-		Name string `json:"name"`
-		URL  string `json:"browser_download_url"`
-	} `json:"assets"`
-}
-
-// @Title getBinaryNames
-// @Description Get binary names for different platforms and architectures
-// @Success 200 {map[string]string} map[string]string "Binary names map"
-func getBinaryNames() map[string]string {
-	const (
-		golang = "go"
-		java   = "java"
-		rust   = "rust"
-	)
-
-	arch := runtime.GOARCH
-	archMap := map[string]struct{ goArch, rustArch string }{
-		"amd64": {"x86_64", "x86_64"},
-		"arm64": {"arm64", "aarch64"},
-	}
-
-	archNames, ok := archMap[arch]
-	if !ok {
-		archNames = struct{ goArch, rustArch string }{arch, arch}
-	}
-
-	switch runtime.GOOS {
-	case "windows":
-		return map[string]string{
-			golang: fmt.Sprintf("casbin-go-cli_Windows_%s.zip", archNames.goArch),
-			java:   "casbin-java-cli.jar",
-			rust:   fmt.Sprintf("casbin-rust-cli-%s-pc-windows-gnu", archNames.rustArch),
-		}
-	case "darwin":
-		return map[string]string{
-			golang: fmt.Sprintf("casbin-go-cli_Darwin_%s.tar.gz", archNames.goArch),
-			java:   "casbin-java-cli.jar",
-			rust:   fmt.Sprintf("casbin-rust-cli-%s-apple-darwin", archNames.rustArch),
-		}
-	case "linux":
-		return map[string]string{
-			golang: fmt.Sprintf("casbin-go-cli_Linux_%s.tar.gz", archNames.goArch),
-			java:   "casbin-java-cli.jar",
-			rust:   fmt.Sprintf("casbin-rust-cli-%s-unknown-linux-gnu", archNames.rustArch),
-		}
-	default:
-		return nil
-	}
-}
-
-// @Title getFinalBinaryName
-// @Description Get final binary name for specific language
-// @Param lang string true "Language type (go/java/rust)"
-// @Success 200 {string} string "Final binary name"
-func getFinalBinaryName(lang string) string {
-	switch lang {
-	case "go":
-		if runtime.GOOS == "windows" {
-			return "casbin-go-cli.exe"
-		}
-		return "casbin-go-cli"
-	case "java":
-		return "casbin-java-cli.jar"
-	case "rust":
-		if runtime.GOOS == "windows" {
-			return "casbin-rust-cli.exe"
-		}
-		return "casbin-rust-cli"
-	default:
-		return ""
-	}
-}
-
-// @Title getLatestCLIURL
-// @Description Get latest CLI download URL from GitHub
-// @Param repoURL string true "GitHub repository URL"
-// @Param language string true "Language type"
-// @Success 200 {string} string "Download URL and version"
-func getLatestCLIURL(repoURL string, language string) (string, string, error) {
-	client := proxy.GetHttpClient(repoURL)
-	resp, err := client.Get(repoURL)
-	if err != nil {
-		return "", "", fmt.Errorf("failed to fetch release info: %v", err)
-	}
-	defer resp.Body.Close()
-
-	var release ReleaseInfo
-	if err := json.NewDecoder(resp.Body).Decode(&release); err != nil {
-		return "", "", err
-	}
-
-	binaryNames := getBinaryNames()
-	if binaryNames == nil {
-		return "", "", fmt.Errorf("unsupported OS: %s", runtime.GOOS)
-	}
-
-	binaryName := binaryNames[language]
-	for _, asset := range release.Assets {
-		if asset.Name == binaryName {
-			return asset.URL, release.TagName, nil
-		}
-	}
-
-	return "", "", fmt.Errorf("no suitable binary found for OS: %s, language: %s", runtime.GOOS, language)
-}
-
-// @Title extractGoCliFile
-// @Description Extract the Go CLI file
-// @Param filePath string true "The file path"
-// @Success 200 {string} string "The extracted file path"
-// @router /extractGoCliFile [post]
-func extractGoCliFile(filePath string) error {
-	tempDir := filepath.Join(downloadFolder, "temp")
-	if err := os.MkdirAll(tempDir, 0o755); err != nil {
-		return err
-	}
-	defer os.RemoveAll(tempDir)
-
-	if runtime.GOOS == "windows" {
-		if err := unzipFile(filePath, tempDir); err != nil {
-			return err
-		}
-	} else {
-		if err := untarFile(filePath, tempDir); err != nil {
-			return err
-		}
-	}
-
-	execName := "casbin-go-cli"
-	if runtime.GOOS == "windows" {
-		execName += ".exe"
-	}
-
-	var execPath string
-	err := filepath.Walk(tempDir, func(path string, info os.FileInfo, err error) error {
-		if info.Name() == execName {
-			execPath = path
-			return nil
-		}
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	finalPath := filepath.Join(downloadFolder, execName)
-	if err := os.Rename(execPath, finalPath); err != nil {
-		return err
-	}
-
-	return os.Remove(filePath)
-}
-
-// @Title unzipFile
-// @Description Unzip the file
-// @Param zipPath string true "The zip file path"
-// @Param destDir string true "The destination directory"
-// @Success 200 {string} string "The extracted file path"
-// @router /unzipFile [post]
-func unzipFile(zipPath, destDir string) error {
-	r, err := zip.OpenReader(zipPath)
-	if err != nil {
-		return err
-	}
-	defer r.Close()
-
-	for _, f := range r.File {
-		fpath := filepath.Join(destDir, f.Name)
-
-		if f.FileInfo().IsDir() {
-			os.MkdirAll(fpath, os.ModePerm)
-			continue
-		}
-
-		if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil {
-			return err
-		}
-
-		outFile, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
-		if err != nil {
-			return err
-		}
-
-		rc, err := f.Open()
-		if err != nil {
-			outFile.Close()
-			return err
-		}
-
-		_, err = io.Copy(outFile, rc)
-		outFile.Close()
-		rc.Close()
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// @Title untarFile
-// @Description Untar the file
-// @Param tarPath string true "The tar file path"
-// @Param destDir string true "The destination directory"
-// @Success 200 {string} string "The extracted file path"
-// @router /untarFile [post]
-func untarFile(tarPath, destDir string) error {
-	file, err := os.Open(tarPath)
-	if err != nil {
-		return err
-	}
-	defer file.Close()
-
-	gzr, err := gzip.NewReader(file)
-	if err != nil {
-		return err
-	}
-	defer gzr.Close()
-
-	tr := tar.NewReader(gzr)
-
-	for {
-		header, err := tr.Next()
-		if err == io.EOF {
-			break
-		}
-		if err != nil {
-			return err
-		}
-
-		path := filepath.Join(destDir, header.Name)
-
-		switch header.Typeflag {
-		case tar.TypeDir:
-			if err := os.MkdirAll(path, 0o755); err != nil {
-				return err
-			}
-		case tar.TypeReg:
-			outFile, err := os.Create(path)
-			if err != nil {
-				return err
-			}
-			if _, err := io.Copy(outFile, tr); err != nil {
-				outFile.Close()
-				return err
-			}
-			outFile.Close()
-		}
-	}
-	return nil
-}
-
-// @Title createJavaCliWrapper
-// @Description Create the Java CLI wrapper
-// @Param binPath string true "The binary path"
-// @Success 200 {string} string "The created file path"
-// @router /createJavaCliWrapper [post]
-func createJavaCliWrapper(binPath string) error {
-	if runtime.GOOS == "windows" {
-		// Create a Windows CMD file
-		cmdPath := filepath.Join(binPath, "casbin-java-cli.cmd")
-		cmdContent := fmt.Sprintf(`@echo off
-java -jar "%s\casbin-java-cli.jar" %%*`, binPath)
-
-		err := os.WriteFile(cmdPath, []byte(cmdContent), 0o755)
-		if err != nil {
-			return fmt.Errorf("failed to create Java CLI wrapper: %v", err)
-		}
-	} else {
-		// Create Unix shell script
-		shPath := filepath.Join(binPath, "casbin-java-cli")
-		shContent := fmt.Sprintf(`#!/bin/sh
-java -jar "%s/casbin-java-cli.jar" "$@"`, binPath)
-
-		err := os.WriteFile(shPath, []byte(shContent), 0o755)
-		if err != nil {
-			return fmt.Errorf("failed to create Java CLI wrapper: %v", err)
-		}
-	}
-	return nil
-}
-
-// @Title downloadCLI
-// @Description Download and setup CLI tools
-// @Success 200 {error} error "Error if any"
-func downloadCLI() error {
-	pathEnv := os.Getenv("PATH")
-	binPath, err := filepath.Abs(downloadFolder)
-	if err != nil {
-		return fmt.Errorf("failed to get absolute path to download directory: %v", err)
-	}
-
-	if !strings.Contains(pathEnv, binPath) {
-		newPath := fmt.Sprintf("%s%s%s", binPath, string(os.PathListSeparator), pathEnv)
-		if err := os.Setenv("PATH", newPath); err != nil {
-			return fmt.Errorf("failed to update PATH environment variable: %v", err)
-		}
-	}
-
-	if err := os.MkdirAll(downloadFolder, 0o755); err != nil {
-		return fmt.Errorf("failed to create download directory: %v", err)
-	}
-
-	repos := map[string]string{
-		"java": javaCliRepo,
-		"go":   goCliRepo,
-		"rust": rustCliRepo,
-	}
-
-	for lang, repo := range repos {
-		cliURL, version, err := getLatestCLIURL(repo, lang)
-		if err != nil {
-			fmt.Printf("failed to get %s CLI URL: %v\n", lang, err)
-			continue
-		}
-
-		originalPath := filepath.Join(downloadFolder, getBinaryNames()[lang])
-		fmt.Printf("downloading %s CLI: %s\n", lang, cliURL)
-
-		client := proxy.GetHttpClient(cliURL)
-		resp, err := client.Get(cliURL)
-		if err != nil {
-			fmt.Printf("failed to download %s CLI: %v\n", lang, err)
-			continue
-		}
-
-		func() {
-			defer resp.Body.Close()
-
-			if err := os.MkdirAll(filepath.Dir(originalPath), 0o755); err != nil {
-				fmt.Printf("failed to create directory for %s CLI: %v\n", lang, err)
-				return
-			}
-
-			tmpFile := originalPath + ".tmp"
-			out, err := os.Create(tmpFile)
-			if err != nil {
-				fmt.Printf("failed to create or write %s CLI: %v\n", lang, err)
-				return
-			}
-			defer func() {
-				out.Close()
-				os.Remove(tmpFile)
-			}()
-
-			if _, err = io.Copy(out, resp.Body); err != nil ||
-				out.Close() != nil ||
-				os.Rename(tmpFile, originalPath) != nil {
-				fmt.Printf("failed to download %s CLI: %v\n", lang, err)
-				return
-			}
-		}()
-
-		if lang == "go" {
-			if err := extractGoCliFile(originalPath); err != nil {
-				fmt.Printf("failed to extract Go CLI: %v\n", err)
-				continue
-			}
-		} else {
-			finalPath := filepath.Join(downloadFolder, getFinalBinaryName(lang))
-			if err := os.Rename(originalPath, finalPath); err != nil {
-				fmt.Printf("failed to rename %s CLI: %v\n", lang, err)
-				continue
-			}
-		}
-
-		if runtime.GOOS != "windows" {
-			execPath := filepath.Join(downloadFolder, getFinalBinaryName(lang))
-			if err := os.Chmod(execPath, 0o755); err != nil {
-				fmt.Printf("failed to set %s CLI execution permission: %v\n", lang, err)
-				continue
-			}
-		}
-
-		fmt.Printf("downloaded %s CLI version: %s\n", lang, version)
-
-		if lang == "java" {
-			if err := createJavaCliWrapper(binPath); err != nil {
-				fmt.Printf("failed to create Java CLI wrapper: %v\n", err)
-				continue
-			}
-		}
-	}
-
-	return nil
-}
-
-// @Title RefreshEngines
-// @Tag CLI API
-// @Description Refresh all CLI engines
-// @Param m query string true "Hash for request validation"
-// @Param t query string true "Timestamp for request validation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /refresh-engines [post]
-func (c *ApiController) RefreshEngines() {
-	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
-		c.ResponseError("refresh engines is only available in demo mode")
-		return
-	}
-
-	hash := c.Input().Get("m")
-	timestamp := c.Input().Get("t")
-
-	if hash == "" || timestamp == "" {
-		c.ResponseError("invalid identifier")
-		return
-	}
-
-	requestTime, err := time.Parse(time.RFC3339, timestamp)
-	if err != nil {
-		c.ResponseError("invalid identifier")
-		return
-	}
-
-	timeDiff := time.Since(requestTime)
-	if timeDiff > 5*time.Minute || timeDiff < -5*time.Minute {
-		c.ResponseError("invalid identifier")
-		return
-	}
-
-	version := "casbin-editor-v1"
-	rawString := fmt.Sprintf("%s|%s", version, timestamp)
-
-	hasher := sha256.New()
-	hasher.Write([]byte(rawString))
-	calculatedHash := strings.ToLower(hex.EncodeToString(hasher.Sum(nil)))
-
-	if calculatedHash != strings.ToLower(hash) {
-		c.ResponseError("invalid identifier")
-		return
-	}
-
-	err = downloadCLI()
-	if err != nil {
-		c.ResponseError(fmt.Sprintf("failed to refresh engines: %v", err))
-		return
-	}
-
-	c.ResponseOk(map[string]string{
-		"status":  "success",
-		"message": "CLI engines updated successfully",
-	})
-}
-
-// @Title ScheduleCLIUpdater
-// @Description Start periodic CLI update scheduler
-func ScheduleCLIUpdater() {
-	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
-		return
-	}
-
-	ticker := time.NewTicker(1 * time.Hour)
-	defer ticker.Stop()
-
-	for range ticker.C {
-		err := downloadCLI()
-		if err != nil {
-			fmt.Printf("failed to update CLI: %v\n", err)
-		} else {
-			fmt.Println("CLI updated successfully")
-		}
-	}
-}
-
-// @Title DownloadCLI
-// @Description Download the CLI
-// @Success 200 {string} string "The downloaded file path"
-// @router /downloadCLI [post]
-func DownloadCLI() error {
-	return downloadCLI()
-}
-
-// @Title InitCLIDownloader
-// @Description Initialize CLI downloader and start update scheduler
-func InitCLIDownloader() {
-	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
-		return
-	}
-
-	util.SafeGoroutine(func() {
-		err := DownloadCLI()
-		if err != nil {
-			fmt.Printf("failed to initialize CLI downloader: %v\n", err)
-		}
-
-		ScheduleCLIUpdater()
-	})
-}
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -72,7 +71,7 @@ func (c *ApiController) GetEnforcers() {
 // @Tag Enforcer API
 // @Description get enforcer
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Success 200 {object} object.Enforcer
+// @Success 200 {object} object
 // @router /get-enforcer [get]
 func (c *ApiController) GetEnforcer() {
 	id := c.Input().Get("id")
@@ -84,7 +83,7 @@ func (c *ApiController) GetEnforcer() {
 		return
 	}

-	if loadModelCfg == "true" && enforcer.Model != "" {
+	if loadModelCfg == "true" {
 		err := enforcer.LoadModelCfg()
 		if err != nil {
 			return
@@ -100,7 +99,7 @@ func (c *ApiController) GetEnforcer() {
 // @Description update enforcer
 // @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
 // @Param   enforcer     body    object  true        "The enforcer object"
-// @Success 200 {object} object.Enforcer
+// @Success 200 {object} object
 // @router /update-enforcer [post]
 func (c *ApiController) UpdateEnforcer() {
 	id := c.Input().Get("id")
@@ -121,7 +120,7 @@ func (c *ApiController) UpdateEnforcer() {
 // @Tag Enforcer API
 // @Description add enforcer
 // @Param   enforcer     body    object  true        "The enforcer object"
-// @Success 200 {object} object.Enforcer
+// @Success 200 {object} object
 // @router /add-enforcer [post]
 func (c *ApiController) AddEnforcer() {
 	enforcer := object.Enforcer{}
@@ -139,8 +138,8 @@ func (c *ApiController) AddEnforcer() {
 // @Title DeleteEnforcer
 // @Tag Enforcer API
 // @Description delete enforcer
-// @Param   body    body    object.Enforcer  true      "The enforcer object"
-// @Success 200 {object} object.Enforcer
+// @Param   body    body    object.Enforce  true      "The enforcer object"
+// @Success 200 {object} object
 // @router /delete-enforcer [post]
 func (c *ApiController) DeleteEnforcer() {
 	var enforcer object.Enforcer
@@ -164,17 +163,11 @@ func (c *ApiController) GetPolicies() {
 			c.ResponseError(err.Error())
 			return
 		}
-		if adapter == nil {
-			c.ResponseError(fmt.Sprintf(c.T("enforcer:the adapter: %s is not found"), adapterId))
-			return
-		}
-
 		err = adapter.InitAdapter()
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-
 		c.ResponseOk()
 		return
 	}
@@ -198,7 +191,7 @@ func (c *ApiController) UpdatePolicy() {
 		return
 	}

-	affected, err := object.UpdatePolicy(id, policies[0].Ptype, util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]))
+	affected, err := object.UpdatePolicy(id, util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -217,7 +210,7 @@ func (c *ApiController) AddPolicy() {
 		return
 	}

-	affected, err := object.AddPolicy(id, policy.Ptype, util.CasbinToSlice(policy))
+	affected, err := object.AddPolicy(id, util.CasbinToSlice(policy))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -236,7 +229,7 @@ func (c *ApiController) RemovePolicy() {
 		return
 	}

-	affected, err := object.RemovePolicy(id, policy.Ptype, util.CasbinToSlice(policy))
+	affected, err := object.RemovePolicy(id, util.CasbinToSlice(policy))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/face.go
+++ b/controllers/face.go
@@ -1,55 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Casdoor will expose its providers as services to SDK
-// We are going to implement those services as APIs here
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// FaceIDSigninBegin
-// @Title FaceIDSigninBegin
-// @Tag Login API
-// @Description FaceId Login Flow 1st stage
-// @Param   owner     query    string  true        "owner"
-// @Param   name     query    string  true        "name"
-// @Success 200 {object} controllers.Response The Response object
-// @router /faceid-signin-begin [get]
-func (c *ApiController) FaceIDSigninBegin() {
-	userOwner := c.Input().Get("owner")
-	userName := c.Input().Get("name")
-
-	user, err := object.GetUserByFields(userOwner, userName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-		return
-	}
-
-	if len(user.FaceIds) == 0 {
-		c.ResponseError(c.T("check:Face data does not exist, cannot log in"))
-		return
-	}
-
-	c.ResponseOk()
-}
--- a/controllers/get-dashboard.go
+++ b/controllers/get-dashboard.go
@@ -1,4 +1,4 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -18,14 +18,12 @@ import "github.com/casdoor/casdoor/object"

 // GetDashboard
 // @Title GetDashboard
-// @Tag System API
+// @Tag GetDashboard API
 // @Description get information of dashboard
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-dashboard [get]
 func (c *ApiController) GetDashboard() {
-	owner := c.Input().Get("owner")
-
-	data, err := object.GetDashboard(owner)
+	data, err := object.GetDashboard()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/group.go
+++ b/controllers/group.go
@@ -15,7 +15,6 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -44,20 +43,13 @@ func (c *ApiController) GetGroups() {
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
+		} else {
+			if withTree == "true" {
+				c.ResponseOk(object.ConvertToTreeData(groups, owner))
+				return
+			}
+			c.ResponseOk(groups)
 		}
-
-		err = object.ExtendGroupsWithUsers(groups)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if withTree == "true" {
-			c.ResponseOk(object.ConvertToTreeData(groups, owner))
-			return
-		}
-
-		c.ResponseOk(groups)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGroupCount(owner, field, value)
@@ -71,33 +63,9 @@ func (c *ApiController) GetGroups() {
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
+		} else {
+			c.ResponseOk(groups, paginator.Nums())
 		}
-		groupsHaveChildrenMap, err := object.GetGroupsHaveChildrenMap(groups)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		for _, group := range groups {
-			_, ok := groupsHaveChildrenMap[group.GetId()]
-			if ok {
-				group.HaveChildren = true
-			}
-
-			parent, ok := groupsHaveChildrenMap[fmt.Sprintf("%s/%s", group.Owner, group.ParentId)]
-			if ok {
-				group.ParentName = parent.DisplayName
-			}
-		}
-
-		err = object.ExtendGroupsWithUsers(groups)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(groups, paginator.Nums())
-
 	}
 }

@@ -116,13 +84,6 @@ func (c *ApiController) GetGroup() {
 		c.ResponseError(err.Error())
 		return
 	}
-
-	err = object.ExtendGroupWithUsers(group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.ResponseOk(group)
 }

--- a/controllers/group_upload.go
+++ b/controllers/group_upload.go
@@ -1,56 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadGroups() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
-
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadGroups(owner, path)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("general:Failed to import groups"))
-	}
-}
--- a/controllers/invitation.go
+++ b/controllers/invitation.go
@@ -1,190 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetInvitations
-// @Title GetInvitations
-// @Tag Invitation API
-// @Description get invitations
-// @Param   owner     query    string  true        "The owner of invitations"
-// @Success 200 {array} object.Invitation The Response object
-// @router /get-invitations [get]
-func (c *ApiController) GetInvitations() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		invitations, err := object.GetInvitations(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(invitations)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetInvitationCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		invitations, err := object.GetPaginationInvitations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(invitations, paginator.Nums())
-	}
-}
-
-// GetInvitation
-// @Title GetInvitation
-// @Tag Invitation API
-// @Description get invitation
-// @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
-// @Success 200 {object} object.Invitation The Response object
-// @router /get-invitation [get]
-func (c *ApiController) GetInvitation() {
-	id := c.Input().Get("id")
-
-	invitation, err := object.GetInvitation(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(invitation)
-}
-
-// GetInvitationCodeInfo
-// @Title GetInvitationCodeInfo
-// @Tag Invitation API
-// @Description get invitation code information
-// @Param   code     query    string  true        "Invitation code"
-// @Success 200 {object} object.Invitation The Response object
-// @router /get-invitation-info [get]
-func (c *ApiController) GetInvitationCodeInfo() {
-	code := c.Input().Get("code")
-	applicationId := c.Input().Get("applicationId")
-
-	application, err := object.GetApplication(applicationId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	invitation, msg := object.GetInvitationByCode(code, application.Organization, c.GetAcceptLanguage())
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedInvitation(invitation))
-}
-
-// UpdateInvitation
-// @Title UpdateInvitation
-// @Tag Invitation API
-// @Description update invitation
-// @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
-// @Param   body    body   object.Invitation  true        "The details of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-invitation [post]
-func (c *ApiController) UpdateInvitation() {
-	id := c.Input().Get("id")
-
-	var invitation object.Invitation
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateInvitation(id, &invitation, c.GetAcceptLanguage()))
-	c.ServeJSON()
-}
-
-// AddInvitation
-// @Title AddInvitation
-// @Tag Invitation API
-// @Description add invitation
-// @Param   body    body   object.Invitation  true        "The details of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-invitation [post]
-func (c *ApiController) AddInvitation() {
-	var invitation object.Invitation
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddInvitation(&invitation, c.GetAcceptLanguage()))
-	c.ServeJSON()
-}
-
-// DeleteInvitation
-// @Title DeleteInvitation
-// @Tag Invitation API
-// @Description delete invitation
-// @Param   body    body   object.Invitation  true        "The details of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-invitation [post]
-func (c *ApiController) DeleteInvitation() {
-	var invitation object.Invitation
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteInvitation(&invitation))
-	c.ServeJSON()
-}
-
-// VerifyInvitation
-// @Title VerifyInvitation
-// @Tag Invitation API
-// @Description verify invitation
-// @Param   id     query    string  true        "The id ( owner/name ) of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /verify-invitation [get]
-func (c *ApiController) VerifyInvitation() {
-	id := c.Input().Get("id")
-
-	payment, attachInfo, err := object.VerifyInvitation(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment, attachInfo)
-}
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -27,10 +27,10 @@ type LdapResp struct {
 	ExistUuids []string          `json:"existUuids"`
 }

-// type LdapRespGroup struct {
+//type LdapRespGroup struct {
 //	GroupId   string
 //	GroupName string
-// }
+//}

 type LdapSyncResp struct {
 	Exist  []object.LdapUser `json:"exist"`
@@ -42,7 +42,7 @@ type LdapSyncResp struct {
 // @Tag Account API
 // @Description get ldap users
 // Param	id	string	true	"id"
-// @Success 200 {object} controllers.LdapResp The Response object
+// @Success 200 {object} LdapResp The Response object
 // @router /get-ldap-users [get]
 func (c *ApiController) GetLdapUsers() {
 	id := c.Input().Get("id")
@@ -59,20 +59,19 @@ func (c *ApiController) GetLdapUsers() {
 		c.ResponseError(err.Error())
 		return
 	}
-	defer conn.Close()

-	// groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
-	// if err != nil {
+	//groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
+	//if err != nil {
 	//  c.ResponseError(err.Error())
 	//	return
-	// }
+	//}

-	// for _, group := range groupsMap {
+	//for _, group := range groupsMap {
 	//	resp.Groups = append(resp.Groups, LdapRespGroup{
 	//		GroupId:   group.GidNumber,
 	//		GroupName: group.Cn,
 	//	})
-	// }
+	//}

 	users, err := conn.GetLdapUsers(ldapServer)
 	if err != nil {
@@ -250,7 +249,7 @@ func (c *ApiController) DeleteLdap() {
 // @Tag Account API
 // @Description sync ldap users
 // @Param	id	query	string		true	"id"
-// @Success 200 {object} controllers.LdapSyncResp The Response object
+// @Success 200 {object} LdapSyncResp The Response object
 // @router /sync-ldap-users [post]
 func (c *ApiController) SyncLdapUsers() {
 	id := c.Input().Get("id")
@@ -269,11 +268,7 @@ func (c *ApiController) SyncLdapUsers() {
 		return
 	}

-	exist, failed, err := object.SyncLdapUsers(owner, users, ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	exist, failed, _ := object.SyncLdapUsers(owner, users, ldapId)

 	c.ResponseOk(&LdapSyncResp{
 		Exist:  exist,
--- a/controllers/link.go
+++ b/controllers/link.go
@@ -26,10 +26,8 @@ type LinkForm struct {
 }

 // Unlink ...
-// @Tag Login API
-// @Title Unlink
 // @router /unlink [post]
-// @Success 200 {object} object.Userinfo The Response object
+// @Tag Login API
 func (c *ApiController) Unlink() {
 	user, ok := c.RequireSignedInUser()
 	if !ok {
@@ -47,19 +45,20 @@ func (c *ApiController) Unlink() {
 	// the user will be unlinked from the provider
 	unlinkedUser := form.User

-	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin() {
+	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
 		c.ResponseError(c.T("link:You are not the global admin, you can't unlink other users"))
 		return
 	}

-	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin() {
+	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
 		application, err := object.GetApplicationByUser(user)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
+
 		if application == nil {
 			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@@ -19,7 +19,6 @@ import (

 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
-	"github.com/google/uuid"
 )

 // MfaSetupInitiate
@@ -58,22 +57,12 @@ func (c *ApiController) MfaSetupInitiate() {
 		return
 	}

-	organization, err := object.GetOrganizationByUser(user)
+	mfaProps, err := MfaUtil.Initiate(c.Ctx, user.GetId())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	mfaProps, err := MfaUtil.Initiate(user.GetId())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	recoveryCode := uuid.NewString()
-	mfaProps.RecoveryCodes = []string{recoveryCode}
-	mfaProps.MfaRememberInHours = organization.MfaRememberInHours
-
 	resp := mfaProps
 	c.ResponseOk(resp)
 }
@@ -84,55 +73,23 @@ func (c *ApiController) MfaSetupInitiate() {
 // @Description setup verify totp
 // @param	secret		form	string	true	"MFA secret"
 // @param	passcode	form 	string 	true	"MFA passcode"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response object
 // @router /mfa/setup/verify [post]
 func (c *ApiController) MfaSetupVerify() {
 	mfaType := c.Ctx.Request.Form.Get("mfaType")
 	passcode := c.Ctx.Request.Form.Get("passcode")
-	secret := c.Ctx.Request.Form.Get("secret")
-	dest := c.Ctx.Request.Form.Get("dest")
-	countryCode := c.Ctx.Request.Form.Get("countryCode")

 	if mfaType == "" || passcode == "" {
 		c.ResponseError("missing auth type or passcode")
 		return
 	}
-
-	config := &object.MfaProps{
-		MfaType: mfaType,
-	}
-	if mfaType == object.TotpType {
-		if secret == "" {
-			c.ResponseError("totp secret is missing")
-			return
-		}
-		config.Secret = secret
-	} else if mfaType == object.SmsType {
-		if dest == "" {
-			c.ResponseError("destination is missing")
-			return
-		}
-		config.Secret = dest
-		if countryCode == "" {
-			c.ResponseError("country code is missing")
-			return
-		}
-		config.CountryCode = countryCode
-	} else if mfaType == object.EmailType {
-		if dest == "" {
-			c.ResponseError("destination is missing")
-			return
-		}
-		config.Secret = dest
-	}
-
-	mfaUtil := object.GetMfaUtil(mfaType, config)
+	mfaUtil := object.GetMfaUtil(mfaType, nil)
 	if mfaUtil == nil {
 		c.ResponseError("Invalid multi-factor authentication type")
 		return
 	}

-	err := mfaUtil.SetupVerify(passcode)
+	err := mfaUtil.SetupVerify(c.Ctx, passcode)
 	if err != nil {
 		c.ResponseError(err.Error())
 	} else {
@@ -147,16 +104,12 @@ func (c *ApiController) MfaSetupVerify() {
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param type	form	string	true	"MFA auth type"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response object
 // @router /mfa/setup/enable [post]
 func (c *ApiController) MfaSetupEnable() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	mfaType := c.Ctx.Request.Form.Get("mfaType")
-	secret := c.Ctx.Request.Form.Get("secret")
-	dest := c.Ctx.Request.Form.Get("dest")
-	countryCode := c.Ctx.Request.Form.Get("secret")
-	recoveryCodes := c.Ctx.Request.Form.Get("recoveryCodes")

 	user, err := object.GetUser(util.GetId(owner, name))
 	if err != nil {
@@ -169,52 +122,13 @@ func (c *ApiController) MfaSetupEnable() {
 		return
 	}

-	config := &object.MfaProps{
-		MfaType: mfaType,
-	}
-
-	if mfaType == object.TotpType {
-		if secret == "" {
-			c.ResponseError("totp secret is missing")
-			return
-		}
-		config.Secret = secret
-	} else if mfaType == object.EmailType {
-		if user.Email == "" {
-			if dest == "" {
-				c.ResponseError("destination is missing")
-				return
-			}
-			user.Email = dest
-		}
-	} else if mfaType == object.SmsType {
-		if user.Phone == "" {
-			if dest == "" {
-				c.ResponseError("destination is missing")
-				return
-			}
-			user.Phone = dest
-			if countryCode == "" {
-				c.ResponseError("country code is missing")
-				return
-			}
-			user.CountryCode = countryCode
-		}
-	}
-
-	if recoveryCodes == "" {
-		c.ResponseError("recovery codes is missing")
-		return
-	}
-	config.RecoveryCodes = []string{recoveryCodes}
-
-	mfaUtil := object.GetMfaUtil(mfaType, config)
+	mfaUtil := object.GetMfaUtil(mfaType, nil)
 	if mfaUtil == nil {
 		c.ResponseError("Invalid multi-factor authentication type")
 		return
 	}

-	err = mfaUtil.Enable(user)
+	err = mfaUtil.Enable(c.Ctx, user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -229,7 +143,7 @@ func (c *ApiController) MfaSetupEnable() {
 // @Description: Delete MFA
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response object
 // @router /delete-mfa/ [post]
 func (c *ApiController) DeleteMfa() {
 	owner := c.Ctx.Request.Form.Get("owner")
@@ -262,7 +176,7 @@ func (c *ApiController) DeleteMfa() {
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param id	form	string	true	"id of user's MFA props"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response object
 // @router /set-preferred-mfa [post]
 func (c *ApiController) SetPreferredMfa() {
 	mfaType := c.Ctx.Request.Form.Get("mfaType")
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@@ -14,11 +14,7 @@

 package controllers

-import (
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-)
+import "github.com/casdoor/casdoor/object"

 // GetOidcDiscovery
 // @Title GetOidcDiscovery
@@ -46,31 +42,3 @@ func (c *RootController) GetJwks() {
 	c.Data["json"] = jwks
 	c.ServeJSON()
 }
-
-// GetWebFinger
-// @Title GetWebFinger
-// @Tag OIDC API
-// @Param resource query string true "resource"
-// @Success 200 {object} object.WebFinger
-// @router /.well-known/webfinger [get]
-func (c *RootController) GetWebFinger() {
-	resource := c.Input().Get("resource")
-	rels := []string{}
-	host := c.Ctx.Request.Host
-
-	for key, value := range c.Input() {
-		if strings.HasPrefix(key, "rel") {
-			rels = append(rels, value...)
-		}
-	}
-
-	webfinger, err := object.GetWebFinger(resource, rels, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = webfinger
-	c.Ctx.Output.ContentType("application/jrd+json")
-	c.ServeJSON()
-}
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -41,12 +41,13 @@ func (c *ApiController) GetOrganizations() {

 	isGlobalAdmin := c.IsGlobalAdmin()
 	if limit == "" || page == "" {
-		var organizations []*object.Organization
+		var maskedOrganizations []*object.Organization
 		var err error
+
 		if isGlobalAdmin {
-			organizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner))
+			maskedOrganizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner))
 		} else {
-			organizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
+			maskedOrganizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
 		}

 		if err != nil {
@@ -54,18 +55,18 @@ func (c *ApiController) GetOrganizations() {
 			return
 		}

-		c.ResponseOk(organizations)
+		c.ResponseOk(maskedOrganizations)
 	} else {
 		if !isGlobalAdmin {
-			organizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
+			maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
-			c.ResponseOk(organizations)
+			c.ResponseOk(maskedOrganizations)
 		} else {
 			limit := util.ParseInt(limit)
-			count, err := object.GetOrganizationCount(owner, organizationName, field, value)
+			count, err := object.GetOrganizationCount(owner, field, value)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -92,17 +93,13 @@ func (c *ApiController) GetOrganizations() {
 // @router /get-organization [get]
 func (c *ApiController) GetOrganization() {
 	id := c.Input().Get("id")
-	organization, err := object.GetMaskedOrganization(object.GetOrganization(id))
+	maskedOrganization, err := object.GetMaskedOrganization(object.GetOrganization(id))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	if organization != nil && organization.MfaRememberInHours == 0 {
-		organization.MfaRememberInHours = 12
-	}
-
-	c.ResponseOk(organization)
+	c.ResponseOk(maskedOrganization)
 }

 // UpdateOrganization ...
@@ -123,14 +120,7 @@ func (c *ApiController) UpdateOrganization() {
 		return
 	}

-	if err = object.CheckIpWhitelist(organization.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isGlobalAdmin, _ := c.isGlobalAdmin()
-
-	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization, isGlobalAdmin))
+	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization))
 	c.ServeJSON()
 }

@@ -149,7 +139,7 @@ func (c *ApiController) AddOrganization() {
 		return
 	}

-	count, err := object.GetOrganizationCount("", "", "", "")
+	count, err := object.GetOrganizationCount("", "", "")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -160,11 +150,6 @@ func (c *ApiController) AddOrganization() {
 		return
 	}

-	if err = object.CheckIpWhitelist(organization.IpWhitelist, c.GetAcceptLanguage()); err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.AddOrganization(&organization))
 	c.ServeJSON()
 }
@@ -193,7 +178,7 @@ func (c *ApiController) DeleteOrganization() {
 // @Tag Organization API
 // @Description get default application
 // @Param   id     query    string  true        "organization id"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}  Response The Response object
 // @router /get-default-application [get]
 func (c *ApiController) GetDefaultApplication() {
 	userId := c.GetSessionUsername()
@@ -205,8 +190,8 @@ func (c *ApiController) GetDefaultApplication() {
 		return
 	}

-	application = object.GetMaskedApplication(application, userId)
-	c.ResponseOk(application)
+	maskedApplication := object.GetMaskedApplication(application, userId)
+	c.ResponseOk(maskedApplication)
 }

 // GetOrganizationNames ...
--- a/controllers/payment.go
+++ b/controllers/payment.go
@@ -176,10 +176,11 @@ func (c *ApiController) DeletePayment() {
 func (c *ApiController) NotifyPayment() {
 	owner := c.Ctx.Input.Param(":owner")
 	paymentName := c.Ctx.Input.Param(":payment")
+	orderId := c.Ctx.Input.Param("order")

 	body := c.Ctx.Input.RequestBody

-	payment, err := object.NotifyPayment(body, owner, paymentName)
+	payment, err := object.NotifyPayment(c.Ctx.Request, body, owner, paymentName, orderId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/permission_upload.go
+++ b/controllers/permission_upload.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"fmt"
-	"os"

 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -33,15 +32,16 @@ func (c *ApiController) UploadPermissions() {
 	}

 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
+
 	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
+	util.EnsureFileFolderExists(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	affected, err := object.UploadPermissions(owner, path)
+	affected, err := object.UploadPermissions(owner, fileId)
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
@@ -49,6 +49,6 @@ func (c *ApiController) UploadPermissions() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
+		c.ResponseError(c.T("user_upload:Failed to import users"))
 	}
 }
--- a/controllers/plan.go
+++ b/controllers/plan.go
@@ -83,7 +83,7 @@ func (c *ApiController) GetPlan() {
 		return
 	}

-	if plan != nil && includeOption {
+	if includeOption {
 		options, err := object.GetPermissionsByRole(plan.Role)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -93,9 +93,11 @@ func (c *ApiController) GetPlan() {
 		for _, option := range options {
 			plan.Options = append(plan.Options, option.DisplayName)
 		}
-	}

-	c.ResponseOk(plan)
+		c.ResponseOk(plan)
+	} else {
+		c.ResponseOk(plan)
+	}
 }

 // UpdatePlan
@@ -108,29 +110,14 @@ func (c *ApiController) GetPlan() {
 // @router /update-plan [post]
 func (c *ApiController) UpdatePlan() {
 	id := c.Input().Get("id")
-	owner := util.GetOwnerFromId(id)
+
 	var plan object.Plan
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if plan.Product != "" {
-		productId := util.GetId(owner, plan.Product)
-		product, err := object.GetProduct(productId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if product != nil {
-			object.UpdateProductForPlan(&plan, product)
-			_, err = object.UpdateProduct(productId, product)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-	}
+
 	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))
 	c.ServeJSON()
 }
@@ -149,14 +136,7 @@ func (c *ApiController) AddPlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-	// Create a related product for plan
-	product := object.CreateProductForPlan(&plan)
-	_, err = object.AddProduct(product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	plan.Product = product.Name
+
 	c.Data["json"] = wrapActionResponse(object.AddPlan(&plan))
 	c.ServeJSON()
 }
@@ -175,13 +155,7 @@ func (c *ApiController) DeletePlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-	if plan.Product != "" {
-		_, err = object.DeleteProduct(&object.Product{Owner: plan.Owner, Name: plan.Product})
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
+
 	c.Data["json"] = wrapActionResponse(object.DeletePlan(&plan))
 	c.ServeJSON()
 }
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -17,7 +17,6 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
-	"strconv"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -162,33 +161,10 @@ func (c *ApiController) DeleteProduct() {
 // @router /buy-product [post]
 func (c *ApiController) BuyProduct() {
 	id := c.Input().Get("id")
-	host := c.Ctx.Request.Host
 	providerName := c.Input().Get("providerName")
-	paymentEnv := c.Input().Get("paymentEnv")
-	customPriceStr := c.Input().Get("customPrice")
-	if customPriceStr == "" {
-		customPriceStr = "0"
-	}
+	host := c.Ctx.Request.Host

-	customPrice, err := strconv.ParseFloat(customPriceStr, 64)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	// buy `pricingName/planName` for `paidUserName`
-	pricingName := c.Input().Get("pricingName")
-	planName := c.Input().Get("planName")
-	paidUserName := c.Input().Get("userName")
-	owner, _ := util.GetOwnerAndNameFromId(id)
-	userId := util.GetId(owner, paidUserName)
-	if paidUserName != "" && paidUserName != c.GetSessionUsername() && !c.IsAdmin() {
-		c.ResponseError(c.T("general:Only admin user can specify user"))
-		return
-	}
-	if paidUserName == "" {
-		userId = c.GetSessionUsername()
-	}
+	userId := c.GetSessionUsername()
 	if userId == "" {
 		c.ResponseError(c.T("general:Please login first"))
 		return
@@ -199,16 +175,17 @@ func (c *ApiController) BuyProduct() {
 		c.ResponseError(err.Error())
 		return
 	}
+
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}

-	payment, attachInfo, err := object.BuyProduct(id, user, providerName, pricingName, planName, host, paymentEnv, customPrice)
+	payUrl, orderId, err := object.BuyProduct(id, providerName, user, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.ResponseOk(payment, attachInfo)
+	c.ResponseOk(payUrl, orderId)
 }
--- a/controllers/prometheus.go
+++ b/controllers/prometheus.go
@@ -20,7 +20,7 @@ import (

 // GetPrometheusInfo
 // @Title GetPrometheusInfo
-// @Tag System API
+// @Tag Prometheus API
 // @Description get Prometheus Info
 // @Success 200 {object} object.PrometheusInfo The Response object
 // @router /get-prometheus-info [get]
--- a/controllers/provider.go
+++ b/controllers/provider.go
@@ -141,20 +141,6 @@ func (c *ApiController) GetProvider() {
 	c.ResponseOk(object.GetMaskedProvider(provider, isMaskEnabled))
 }

-func (c *ApiController) requireProviderPermission(provider *object.Provider) bool {
-	isGlobalAdmin, user := c.isGlobalAdmin()
-	if isGlobalAdmin {
-		return true
-	}
-
-	if provider.Owner == "admin" || user.Owner != provider.Owner {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return false
-	}
-
-	return true
-}
-
 // UpdateProvider
 // @Title UpdateProvider
 // @Tag Provider API
@@ -173,11 +159,6 @@ func (c *ApiController) UpdateProvider() {
 		return
 	}

-	ok := c.requireProviderPermission(&provider)
-	if !ok {
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.UpdateProvider(id, &provider))
 	c.ServeJSON()
 }
@@ -203,17 +184,11 @@ func (c *ApiController) AddProvider() {
 		return
 	}

-	err = checkQuotaForProvider(int(count))
-	if err != nil {
+	if err := checkQuotaForProvider(int(count)); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	ok := c.requireProviderPermission(&provider)
-	if !ok {
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.AddProvider(&provider))
 	c.ServeJSON()
 }
@@ -233,11 +208,6 @@ func (c *ApiController) DeleteProvider() {
 		return
 	}

-	ok := c.requireProviderPermission(&provider)
-	if !ok {
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.DeleteProvider(&provider))
 	c.ServeJSON()
 }
--- a/controllers/record.go
+++ b/controllers/record.go
@@ -17,8 +17,6 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"
-
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -59,7 +57,7 @@ func (c *ApiController) GetRecords() {
 		if c.IsGlobalAdmin() && organizationName != "" {
 			organization = organizationName
 		}
-		filterRecord := &casvisorsdk.Record{Organization: organization}
+		filterRecord := &object.Record{Organization: organization}
 		count, err := object.GetRecordCount(field, value, filterRecord)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -85,14 +83,9 @@ func (c *ApiController) GetRecords() {
 // @Success 200 {object} object.Record The Response object
 // @router /get-records-filter [post]
 func (c *ApiController) GetRecordsByFilter() {
-	_, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
 	body := string(c.Ctx.Input.RequestBody)

-	record := &casvisorsdk.Record{}
+	record := &object.Record{}
 	err := util.JsonToStruct(body, record)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -116,7 +109,7 @@ func (c *ApiController) GetRecordsByFilter() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-record [post]
 func (c *ApiController) AddRecord() {
-	var record casvisorsdk.Record
+	var record object.Record
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &record)
 	if err != nil {
 		c.ResponseError(err.Error())
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -52,15 +52,6 @@ func (c *ApiController) GetResources() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")

-	isOrgAdmin, ok := c.IsOrgAdmin()
-	if !ok {
-		return
-	}
-
-	if isOrgAdmin {
-		user = ""
-	}
-
 	if sortField == "Direct" {
 		provider, err := c.GetProviderFromContext("Storage")
 		if err != nil {
@@ -257,7 +248,7 @@ func (c *ApiController) UploadResource() {
 		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
 	}

-	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 450)
+	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
 	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
 		ext := filepath.Ext(filepath.Base(fullFilePath))
 		index := len(fullFilePath) - len(ext)
@@ -281,11 +272,6 @@ func (c *ApiController) UploadResource() {
 		return
 	}

-	if username == "Built-in-Untracked" {
-		c.ResponseOk(fileUrl, objectKey)
-		return
-	}
-
 	if createdTime == "" {
 		createdTime = util.GetCurrentTime()
 	}
--- a/controllers/role_upload.go
+++ b/controllers/role_upload.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"fmt"
-	"os"

 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -33,15 +32,16 @@ func (c *ApiController) UploadRoles() {
 	}

 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
+
 	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
+	util.EnsureFileFolderExists(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	affected, err := object.UploadRoles(owner, path)
+	affected, err := object.UploadRoles(owner, fileId)
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
@@ -49,6 +49,6 @@ func (c *ApiController) UploadRoles() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
+		c.ResponseError(c.T("user_upload:Failed to import users"))
 	}
 }
--- a/controllers/saml.go
+++ b/controllers/saml.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"fmt"
-	"net/http"

 	"github.com/casdoor/casdoor/object"
 )
@@ -34,33 +33,7 @@ func (c *ApiController) GetSamlMeta() {
 		c.ResponseError(fmt.Sprintf(c.T("saml:Application %s not found"), paramApp))
 		return
 	}
-
-	enablePostBinding, err := c.GetBool("enablePostBinding", false)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	metadata, err := object.GetSamlMeta(application, host, enablePostBinding)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	metadata, _ := object.GetSamlMeta(application, host)
 	c.Data["xml"] = metadata
 	c.ServeXML()
 }
-
-func (c *ApiController) HandleSamlRedirect() {
-	host := c.Ctx.Request.Host
-
-	owner := c.Ctx.Input.Param(":owner")
-	application := c.Ctx.Input.Param(":application")
-
-	relayState := c.Input().Get("RelayState")
-	samlRequest := c.Input().Get("SAMLRequest")
-
-	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host)
-
-	c.Redirect(targetURL, http.StatusSeeOther)
-}
--- a/controllers/scim.go
+++ b/controllers/scim.go
@@ -1,32 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"strings"
-
-	"github.com/casdoor/casdoor/scim"
-)
-
-func (c *RootController) HandleScim() {
-	_, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
-	path := c.Ctx.Request.URL.Path
-	c.Ctx.Request.URL.Path = strings.TrimPrefix(path, "/scim")
-	scim.Server.ServeHTTP(c.Ctx.ResponseWriter, c.Ctx.Request)
-}
--- a/controllers/service.go
+++ b/controllers/service.go
@@ -27,12 +27,11 @@ import (
 )

 type EmailForm struct {
-	Title          string          `json:"title"`
-	Content        string          `json:"content"`
-	Sender         string          `json:"sender"`
-	Receivers      []string        `json:"receivers"`
-	Provider       string          `json:"provider"`
-	ProviderObject object.Provider `json:"providerObject"`
+	Title     string   `json:"title"`
+	Content   string   `json:"content"`
+	Sender    string   `json:"sender"`
+	Receivers []string `json:"receivers"`
+	Provider  string   `json:"provider"`
 }

 type SmsForm struct {
@@ -41,10 +40,6 @@ type SmsForm struct {
 	OrgId     string   `json:"organizationId"` // e.g. "admin/built-in"
 }

-type NotificationForm struct {
-	Content string `json:"content"`
-}
-
 // SendEmail
 // @Title SendEmail
 // @Tag Service API
@@ -52,15 +47,11 @@ type NotificationForm struct {
 // @Param   clientId    query    string  true        "The clientId of the application"
 // @Param   clientSecret    query    string  true    "The clientSecret of the application"
 // @Param   from    body   controllers.EmailForm    true         "Details of the email request"
-// @Success 200 {object} controllers.Response The Response object
-// @router /send-email [post]
+// @Success 200 {object}  Response object
+// @router /api/send-email [post]
 func (c *ApiController) SendEmail() {
-	userId, ok := c.RequireSignedIn()
-	if !ok {
-		return
-	}
-
 	var emailForm EmailForm
+
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &emailForm)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -75,6 +66,7 @@ func (c *ApiController) SendEmail() {
 			c.ResponseError(err.Error())
 			return
 		}
+
 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
 		provider, err = c.GetProviderFromContext("Email")
@@ -84,16 +76,9 @@ func (c *ApiController) SendEmail() {
 		}
 	}

-	if emailForm.ProviderObject.Name != "" {
-		if emailForm.ProviderObject.ClientSecret == "***" {
-			emailForm.ProviderObject.ClientSecret = provider.ClientSecret
-		}
-		provider = &emailForm.ProviderObject
-	}
-
 	// when receiver is the reserved keyword: "TestSmtpServer", it means to test the SMTP server instead of sending a real Email
 	if len(emailForm.Receivers) == 1 && emailForm.Receivers[0] == "TestSmtpServer" {
-		err = object.TestSmtpServer(provider)
+		err := object.DailSmtpServer(provider)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -118,31 +103,9 @@ func (c *ApiController) SendEmail() {
 		return
 	}

-	content := emailForm.Content
-	if content == "" {
-		content = provider.Content
-	}
-
 	code := "123456"
 	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
-	content = strings.Replace(content, "%s", code, 1)
-	userString := "Hi"
-	if !object.IsAppUser(userId) {
-		var user *object.User
-		user, err = object.GetUser(userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if user != nil {
-			userString = user.GetFriendlyName()
-		}
-	}
-	content = strings.Replace(content, "%{user.friendlyName}", userString, 1)
-
-	matchContent := object.ResetLinkReg.Find([]byte(content))
-	content = strings.Replace(content, string(matchContent), "", -1)
-
+	content := fmt.Sprintf(emailForm.Content, code)
 	for _, receiver := range emailForm.Receivers {
 		err = object.SendEmail(provider, emailForm.Title, content, receiver, emailForm.Sender)
 		if err != nil {
@@ -161,8 +124,8 @@ func (c *ApiController) SendEmail() {
 // @Param   clientId    query    string  true        "The clientId of the application"
 // @Param   clientSecret    query    string  true    "The clientSecret of the application"
 // @Param   from    body   controllers.SmsForm    true           "Details of the sms request"
-// @Success 200 {object} controllers.Response The Response object
-// @router /send-sms [post]
+// @Success 200 {object}  Response object
+// @router /api/send-sms [post]
 func (c *ApiController) SendSms() {
 	provider, err := c.GetProviderFromContext("SMS")
 	if err != nil {
@@ -193,33 +156,3 @@ func (c *ApiController) SendSms() {

 	c.ResponseOk()
 }
-
-// SendNotification
-// @Title SendNotification
-// @Tag Service API
-// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
-// @Param   from    body   controllers.NotificationForm    true         "Details of the notification request"
-// @Success 200 {object} controllers.Response The Response object
-// @router /send-notification [post]
-func (c *ApiController) SendNotification() {
-	provider, err := c.GetProviderFromContext("Notification")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var notificationForm NotificationForm
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &notificationForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.SendNotification(provider, notificationForm.Content)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@@ -40,13 +40,13 @@ func (c *ApiController) GetSyncers() {
 	organization := c.Input().Get("organization")

 	if limit == "" || page == "" {
-		syncers, err := object.GetMaskedSyncers(object.GetOrganizationSyncers(owner, organization))
+		organizationSyncers, err := object.GetOrganizationSyncers(owner, organization)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		c.ResponseOk(syncers)
+		c.ResponseOk(organizationSyncers)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetSyncerCount(owner, organization, field, value)
@@ -56,7 +56,7 @@ func (c *ApiController) GetSyncers() {
 		}

 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		syncers, err := object.GetMaskedSyncers(object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		syncers, err := object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -76,7 +76,7 @@ func (c *ApiController) GetSyncers() {
 func (c *ApiController) GetSyncer() {
 	id := c.Input().Get("id")

-	syncer, err := object.GetMaskedSyncer(object.GetSyncer(id))
+	syncer, err := object.GetSyncer(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -160,28 +160,7 @@ func (c *ApiController) RunSyncer() {
 		return
 	}

-	err = object.RunSyncer(syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
-
-func (c *ApiController) TestSyncerDb() {
-	var syncer object.Syncer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.TestSyncerDb(syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.RunSyncer(syncer)

 	c.ResponseOk()
 }
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@@ -46,22 +46,15 @@ func (c *ApiController) GetSystemInfo() {
 // @Success 200 {object} util.VersionInfo The Response object
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
-	errInfo := ""
 	versionInfo, err := util.GetVersionInfo()
-	if err != nil {
-		errInfo = "Git error: " + err.Error()
-	}

-	if versionInfo.Version != "" {
-		c.ResponseOk(versionInfo)
-		return
-	}
+	if versionInfo.Version == "" {
+		versionInfo, err = util.GetVersionInfoFromFile()

-	versionInfo, err = util.GetVersionInfoFromFile()
-	if err != nil {
-		errInfo = errInfo + ", File error: " + err.Error()
-		c.ResponseError(errInfo)
-		return
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
 	}

 	c.ResponseOk(versionInfo)
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -16,8 +16,6 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"
-	"time"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -160,116 +158,46 @@ func (c *ApiController) DeleteToken() {
 // @Success 401 {object} object.TokenError The Response object
 // @router /login/oauth/access_token [post]
 func (c *ApiController) GetOAuthToken() {
+	grantType := c.Input().Get("grant_type")
+	refreshToken := c.Input().Get("refresh_token")
 	clientId := c.Input().Get("client_id")
 	clientSecret := c.Input().Get("client_secret")
-	grantType := c.Input().Get("grant_type")
 	code := c.Input().Get("code")
 	verifier := c.Input().Get("code_verifier")
 	scope := c.Input().Get("scope")
-	nonce := c.Input().Get("nonce")
 	username := c.Input().Get("username")
 	password := c.Input().Get("password")
 	tag := c.Input().Get("tag")
 	avatar := c.Input().Get("avatar")
-	refreshToken := c.Input().Get("refresh_token")
-	deviceCode := c.Input().Get("device_code")

 	if clientId == "" && clientSecret == "" {
 		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
 	}
-
-	if len(c.Ctx.Input.RequestBody) != 0 && grantType != "urn:ietf:params:oauth:grant-type:device_code" {
-		// If clientId is empty, try to read data from RequestBody
+	if clientId == "" {
+		// If clientID is empty, try to read data from RequestBody
 		var tokenRequest TokenRequest
-		err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest)
-		if err == nil {
-			if clientId == "" {
-				clientId = tokenRequest.ClientId
-			}
-			if clientSecret == "" {
-				clientSecret = tokenRequest.ClientSecret
-			}
-			if grantType == "" {
-				grantType = tokenRequest.GrantType
-			}
-			if code == "" {
-				code = tokenRequest.Code
-			}
-			if verifier == "" {
-				verifier = tokenRequest.Verifier
-			}
-			if scope == "" {
-				scope = tokenRequest.Scope
-			}
-			if nonce == "" {
-				nonce = tokenRequest.Nonce
-			}
-			if username == "" {
-				username = tokenRequest.Username
-			}
-			if password == "" {
-				password = tokenRequest.Password
-			}
-			if tag == "" {
-				tag = tokenRequest.Tag
-			}
-			if avatar == "" {
-				avatar = tokenRequest.Avatar
-			}
-			if refreshToken == "" {
-				refreshToken = tokenRequest.RefreshToken
-			}
+		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
+			clientId = tokenRequest.ClientId
+			clientSecret = tokenRequest.ClientSecret
+			grantType = tokenRequest.GrantType
+			refreshToken = tokenRequest.RefreshToken
+			code = tokenRequest.Code
+			verifier = tokenRequest.Verifier
+			scope = tokenRequest.Scope
+			username = tokenRequest.Username
+			password = tokenRequest.Password
+			tag = tokenRequest.Tag
+			avatar = tokenRequest.Avatar
 		}
 	}
-
-	if deviceCode != "" {
-		deviceAuthCache, ok := object.DeviceAuthMap.Load(deviceCode)
-		if !ok {
-			c.Data["json"] = &object.TokenError{
-				Error:            "expired_token",
-				ErrorDescription: "token is expired",
-			}
-			c.SetTokenErrorHttpStatus()
-			c.ServeJSON()
-			c.SetTokenErrorHttpStatus()
-			return
-		}
-
-		deviceAuthCacheCast := deviceAuthCache.(object.DeviceAuthCache)
-		if !deviceAuthCacheCast.UserSignIn {
-			c.Data["json"] = &object.TokenError{
-				Error:            "authorization_pending",
-				ErrorDescription: "authorization pending",
-			}
-			c.SetTokenErrorHttpStatus()
-			c.ServeJSON()
-			c.SetTokenErrorHttpStatus()
-			return
-		}
-
-		if deviceAuthCacheCast.RequestAt.Add(time.Second * 120).Before(time.Now()) {
-			c.Data["json"] = &object.TokenError{
-				Error:            "expired_token",
-				ErrorDescription: "token is expired",
-			}
-			c.SetTokenErrorHttpStatus()
-			c.ServeJSON()
-			c.SetTokenErrorHttpStatus()
-			return
-		}
-		object.DeviceAuthMap.Delete(deviceCode)
-
-		username = deviceAuthCacheCast.UserName
-	}
-
 	host := c.Ctx.Request.Host
-	token, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, nonce, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
+	oAuthtoken, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.Data["json"] = token
+	c.Data["json"] = oAuthtoken
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
@@ -318,17 +246,8 @@ func (c *ApiController) RefreshToken() {
 	c.ServeJSON()
 }

-func (c *ApiController) ResponseTokenError(errorMsg string) {
-	c.Data["json"] = &object.TokenError{
-		Error: errorMsg,
-	}
-	c.SetTokenErrorHttpStatus()
-	c.ServeJSON()
-}
-
 // IntrospectToken
 // @Title IntrospectToken
-// @Tag Login API
 // @Description The introspection endpoint is an OAuth 2.0 endpoint that takes a
 // parameter representing an OAuth 2.0 token and returns a JSON document
 // representing the meta information surrounding the
@@ -348,133 +267,63 @@ func (c *ApiController) IntrospectToken() {
 		clientId = c.Input().Get("client_id")
 		clientSecret = c.Input().Get("client_secret")
 		if clientId == "" || clientSecret == "" {
-			c.ResponseTokenError(object.InvalidRequest)
-			return
-		}
-	}
-
-	application, err := object.GetApplicationByClientId(clientId)
-	if err != nil {
-		c.ResponseTokenError(err.Error())
-		return
-	}
-
-	if application == nil || application.ClientSecret != clientSecret {
-		c.ResponseTokenError(c.T("token:Invalid application or wrong clientSecret"))
-		return
-	}
-
-	respondWithInactiveToken := func() {
-		c.Data["json"] = &object.IntrospectionResponse{Active: false}
-		c.ServeJSON()
-	}
-
-	tokenTypeHint := c.Input().Get("token_type_hint")
-	var token *object.Token
-	if tokenTypeHint != "" {
-		token, err = object.GetTokenByTokenValue(tokenValue, tokenTypeHint)
-		if err != nil {
-			c.ResponseTokenError(err.Error())
-			return
-		}
-		if token == nil || token.ExpiresIn <= 0 {
-			respondWithInactiveToken()
-			return
-		}
-
-		if token.ExpiresIn <= 0 {
-			c.Data["json"] = &object.IntrospectionResponse{Active: false}
+			c.ResponseError(c.T("token:Empty clientId or clientSecret"))
+			c.Data["json"] = &object.TokenError{
+				Error: object.InvalidRequest,
+			}
+			c.SetTokenErrorHttpStatus()
 			c.ServeJSON()
 			return
 		}
 	}
-
-	var introspectionResponse object.IntrospectionResponse
-
-	if application.TokenFormat == "JWT-Standard" {
-		jwtToken, err := object.ParseStandardJwtTokenByApplication(tokenValue, application)
-		if err != nil {
-			// and token revoked case. but we not implement
-			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
-			// refs: https://tools.ietf.org/html/rfc7009
-			respondWithInactiveToken()
-			return
-		}
-
-		introspectionResponse = object.IntrospectionResponse{
-			Active:    true,
-			Scope:     jwtToken.Scope,
-			ClientId:  clientId,
-			Username:  jwtToken.Name,
-			TokenType: jwtToken.TokenType,
-			Exp:       jwtToken.ExpiresAt.Unix(),
-			Iat:       jwtToken.IssuedAt.Unix(),
-			Nbf:       jwtToken.NotBefore.Unix(),
-			Sub:       jwtToken.Subject,
-			Aud:       jwtToken.Audience,
-			Iss:       jwtToken.Issuer,
-			Jti:       jwtToken.ID,
-		}
-	} else {
-		jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
-		if err != nil {
-			// and token revoked case. but we not implement
-			// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
-			// refs: https://tools.ietf.org/html/rfc7009
-			respondWithInactiveToken()
-			return
-		}
-
-		introspectionResponse = object.IntrospectionResponse{
-			Active:   true,
-			ClientId: clientId,
-			Exp:      jwtToken.ExpiresAt.Unix(),
-			Iat:      jwtToken.IssuedAt.Unix(),
-			Nbf:      jwtToken.NotBefore.Unix(),
-			Sub:      jwtToken.Subject,
-			Aud:      jwtToken.Audience,
-			Iss:      jwtToken.Issuer,
-			Jti:      jwtToken.ID,
-		}
-
-		if jwtToken.Scope != "" {
-			introspectionResponse.Scope = jwtToken.Scope
-		}
-		if jwtToken.Name != "" {
-			introspectionResponse.Username = jwtToken.Name
-		}
-		if jwtToken.TokenType != "" {
-			introspectionResponse.TokenType = jwtToken.TokenType
-		}
+	application, err := object.GetApplicationByClientId(clientId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
 	}

-	if tokenTypeHint == "" {
-		token, err = object.GetTokenByTokenValue(tokenValue, introspectionResponse.TokenType)
-		if err != nil {
-			c.ResponseTokenError(err.Error())
-			return
-		}
-		if token == nil || token.ExpiresIn <= 0 {
-			respondWithInactiveToken()
-			return
+	if application == nil || application.ClientSecret != clientSecret {
+		c.ResponseError(c.T("token:Invalid application or wrong clientSecret"))
+		c.Data["json"] = &object.TokenError{
+			Error: object.InvalidClient,
 		}
+		c.SetTokenErrorHttpStatus()
+		return
+	}
+	token, err := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
 	}

-	if token != nil {
-		application, err = object.GetApplication(fmt.Sprintf("%s/%s", token.Owner, token.Application))
-		if err != nil {
-			c.ResponseTokenError(err.Error())
-			return
-		}
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), token.Application))
-			return
-		}
-
-		introspectionResponse.TokenType = token.TokenType
-		introspectionResponse.ClientId = application.ClientId
+	if token == nil {
+		c.Data["json"] = &object.IntrospectionResponse{Active: false}
+		c.ServeJSON()
+		return
+	}
+	jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application)
+	if err != nil || jwtToken.Valid() != nil {
+		// and token revoked case. but we not implement
+		// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
+		// refs: https://tools.ietf.org/html/rfc7009
+		c.Data["json"] = &object.IntrospectionResponse{Active: false}
+		c.ServeJSON()
+		return
 	}

-	c.Data["json"] = introspectionResponse
+	c.Data["json"] = &object.IntrospectionResponse{
+		Active:    true,
+		Scope:     jwtToken.Scope,
+		ClientId:  clientId,
+		Username:  token.User,
+		TokenType: token.TokenType,
+		Exp:       jwtToken.ExpiresAt.Unix(),
+		Iat:       jwtToken.IssuedAt.Unix(),
+		Nbf:       jwtToken.NotBefore.Unix(),
+		Sub:       jwtToken.Subject,
+		Aud:       jwtToken.Audience,
+		Iss:       jwtToken.Issuer,
+		Jti:       jwtToken.ID,
+	}
 	c.ServeJSON()
 }
--- a/controllers/transaction.go
+++ b/controllers/transaction.go
@@ -1,167 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetTransactions
-// @Title GetTransactions
-// @Tag Transaction API
-// @Description get transactions
-// @Param   owner     query    string  true        "The owner of transactions"
-// @Success 200 {array} object.Transaction The Response object
-// @router /get-transactions [get]
-func (c *ApiController) GetTransactions() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		transactions, err := object.GetTransactions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(transactions)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetTransactionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		transactions, err := object.GetPaginationTransactions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(transactions, paginator.Nums())
-	}
-}
-
-// GetUserTransactions
-// @Title GetUserTransaction
-// @Tag Transaction API
-// @Description get transactions for a user
-// @Param   owner     query    string  true        "The owner of transactions"
-// @Param   organization    query   string  true   "The organization of the user"
-// @Param   user    query   string  true           "The username of the user"
-// @Success 200 {array} object.Transaction The Response object
-// @router /get-user-transactions [get]
-func (c *ApiController) GetUserTransactions() {
-	owner := c.Input().Get("owner")
-	user := c.Input().Get("user")
-
-	transactions, err := object.GetUserTransactions(owner, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(transactions)
-}
-
-// GetTransaction
-// @Title GetTransaction
-// @Tag Transaction API
-// @Description get transaction
-// @Param   id     query    string  true        "The id ( owner/name ) of the transaction"
-// @Success 200 {object} object.Transaction The Response object
-// @router /get-transaction [get]
-func (c *ApiController) GetTransaction() {
-	id := c.Input().Get("id")
-
-	transaction, err := object.GetTransaction(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(transaction)
-}
-
-// UpdateTransaction
-// @Title UpdateTransaction
-// @Tag Transaction API
-// @Description update transaction
-// @Param   id     query    string  true        "The id ( owner/name ) of the transaction"
-// @Param   body    body   object.Transaction  true        "The details of the transaction"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-transaction [post]
-func (c *ApiController) UpdateTransaction() {
-	id := c.Input().Get("id")
-
-	var transaction object.Transaction
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateTransaction(id, &transaction))
-	c.ServeJSON()
-}
-
-// AddTransaction
-// @Title AddTransaction
-// @Tag Transaction API
-// @Description add transaction
-// @Param   body    body   object.Transaction  true        "The details of the transaction"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-transaction [post]
-func (c *ApiController) AddTransaction() {
-	var transaction object.Transaction
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddTransaction(&transaction))
-	c.ServeJSON()
-}
-
-// DeleteTransaction
-// @Title DeleteTransaction
-// @Tag Transaction API
-// @Description delete transaction
-// @Param   body    body   object.Transaction  true        "The details of the transaction"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-transaction [post]
-func (c *ApiController) DeleteTransaction() {
-	var transaction object.Transaction
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteTransaction(&transaction))
-	c.ServeJSON()
-}
--- a/controllers/types.go
+++ b/controllers/types.go
@@ -15,13 +15,12 @@
 package controllers

 type TokenRequest struct {
-	ClientId     string `json:"client_id"`
-	ClientSecret string `json:"client_secret"`
 	GrantType    string `json:"grant_type"`
 	Code         string `json:"code"`
+	ClientId     string `json:"client_id"`
+	ClientSecret string `json:"client_secret"`
 	Verifier     string `json:"code_verifier"`
 	Scope        string `json:"scope"`
-	Nonce        string `json:"nonce"`
 	Username     string `json:"username"`
 	Password     string `json:"password"`
 	Tag          string `json:"tag"`
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -20,7 +20,6 @@ import (
 	"strings"

 	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -40,13 +39,13 @@ func (c *ApiController) GetGlobalUsers() {
 	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
-		users, err := object.GetMaskedUsers(object.GetGlobalUsers())
+		maskedUsers, err := object.GetMaskedUsers(object.GetGlobalUsers())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		c.ResponseOk(users)
+		c.ResponseOk(maskedUsers)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGlobalUserCount(field, value)
@@ -91,22 +90,22 @@ func (c *ApiController) GetUsers() {

 	if limit == "" || page == "" {
 		if groupName != "" {
-			users, err := object.GetMaskedUsers(object.GetGroupUsers(util.GetId(owner, groupName)))
+			maskedUsers, err := object.GetMaskedUsers(object.GetGroupUsers(util.GetId(owner, groupName)))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
-			c.ResponseOk(users)
+			c.ResponseOk(maskedUsers)
 			return
 		}

-		users, err := object.GetMaskedUsers(object.GetUsers(owner))
+		maskedUsers, err := object.GetMaskedUsers(object.GetUsers(owner))
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		c.ResponseOk(users)
+		c.ResponseOk(maskedUsers)
 	} else {
 		limit := util.ParseInt(limit)
 		count, err := object.GetUserCount(owner, field, value, groupName)
@@ -157,67 +156,44 @@ func (c *ApiController) GetUser() {
 			c.ResponseError(err.Error())
 			return
 		}
-		if userFromUserId == nil {
-			c.ResponseOk(nil)
-			return
-		}

 		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
 	}

-	var user *object.User
-	if id == "" && owner == "" {
-		switch {
-		case email != "":
-			user, err = object.GetUserByEmailOnly(email)
-		case phone != "":
-			user, err = object.GetUserByPhoneOnly(phone)
-		case userId != "":
-			user, err = object.GetUserByUserIdOnly(userId)
-		}
-	} else {
-		if owner == "" {
-			owner = util.GetOwnerFromId(id)
-		}
-
-		switch {
-		case email != "":
-			user, err = object.GetUserByEmail(owner, email)
-		case phone != "":
-			user, err = object.GetUserByPhone(owner, phone)
-		case userId != "":
-			user = userFromUserId
-		default:
-			user, err = object.GetUser(id)
-		}
+	if owner == "" {
+		owner = util.GetOwnerFromId(id)
 	}

+	organization, err := object.GetOrganization(util.GetId("admin", owner))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	var organization *object.Organization
-	if user != nil {
-		organization, err = object.GetOrganizationByUser(user)
-		if err != nil {
+	if !organization.IsProfilePublic {
+		requestUserId := c.GetSessionUsername()
+		hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
+		if !hasPermission {
 			c.ResponseError(err.Error())
 			return
 		}
-		if organization == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s does not exist"), owner))
-			return
-		}
+	}

-		if !organization.IsProfilePublic {
-			requestUserId := c.GetSessionUsername()
-			var hasPermission bool
-			hasPermission, err = object.CheckUserPermission(requestUserId, user.GetId(), false, c.GetAcceptLanguage())
-			if !hasPermission {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
+	var user *object.User
+	switch {
+	case email != "":
+		user, err = object.GetUserByEmail(owner, email)
+	case phone != "":
+		user, err = object.GetUserByPhone(owner, phone)
+	case userId != "":
+		user = userFromUserId
+	default:
+		user, err = object.GetUser(id)
+	}
+
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
 	}

 	if user != nil {
@@ -231,21 +207,13 @@ func (c *ApiController) GetUser() {
 	}

 	isAdminOrSelf := c.IsAdminOrSelf(user)
-	user, err = object.GetMaskedUser(user, isAdminOrSelf)
+	maskedUser, err := object.GetMaskedUser(user, isAdminOrSelf)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	if organization != nil && user != nil {
-		user, err = object.GetFilteredUser(user, c.IsAdmin(), c.IsAdminOrSelf(user), organization.AccountItems)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.ResponseOk(user)
+	c.ResponseOk(maskedUser)
 }

 // UpdateUser
@@ -290,29 +258,13 @@ func (c *ApiController) UpdateUser() {
 		return
 	}

-	if user.MfaEmailEnabled && user.Email == "" {
-		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
-		return
-	}
-
-	if user.MfaPhoneEnabled && user.Phone == "" {
-		c.ResponseError(c.T("user:MFA phone is enabled but phone number is empty"))
-		return
-	}
-
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	isUsernameLowered := conf.GetConfigBool("isUsernameLowered")
-	if isUsernameLowered {
-		user.Name = strings.ToLower(user.Name)
-	}
-
 	isAdmin := c.IsAdmin()
-	allowDisplayNameEmpty := c.Input().Get("allowEmpty") != ""
-	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, allowDisplayNameEmpty, c.GetAcceptLanguage()); !pass {
+	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, c.GetAcceptLanguage()); !pass {
 		c.ResponseError(err)
 		return
 	}
@@ -355,19 +307,24 @@ func (c *ApiController) AddUser() {
 		return
 	}

-	if err := checkQuotaForUser(); err != nil {
+	count, err := object.GetUserCount("", "", "", "")
+	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	emptyUser := object.User{}
-	msg := object.CheckUpdateUser(&emptyUser, &user, c.GetAcceptLanguage())
+	if err := checkQuotaForUser(int(count)); err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	msg := object.CheckUsername(user.Name, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.AddUser(&user, c.GetAcceptLanguage()))
+	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
 	c.ServeJSON()
 }

@@ -407,12 +364,6 @@ func (c *ApiController) GetEmailAndPhone() {
 	organization := c.Ctx.Request.Form.Get("organization")
 	username := c.Ctx.Request.Form.Get("username")

-	enableErrorMask2 := conf.GetConfigBool("enableErrorMask2")
-	if enableErrorMask2 {
-		c.ResponseError("Error")
-		return
-	}
-
 	user, err := object.GetUserByFields(organization, username)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -459,10 +410,10 @@ func (c *ApiController) SetPassword() {
 	newPassword := c.Ctx.Request.Form.Get("newPassword")
 	code := c.Ctx.Request.Form.Get("code")

-	// if userOwner == "built-in" && userName == "admin" {
+	//if userOwner == "built-in" && userName == "admin" {
 	//	c.ResponseError(c.T("auth:Unauthorized operation"))
 	//	return
-	// }
+	//}

 	if strings.Contains(newPassword, " ") {
 		c.ResponseError(c.T("user:New password cannot contain blank space."))
@@ -471,16 +422,6 @@ func (c *ApiController) SetPassword() {

 	userId := util.GetId(userOwner, userName)

-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return
-	}
-
 	requestUserId := c.GetSessionUsername()
 	if requestUserId == "" && code == "" {
 		c.ResponseError(c.T("general:Please login first"), "Please login first")
@@ -496,41 +437,19 @@ func (c *ApiController) SetPassword() {
 			c.ResponseError(c.T("general:Missing parameter"))
 			return
 		}
-		if userId != c.GetSession("verifiedUserId") {
-			c.ResponseError(c.T("general:Wrong userId"))
-			return
-		}
 		c.SetSession("verifiedCode", "")
-		c.SetSession("verifiedUserId", "")
 	}

 	targetUser, err := object.GetUser(userId)
-	if targetUser == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return
-	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	isAdmin := c.IsAdmin()
-	if isAdmin {
-		if oldPassword != "" {
-			err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-	} else if code == "" {
-		if user.Ldap == "" {
-			err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-		} else {
-			err = object.CheckLdapUserPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-		}
-		if err != nil {
-			c.ResponseError(err.Error())
+	if oldPassword != "" {
+		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
+		if msg != "" {
+			c.ResponseError(msg)
 			return
 		}
 	}
@@ -541,48 +460,8 @@ func (c *ApiController) SetPassword() {
 		return
 	}

-	organization, err := object.GetOrganizationByUser(targetUser)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if organization == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:the organization: %s is not found"), targetUser.Owner))
-		return
-	}
-
-	application, err := object.GetApplicationByUser(targetUser)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:the application for user %s is not found"), userId))
-		return
-	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	err = object.CheckEntryIp(clientIp, targetUser, application, organization, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
 	targetUser.Password = newPassword
-	targetUser.UpdateUserPassword(organization)
-	targetUser.NeedUpdatePassword = false
-	targetUser.LastChangePasswordTime = util.GetCurrentTime()
-
-	if user.Ldap == "" {
-		_, err = object.UpdateUser(userId, targetUser, []string{"password", "password_salt", "need_update_password", "password_type", "last_change_password_time"}, false)
-	} else {
-		if isAdmin {
-			err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage())
-		} else {
-			err = object.ResetLdapPassword(targetUser, oldPassword, newPassword, c.GetAcceptLanguage())
-		}
-	}
-
+	_, err = object.SetUserField(targetUser, "password", targetUser.Password)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -595,7 +474,6 @@ func (c *ApiController) SetPassword() {
 // @Title CheckUserPassword
 // @router /check-user-password [post]
 // @Tag User API
-// @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) CheckUserPassword() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
@@ -604,15 +482,11 @@ func (c *ApiController) CheckUserPassword() {
 		return
 	}

-	/*
-	 * Verified password with user as subject, if field ldap not empty,
-	 * then `isPasswordWithLdapEnabled` is true
-	 */
-	_, err = object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage(), false, false, user.Ldap != "")
-	if err != nil {
-		c.ResponseError(err.Error())
-	} else {
+	_, msg := object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
+	if msg == "" {
 		c.ResponseOk()
+	} else {
+		c.ResponseError(msg)
 	}
 }

@@ -630,13 +504,13 @@ func (c *ApiController) GetSortedUsers() {
 	sorter := c.Input().Get("sorter")
 	limit := util.ParseInt(c.Input().Get("limit"))

-	users, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
+	maskedUsers, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.ResponseOk(users)
+	c.ResponseOk(maskedUsers)
 }

 // GetUserCount
@@ -666,12 +540,11 @@ func (c *ApiController) GetUserCount() {
 	c.ResponseOk(count)
 }

-// AddUserKeys
-// @Title AddUserKeys
+// AddUserkeys
+// @Title AddUserkeys
 // @router /add-user-keys [post]
 // @Tag User API
-// @Success 200 {object} object.Userinfo The Response object
-func (c *ApiController) AddUserKeys() {
+func (c *ApiController) AddUserkeys() {
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
@@ -680,7 +553,7 @@ func (c *ApiController) AddUserKeys() {
 	}

 	isAdmin := c.IsAdmin()
-	affected, err := object.AddUserKeys(&user, isAdmin)
+	affected, err := object.AddUserkeys(&user, isAdmin)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -705,7 +578,7 @@ func (c *ApiController) RemoveUserFromGroup() {
 		return
 	}

-	affected, err := object.DeleteGroupForUser(util.GetId(owner, name), util.GetId(owner, groupName))
+	affected, err := object.DeleteGroupForUser(util.GetId(owner, name), groupName)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@@ -48,17 +48,17 @@ func (c *ApiController) UploadUsers() {
 		c.ResponseError(err.Error())
 		return
 	}
-
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
+
 	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
+	util.EnsureFileFolderExists(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	affected, err := object.UploadUsers(owner, path)
+	affected, err := object.UploadUsers(owner, fileId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -67,6 +67,6 @@ func (c *ApiController) UploadUsers() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
+		c.ResponseError(c.T("user_upload:Failed to import users"))
 	}
 }
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -45,15 +45,6 @@ func (c *ApiController) ResponseOk(data ...interface{}) {

 // ResponseError ...
 func (c *ApiController) ResponseError(error string, data ...interface{}) {
-	enableErrorMask2 := conf.GetConfigBool("enableErrorMask2")
-	if enableErrorMask2 {
-		error = c.T("subscription:Error")
-
-		resp := &Response{Status: "error", Msg: error}
-		c.ResponseJsonData(resp, data...)
-		return
-	}
-
 	resp := &Response{Status: "error", Msg: error}
 	c.ResponseJsonData(resp, data...)
 }
@@ -105,24 +96,17 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 		return nil, false
 	}

-	if object.IsAppUser(userId) {
-		tmpUserId := c.Input().Get("userId")
-		if tmpUserId != "" {
-			userId = tmpUserId
-		}
-	}
-
 	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return nil, false
 	}
+
 	if user == nil {
 		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return nil, false
 	}
-
 	return user, true
 }

@@ -136,39 +120,9 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	if user.Owner == "built-in" {
 		return "", true
 	}
-
-	if !user.IsAdmin {
-		c.ResponseError(c.T("general:this operation requires administrator to perform"))
-		return "", false
-	}
-
 	return user.Owner, true
 }

-func (c *ApiController) IsOrgAdmin() (bool, bool) {
-	userId, ok := c.RequireSignedIn()
-	if !ok {
-		return false, true
-	}
-
-	if object.IsAppUser(userId) {
-		return true, true
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return false, false
-	}
-	if user == nil {
-		c.ClearUserSession()
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return false, false
-	}
-
-	return user.IsAdmin, true
-}
-
 // IsMaskedEnabled ...
 func (c *ApiController) IsMaskedEnabled() (bool, bool) {
 	isMaskEnabled := true
@@ -287,18 +241,12 @@ func checkQuotaForProvider(count int) error {
 	return nil
 }

-func checkQuotaForUser() error {
+func checkQuotaForUser(count int) error {
 	quota := conf.GetConfigQuota().User
 	if quota == -1 {
 		return nil
 	}
-
-	count, err := object.GetUserCount("", "", "", "")
-	if err != nil {
-		return err
-	}
-
-	if int(count) >= quota {
+	if count >= quota {
 		return fmt.Errorf("user quota is exceeded")
 	}
 	return nil
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -20,7 +20,6 @@ import (
 	"fmt"
 	"strings"

-	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
@@ -36,95 +35,10 @@ const (
 	MfaAuthVerification  = "mfaAuth"
 )

-// GetVerifications
-// @Title GetVerifications
-// @Tag Verification API
-// @Description get payments
-// @Param   owner     query    string  true        "The owner of payments"
-// @Success 200 {array} object.Verification The Response object
-// @router /get-payments [get]
-func (c *ApiController) GetVerifications() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		payments, err := object.GetVerifications(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(payments)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetVerificationCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		payments, err := object.GetPaginationVerifications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(payments, paginator.Nums())
-	}
-}
-
-// GetUserVerifications
-// @Title GetUserVerifications
-// @Tag Verification API
-// @Description get payments for a user
-// @Param   owner     query    string  true        "The owner of payments"
-// @Param   organization    query   string  true   "The organization of the user"
-// @Param   user    query   string  true           "The username of the user"
-// @Success 200 {array} object.Verification The Response object
-// @router /get-user-payments [get]
-func (c *ApiController) GetUserVerifications() {
-	owner := c.Input().Get("owner")
-	user := c.Input().Get("user")
-
-	payments, err := object.GetUserVerifications(owner, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payments)
-}
-
-// GetVerification
-// @Title GetVerification
-// @Tag Verification API
-// @Description get payment
-// @Param   id     query    string  true        "The id ( owner/name ) of the payment"
-// @Success 200 {object} object.Verification The Response object
-// @router /get-payment [get]
-func (c *ApiController) GetVerification() {
-	id := c.Input().Get("id")
-
-	payment, err := object.GetVerification(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment)
-}
-
 // SendVerificationCode ...
 // @Title SendVerificationCode
 // @Tag Verification API
 // @router /send-verification-code [post]
-// @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) SendVerificationCode() {
 	var vform form.VerificationForm
 	err := c.ParseForm(&vform)
@@ -132,42 +46,24 @@ func (c *ApiController) SendVerificationCode() {
 		c.ResponseError(err.Error())
 		return
 	}
-
-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
+	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)

 	if msg := vform.CheckParameter(form.SendVerifyCode, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	provider, err := object.GetCaptchaProviderByApplication(vform.ApplicationId, "false", c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if provider != nil {
-		if vform.CaptchaType != provider.Type {
+	if vform.CaptchaType != "none" {
+		if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
+			c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
+			return
+		} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret); err != nil {
+			c.ResponseError(err.Error())
+			return
+		} else if !isHuman {
 			c.ResponseError(c.T("verification:Turing test failed."))
 			return
 		}
-
-		if provider.Type != "Default" {
-			vform.ClientSecret = provider.ClientSecret
-		}
-
-		if vform.CaptchaType != "none" {
-			if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
-				c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
-				return
-			} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, provider.ClientId, vform.ClientSecret, provider.ClientId2); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if !isHuman {
-				c.ResponseError(c.T("verification:Turing test failed."))
-				return
-			}
-		}
 	}

 	application, err := object.GetApplication(vform.ApplicationId)
@@ -195,15 +91,6 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError(err.Error())
 			return
 		}
-		if user == nil || user.IsDeleted {
-			c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
-			return
-		}
-
-		if user.IsForbidden {
-			c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
-			return
-		}
 	}

 	// mfaUserSession != "", means method is MfaAuthVerification
@@ -242,23 +129,21 @@ func (c *ApiController) SendVerificationCode() {
 		} else if vform.Method == ResetVerification {
 			user = c.getCurrentUser()
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetMfaProps(object.EmailType, false)
+			mfaProps := user.GetPreferredMfaProps(false)
 			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
+		} else if vform.Method == MfaSetupVerification {
+			c.SetSession(object.MfaDestSession, vform.Dest)
 		}

-		provider, err = application.GetEmailProvider(vform.Method)
+		provider, err := application.GetEmailProvider()
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-		if provider == nil {
-			c.ResponseError(fmt.Sprintf(c.T("verification:please add an Email provider to the \"Providers\" list for the application: %s"), application.Name))
-			return
-		}

-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest, vform.Method, c.Ctx.Request.Host, application.Name)
+		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, vform.Dest)
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
@@ -280,31 +165,31 @@ func (c *ApiController) SendVerificationCode() {
 					vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 				}
 			}
+
+			if vform.Method == MfaSetupVerification {
+				c.SetSession(object.MfaCountryCodeSession, vform.CountryCode)
+				c.SetSession(object.MfaDestSession, vform.Dest)
+			}
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetMfaProps(object.SmsType, false)
+			mfaProps := user.GetPreferredMfaProps(false)
 			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}

 			vform.CountryCode = mfaProps.CountryCode
-			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 		}

-		provider, err = application.GetSmsProvider(vform.Method, vform.CountryCode)
+		provider, err := application.GetSmsProvider()
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-		if provider == nil {
-			c.ResponseError(fmt.Sprintf(c.T("verification:please add a SMS provider to the \"Providers\" list for the application: %s"), application.Name))
-			return
-		}

 		if phone, ok := util.GetE164Number(vform.Dest, vform.CountryCode); !ok {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
 			return
 		} else {
-			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone)
+			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, phone)
 		}
 	}

@@ -319,7 +204,6 @@ func (c *ApiController) SendVerificationCode() {
 // @Title VerifyCaptcha
 // @Tag Verification API
 // @router /verify-captcha [post]
-// @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) VerifyCaptcha() {
 	var vform form.VerificationForm
 	err := c.ParseForm(&vform)
@@ -333,23 +217,13 @@ func (c *ApiController) VerifyCaptcha() {
 		return
 	}

-	captchaProvider, err := object.GetCaptchaProviderByOwnerName(vform.ApplicationId, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if captchaProvider.Type != "Default" {
-		vform.ClientSecret = captchaProvider.ClientSecret
-	}
-
 	provider := captcha.GetCaptchaProvider(vform.CaptchaType)
 	if provider == nil {
 		c.ResponseError(c.T("verification:Invalid captcha provider."))
 		return
 	}

-	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, captchaProvider.ClientId, vform.ClientSecret, captchaProvider.ClientId2)
+	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -361,8 +235,7 @@ func (c *ApiController) VerifyCaptcha() {
 // ResetEmailOrPhone ...
 // @Tag Account API
 // @Title ResetEmailOrPhone
-// @router /reset-email-or-phone [post]
-// @Success 200 {object} object.Userinfo The Response object
+// @router /api/reset-email-or-phone [post]
 func (c *ApiController) ResetEmailOrPhone() {
 	user, ok := c.RequireSignedInUser()
 	if !ok {
@@ -423,12 +296,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 		}
 	}

-	result, err := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-	if result.Code != object.VerificationSuccess {
+	if result := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
 		c.ResponseError(result.Msg)
 		return
 	}
@@ -436,8 +304,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 	switch destType {
 	case object.VerifyTypeEmail:
 		user.Email = dest
-		user.EmailVerified = true
-		_, err = object.UpdateUser(user.GetId(), user, []string{"email", "email_verified"}, false)
+		_, err = object.SetUserField(user, "email", user.Email)
 	case object.VerifyTypePhone:
 		user.Phone = dest
 		_, err = object.SetUserField(user, "phone", user.Phone)
@@ -462,8 +329,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 // VerifyCode
 // @Tag Verification API
 // @Title VerifyCode
-// @router /verify-code [post]
-// @Success 200 {object} object.Userinfo The Response object
+// @router /api/verify-code [post]
 func (c *ApiController) VerifyCode() {
 	var authForm form.AuthForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
@@ -511,31 +377,16 @@ func (c *ApiController) VerifyCode() {
 		}
 	}

-	passed, err := c.checkOrgMasterVerificationCode(user, authForm.Code)
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
+	if result := object.CheckVerificationCode(checkDest, authForm.Code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
+		c.ResponseError(result.Msg)
 		return
 	}
-
-	if !passed {
-		result, err := object.CheckVerificationCode(checkDest, authForm.Code, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if result.Code != object.VerificationSuccess {
-			c.ResponseError(result.Msg)
-			return
-		}
-
-		err = object.DisableVerificationCode(checkDest)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	err = object.DisableVerificationCode(checkDest)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
 	}
-
 	c.SetSession("verifiedCode", authForm.Code)
-	c.SetSession("verifiedUserId", user.GetId())
+
 	c.ResponseOk()
 }
--- a/controllers/verification_util.go
+++ b/controllers/verification_util.go
@@ -1,36 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-)
-
-func (c *ApiController) checkOrgMasterVerificationCode(user *object.User, code string) (bool, error) {
-	organization, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		return false, err
-	}
-	if organization == nil {
-		return false, fmt.Errorf("The organization: %s does not exist", user.Owner)
-	}
-
-	if organization.MasterVerificationCode != "" && organization.MasterVerificationCode == code {
-		return true, nil
-	}
-	return false, nil
-}
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"bytes"
-	"encoding/base64"
 	"fmt"
 	"io"

@@ -48,13 +47,6 @@ func (c *ApiController) WebAuthnSignupBegin() {

 	registerOptions := func(credCreationOpts *protocol.PublicKeyCredentialCreationOptions) {
 		credCreationOpts.CredentialExcludeList = user.CredentialExcludeList()
-		credCreationOpts.AuthenticatorSelection.ResidentKey = "preferred"
-		credCreationOpts.Attestation = "none"
-
-		ext := map[string]interface{}{
-			"credProps": true,
-		}
-		credCreationOpts.Extensions = ext
 	}
 	options, sessionData, err := webauthnObj.BeginRegistration(
 		user,
@@ -128,32 +120,22 @@ func (c *ApiController) WebAuthnSigninBegin() {

 	userOwner := c.Input().Get("owner")
 	userName := c.Input().Get("name")
-
-	var options *protocol.CredentialAssertion
-	var sessionData *webauthn.SessionData
-
-	if userName == "" {
-		options, sessionData, err = webauthnObj.BeginDiscoverableLogin()
-	} else {
-		var user *object.User
-		user, err = object.GetUserByFields(userOwner, userName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-			return
-		}
-		if len(user.WebauthnCredentials) == 0 {
-			c.ResponseError(c.T("webauthn:Found no credentials for this user"))
-			return
-		}
-
-		options, sessionData, err = webauthnObj.BeginLogin(user)
+	user, err := object.GetUserByFields(userOwner, userName)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
 	}

+	if user == nil {
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
+		return
+	}
+	if len(user.WebauthnCredentials) == 0 {
+		c.ResponseError(c.T("webauthn:Found no credentials for this user"))
+		return
+	}
+
+	options, sessionData, err := webauthnObj.BeginLogin(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -164,7 +146,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 }

 // WebAuthnSigninFinish
-// @Title WebAuthnSigninFinish
+// @Title WebAuthnSigninBegin
 // @Tag Login API
 // @Description WebAuthn Login Flow 2nd stage
 // @Param   body    body   protocol.CredentialAssertionResponse  true        "authenticator assertion Response"
@@ -172,7 +154,6 @@ func (c *ApiController) WebAuthnSigninBegin() {
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
 	responseType := c.Input().Get("responseType")
-	clientId := c.Input().Get("clientId")
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -186,43 +167,22 @@ func (c *ApiController) WebAuthnSigninFinish() {
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
-
-	var user *object.User
-	if sessionData.UserID != nil {
-		userId := string(sessionData.UserID)
-		user, err = object.GetUser(userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
-	} else {
-		handler := func(rawID, userHandle []byte) (webauthn.User, error) {
-			user, err = object.GetUserByWebauthID(base64.StdEncoding.EncodeToString(rawID))
-			if err != nil {
-				return nil, err
-			}
-			return user, nil
-		}
-
-		_, err = webauthnObj.FinishDiscoverableLogin(handler, sessionData, c.Ctx.Request)
-	}
-
+	userId := string(sessionData.UserID)
+	user, err := object.GetUser(userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	c.SetSessionUsername(user.GetId())
-	util.LogInfo(c.Ctx, "API: [%s] signed in", user.GetId())

-	var application *object.Application
-
-	if clientId != "" && (responseType == ResponseTypeCode) {
-		application, err = object.GetApplicationByClientId(clientId)
-	} else {
-		application, err = object.GetApplicationByUser(user)
+	_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
 	}
+	c.SetSessionUsername(userId)
+	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
+
+	application, err := object.GetApplicationByUser(user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@@ -23,7 +23,7 @@ func NewArgon2idCredManager() *Argon2idCredManager {
 	return cm
 }

-func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
 	if err != nil {
 		return ""
@@ -31,7 +31,7 @@ func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) s
 	return hash
 }

-func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
 	return match
 }
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@@ -9,7 +9,7 @@ func NewBcryptCredManager() *BcryptCredManager {
 	return cm
 }

-func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return ""
@@ -17,7 +17,7 @@ func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) str
 	return string(bytes)
 }

-func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
 	return err == nil
 }
--- a/cred/manager.go
+++ b/cred/manager.go
@@ -15,8 +15,8 @@
 package cred

 type CredManager interface {
-	GetHashedPassword(password string, salt string) string
-	IsPasswordCorrect(password string, passwordHash string, salt string) bool
+	GetHashedPassword(password string, userSalt string, organizationSalt string) string
+	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
 }

 func GetCredManager(passwordType string) CredManager {
@@ -24,8 +24,6 @@ func GetCredManager(passwordType string) CredManager {
 		return NewPlainCredManager()
 	} else if passwordType == "salt" {
 		return NewSha256SaltCredManager()
-	} else if passwordType == "sha512-salt" {
-		return NewSha512SaltCredManager()
 	} else if passwordType == "md5-salt" {
 		return NewMd5UserSaltCredManager()
 	} else if passwordType == "bcrypt" {
@@ -34,8 +32,6 @@ func GetCredManager(passwordType string) CredManager {
 		return NewPbkdf2SaltCredManager()
 	} else if passwordType == "argon2id" {
 		return NewArgon2idCredManager()
-	} else if passwordType == "pbkdf2-django" {
-		return NewPbkdf2DjangoCredManager()
 	}
 	return nil
 }
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@@ -37,21 +37,14 @@ func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
 	return cm
 }

-func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getMd5HexDigest(password)
+func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	res := getMd5HexDigest(password)
+	if userSalt != "" {
+		res = getMd5HexDigest(res + userSalt)
 	}
-
-	return getMd5HexDigest(getMd5HexDigest(password) + salt)
+	return res
 }

-func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getMd5HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@@ -28,13 +28,13 @@ func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
 	return cm
 }

-func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
-	decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
+	decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
 	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
 	return base64.StdEncoding.EncodeToString(res)
 }

-func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/pbkdf2_django.go
+++ b/cred/pbkdf2_django.go
@@ -1,67 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/sha256"
-	"encoding/base64"
-	"strconv"
-	"strings"
-
-	"golang.org/x/crypto/pbkdf2"
-)
-
-// password type: pbkdf2-django
-
-type Pbkdf2DjangoCredManager struct{}
-
-func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
-	cm := &Pbkdf2DjangoCredManager{}
-	return cm
-}
-
-func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
-	iterations := 260000
-
-	saltBytes := []byte(salt)
-	passwordBytes := []byte(password)
-	computedHash := pbkdf2.Key(passwordBytes, saltBytes, iterations, sha256.Size, sha256.New)
-	hashBase64 := base64.StdEncoding.EncodeToString(computedHash)
-	return "pbkdf2_sha256$" + strconv.Itoa(iterations) + "$" + salt + "$" + hashBase64
-}
-
-func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, _salt string) bool {
-	parts := strings.Split(passwordHash, "$")
-	if len(parts) != 4 {
-		return false
-	}
-
-	algorithm, iterations, salt, hash := parts[0], parts[1], parts[2], parts[3]
-	if algorithm != "pbkdf2_sha256" {
-		return false
-	}
-
-	iter, err := strconv.Atoi(iterations)
-	if err != nil {
-		return false
-	}
-
-	saltBytes := []byte(salt)
-	passwordBytes := []byte(password)
-	computedHash := pbkdf2.Key(passwordBytes, saltBytes, iter, sha256.Size, sha256.New)
-	computedHashBase64 := base64.StdEncoding.EncodeToString(computedHash)
-
-	return computedHashBase64 == hash
-}
--- a/cred/plain.go
+++ b/cred/plain.go
@@ -21,10 +21,10 @@ func NewPlainCredManager() *PlainCredManager {
 	return cm
 }

-func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	return password
 }

-func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	return hashedPwd == plainPwd
 }
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@@ -37,21 +37,14 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
 	return cm
 }

-func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getSha256HexDigest(password)
+func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	res := getSha256HexDigest(password)
+	if organizationSalt != "" {
+		res = getSha256HexDigest(res + organizationSalt)
 	}
-
-	return getSha256HexDigest(getSha256HexDigest(password) + salt)
+	return res
 }

-func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getSha256HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@@ -23,12 +23,12 @@ func TestGetSaltedPassword(t *testing.T) {
 	password := "123456"
 	salt := "123"
 	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
+	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
 }

 func TestGetPassword(t *testing.T) {
 	password := "123456"
 	cm := NewSha256SaltCredManager()
 	// https://passwordsgenerator.net/sha256-hash-generator/
-	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
+	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
 }
--- a/cred/sha512-salt.go
+++ b/cred/sha512-salt.go
@@ -1,57 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package cred
-
-import (
-	"crypto/sha512"
-	"encoding/hex"
-)
-
-type Sha512SaltCredManager struct{}
-
-func getSha512(data []byte) []byte {
-	hash := sha512.Sum512(data)
-	return hash[:]
-}
-
-func getSha512HexDigest(s string) string {
-	b := getSha512([]byte(s))
-	res := hex.EncodeToString(b)
-	return res
-}
-
-func NewSha512SaltCredManager() *Sha512SaltCredManager {
-	cm := &Sha512SaltCredManager{}
-	return cm
-}
-
-func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getSha512HexDigest(password)
-	}
-
-	return getSha512HexDigest(getSha512HexDigest(password) + salt)
-}
-
-func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getSha512HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
-}
--- a/deployment/deploy.go
+++ b/deployment/deploy.go
@@ -27,21 +27,7 @@ import (
 )

 func deployStaticFiles(provider *object.Provider) {
-	certificate := ""
-	if provider.Category == "Storage" && provider.Type == "Casdoor" {
-		cert, err := object.GetCert(util.GetId(provider.Owner, provider.Cert))
-		if err != nil {
-			panic(err)
-		}
-		if cert == nil {
-			panic(err)
-		}
-		certificate = cert.Certificate
-	}
-	storageProvider, err := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint, certificate, provider.Content)
-	if err != nil {
-		panic(err)
-	}
+	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, provider.Endpoint)
 	if storageProvider == nil {
 		panic(fmt.Sprintf("the provider type: %s is not supported", provider.Type))
 	}
--- a/email/azure_acs.go
+++ b/email/azure_acs.go
@@ -1,221 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-)
-
-const (
-	importanceNormal  = "normal"
-	sendEmailEndpoint = "/emails:send"
-	apiVersion        = "2023-03-31"
-)
-
-type Email struct {
-	Recipients    Recipients     `json:"recipients"`
-	SenderAddress string         `json:"senderAddress"`
-	Content       Content        `json:"content"`
-	Headers       []CustomHeader `json:"headers"`
-	Tracking      bool           `json:"disableUserEngagementTracking"`
-	Importance    string         `json:"importance"`
-	ReplyTo       []EmailAddress `json:"replyTo"`
-	Attachments   []Attachment   `json:"attachments"`
-}
-
-type Recipients struct {
-	To  []EmailAddress `json:"to"`
-	CC  []EmailAddress `json:"cc"`
-	BCC []EmailAddress `json:"bcc"`
-}
-
-type EmailAddress struct {
-	DisplayName string `json:"displayName"`
-	Address     string `json:"address"`
-}
-
-type Content struct {
-	Subject   string `json:"subject"`
-	HTML      string `json:"html"`
-	PlainText string `json:"plainText"`
-}
-
-type CustomHeader struct {
-	Name  string `json:"name"`
-	Value string `json:"value"`
-}
-
-type Attachment struct {
-	Content        string `json:"contentBytesBase64"`
-	AttachmentType string `json:"attachmentType"`
-	Name           string `json:"name"`
-}
-
-type ErrorResponse struct {
-	Error CommunicationError `json:"error"`
-}
-
-// CommunicationError contains the error code and message
-type CommunicationError struct {
-	Code    string `json:"code"`
-	Message string `json:"message"`
-}
-
-type AzureACSEmailProvider struct {
-	AccessKey string
-	Endpoint  string
-}
-
-func NewAzureACSEmailProvider(accessKey string, endpoint string) *AzureACSEmailProvider {
-	return &AzureACSEmailProvider{
-		AccessKey: accessKey,
-		Endpoint:  endpoint,
-	}
-}
-
-func newEmail(fromAddress string, toAddress string, subject string, content string) *Email {
-	return &Email{
-		Recipients: Recipients{
-			To: []EmailAddress{
-				{
-					DisplayName: toAddress,
-					Address:     toAddress,
-				},
-			},
-		},
-		SenderAddress: fromAddress,
-		Content: Content{
-			Subject: subject,
-			HTML:    content,
-		},
-		Importance:  importanceNormal,
-		Attachments: []Attachment{},
-	}
-}
-
-func (a *AzureACSEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	email := newEmail(fromAddress, toAddress, subject, content)
-
-	postBody, err := json.Marshal(email)
-	if err != nil {
-		return err
-	}
-
-	endpoint := strings.TrimSuffix(a.Endpoint, "/")
-	url := fmt.Sprintf("%s/emails:send?api-version=2023-03-31", endpoint)
-
-	bodyBuffer := bytes.NewBuffer(postBody)
-	req, err := http.NewRequest("POST", url, bodyBuffer)
-	if err != nil {
-		return err
-	}
-
-	err = signRequestHMAC(a.AccessKey, req)
-	if err != nil {
-		return err
-	}
-
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("repeatability-request-id", uuid.New().String())
-	req.Header.Set("repeatability-first-sent", time.Now().UTC().Format(http.TimeFormat))
-
-	client := &http.Client{}
-	resp, err := client.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode == http.StatusBadRequest || resp.StatusCode == http.StatusUnauthorized {
-		commError := ErrorResponse{}
-
-		err = json.NewDecoder(resp.Body).Decode(&commError)
-		if err != nil {
-			return err
-		}
-
-		return fmt.Errorf("status code: %d, error message: %s", resp.StatusCode, commError.Error.Message)
-	}
-
-	if resp.StatusCode != http.StatusAccepted {
-		return fmt.Errorf("status code: %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func signRequestHMAC(secret string, req *http.Request) error {
-	method := req.Method
-	host := req.URL.Host
-	pathAndQuery := req.URL.Path
-
-	if req.URL.RawQuery != "" {
-		pathAndQuery = pathAndQuery + "?" + req.URL.RawQuery
-	}
-
-	var content []byte
-	var err error
-	if req.Body != nil {
-		content, err = io.ReadAll(req.Body)
-		if err != nil {
-			// return err
-			content = []byte{}
-		}
-	}
-
-	req.Body = io.NopCloser(bytes.NewBuffer(content))
-
-	key, err := base64.StdEncoding.DecodeString(secret)
-	if err != nil {
-		return fmt.Errorf("error decoding secret: %s", err)
-	}
-
-	timestamp := time.Now().UTC().Format(http.TimeFormat)
-	contentHash := GetContentHashBase64(content)
-	stringToSign := fmt.Sprintf("%s\n%s\n%s;%s;%s", strings.ToUpper(method), pathAndQuery, timestamp, host, contentHash)
-	signature := GetHmac(stringToSign, key)
-
-	req.Header.Set("x-ms-content-sha256", contentHash)
-	req.Header.Set("x-ms-date", timestamp)
-
-	req.Header.Set("Authorization", "HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature="+signature)
-
-	return nil
-}
-
-func GetContentHashBase64(content []byte) string {
-	hasher := sha256.New()
-	hasher.Write(content)
-
-	return base64.StdEncoding.EncodeToString(hasher.Sum(nil))
-}
-
-func GetHmac(content string, key []byte) string {
-	hmac := hmac.New(sha256.New, key)
-	hmac.Write([]byte(content))
-
-	return base64.StdEncoding.EncodeToString(hmac.Sum(nil))
-}
--- a/email/custom_http.go
+++ b/email/custom_http.go
@@ -1,132 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/casdoor/casdoor/proxy"
-)
-
-type HttpEmailProvider struct {
-	endpoint    string
-	method      string
-	httpHeaders map[string]string
-	bodyMapping map[string]string
-	contentType string
-}
-
-func NewHttpEmailProvider(endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) *HttpEmailProvider {
-	if contentType == "" {
-		contentType = "application/x-www-form-urlencoded"
-	}
-
-	client := &HttpEmailProvider{
-		endpoint:    endpoint,
-		method:      method,
-		httpHeaders: httpHeaders,
-		bodyMapping: bodyMapping,
-		contentType: contentType,
-	}
-	return client
-}
-
-func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	var req *http.Request
-	var err error
-
-	fromNameField := "fromName"
-	toAddressField := "toAddress"
-	subjectField := "subject"
-	contentField := "content"
-
-	for k, v := range c.bodyMapping {
-		switch k {
-		case "fromName":
-			fromNameField = v
-		case "toAddress":
-			toAddressField = v
-		case "subject":
-			subjectField = v
-		case "content":
-			contentField = v
-		}
-	}
-
-	if c.method == "POST" || c.method == "PUT" || c.method == "DELETE" {
-		bodyMap := make(map[string]string)
-		bodyMap[fromNameField] = fromName
-		bodyMap[toAddressField] = toAddress
-		bodyMap[subjectField] = subject
-		bodyMap[contentField] = content
-
-		var fromValueBytes []byte
-		if c.contentType == "application/json" {
-			fromValueBytes, err = json.Marshal(bodyMap)
-			if err != nil {
-				return err
-			}
-			req, err = http.NewRequest(c.method, c.endpoint, bytes.NewBuffer(fromValueBytes))
-		} else {
-			formValues := url.Values{}
-			for k, v := range bodyMap {
-				formValues.Add(k, v)
-			}
-			req, err = http.NewRequest(c.method, c.endpoint, strings.NewReader(formValues.Encode()))
-		}
-
-		if err != nil {
-			return err
-		}
-
-		req.Header.Set("Content-Type", c.contentType)
-	} else if c.method == "GET" {
-		req, err = http.NewRequest(c.method, c.endpoint, nil)
-		if err != nil {
-			return err
-		}
-
-		q := req.URL.Query()
-		q.Add(fromNameField, fromName)
-		q.Add(toAddressField, toAddress)
-		q.Add(subjectField, subject)
-		q.Add(contentField, content)
-		req.URL.RawQuery = q.Encode()
-	} else {
-		return fmt.Errorf("HttpEmailProvider's Send() error, unsupported method: %s", c.method)
-	}
-
-	for k, v := range c.httpHeaders {
-		req.Header.Set(k, v)
-	}
-
-	httpClient := proxy.DefaultHttpClient
-	resp, err := httpClient.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("HttpEmailProvider's Send() error, custom HTTP Email request failed with status: %s", resp.Status)
-	}
-
-	return err
-}
--- a/email/provider.go
+++ b/email/provider.go
@@ -1,31 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-type EmailProvider interface {
-	Send(fromAddress string, fromName, toAddress string, subject string, content string) error
-}
-
-func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, disableSsl bool, endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) EmailProvider {
-	if typ == "Azure ACS" {
-		return NewAzureACSEmailProvider(clientSecret, host)
-	} else if typ == "Custom HTTP Email" {
-		return NewHttpEmailProvider(endpoint, method, httpHeaders, bodyMapping, contentType)
-	} else if typ == "SendGrid" {
-		return NewSendgridEmailProvider(clientSecret, host, endpoint)
-	} else {
-		return NewSmtpEmailProvider(clientId, clientSecret, host, port, typ, disableSsl)
-	}
-}
--- a/email/sendgrid.go
+++ b/email/sendgrid.go
@@ -1,87 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//	http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/sendgrid/sendgrid-go"
-	"github.com/sendgrid/sendgrid-go/helpers/mail"
-)
-
-type SendgridEmailProvider struct {
-	ApiKey   string
-	Host     string
-	Endpoint string
-}
-
-type SendgridResponseBody struct {
-	Errors []struct {
-		Message string      `json:"message"`
-		Field   interface{} `json:"field"`
-		Help    interface{} `json:"help"`
-	} `json:"errors"`
-}
-
-func NewSendgridEmailProvider(apiKey string, host string, endpoint string) *SendgridEmailProvider {
-	return &SendgridEmailProvider{ApiKey: apiKey, Host: host, Endpoint: endpoint}
-}
-
-func (s *SendgridEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	client := s.initSendgridClient()
-
-	from := mail.NewEmail(fromName, fromAddress)
-	to := mail.NewEmail("", toAddress)
-	message := mail.NewSingleEmail(from, subject, to, "", content)
-
-	resp, err := client.Send(message)
-	if err != nil {
-		return err
-	}
-
-	if resp.StatusCode >= 300 {
-		var responseBody SendgridResponseBody
-		err = json.Unmarshal([]byte(resp.Body), &responseBody)
-		if err != nil {
-			return err
-		}
-
-		messages := []string{}
-		for _, sendgridError := range responseBody.Errors {
-			messages = append(messages, sendgridError.Message)
-		}
-
-		return fmt.Errorf("status code: %d, error message: %s", resp.StatusCode, messages)
-	}
-
-	if resp.StatusCode != http.StatusAccepted {
-		return fmt.Errorf("status code: %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func (s *SendgridEmailProvider) initSendgridClient() *sendgrid.Client {
-	if s.Host == "" || s.Endpoint == "" {
-		return sendgrid.NewSendClient(s.ApiKey)
-	}
-
-	request := sendgrid.GetRequest(s.ApiKey, s.Endpoint, s.Host)
-	request.Method = "POST"
-
-	return &sendgrid.Client{Request: request}
-}
--- a/email/smtp.go
+++ b/email/smtp.go
@@ -1,57 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"crypto/tls"
-	"strings"
-
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/gomail/v2"
-)
-
-type SmtpEmailProvider struct {
-	Dialer *gomail.Dialer
-}
-
-func NewSmtpEmailProvider(userName string, password string, host string, port int, typ string, disableSsl bool) *SmtpEmailProvider {
-	dialer := gomail.NewDialer(host, port, userName, password)
-	if typ == "SUBMAIL" {
-		dialer.TLSConfig = &tls.Config{InsecureSkipVerify: true}
-	}
-
-	dialer.SSL = !disableSsl
-
-	if strings.HasSuffix(host, ".amazonaws.com") {
-		socks5Proxy := conf.GetConfigString("socks5Proxy")
-		if socks5Proxy != "" {
-			dialer.SetSocks5Proxy(socks5Proxy)
-		}
-	}
-
-	return &SmtpEmailProvider{Dialer: dialer}
-}
-
-func (s *SmtpEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	message := gomail.NewMessage()
-
-	message.SetAddressHeader("From", fromAddress, fromName)
-	message.SetHeader("To", toAddress)
-	message.SetHeader("Subject", subject)
-	message.SetBody("text/html", content)
-
-	message.SkipUsernameCheck = true
-	return s.Dialer.DialAndSend(message)
-}
--- a/faceId/aliyun.go
+++ b/faceId/aliyun.go
@@ -1,81 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package faceId
-
-import (
-	"strings"
-
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	facebody20191230 "github.com/alibabacloud-go/facebody-20191230/v5/client"
-	util "github.com/alibabacloud-go/tea-utils/v2/service"
-	"github.com/alibabacloud-go/tea/tea"
-)
-
-type AliyunFaceIdProvider struct {
-	AccessKey    string
-	AccessSecret string
-
-	Endpoint              string
-	QualityScoreThreshold float32
-}
-
-func NewAliyunFaceIdProvider(accessKey string, accessSecret string, endPoint string) *AliyunFaceIdProvider {
-	return &AliyunFaceIdProvider{
-		AccessKey:             accessKey,
-		AccessSecret:          accessSecret,
-		Endpoint:              endPoint,
-		QualityScoreThreshold: 0.65,
-	}
-}
-
-func (provider *AliyunFaceIdProvider) Check(base64ImageA string, base64ImageB string) (bool, error) {
-	config := openapi.Config{
-		AccessKeyId:     tea.String(provider.AccessKey),
-		AccessKeySecret: tea.String(provider.AccessSecret),
-	}
-	config.Endpoint = tea.String(provider.Endpoint)
-	client, err := facebody20191230.NewClient(&config)
-	if err != nil {
-		return false, err
-	}
-
-	compareFaceRequest := &facebody20191230.CompareFaceRequest{
-		QualityScoreThreshold: tea.Float32(provider.QualityScoreThreshold),
-		ImageDataA:            tea.String(strings.Replace(base64ImageA, "data:image/png;base64,", "", -1)),
-		ImageDataB:            tea.String(strings.Replace(base64ImageB, "data:image/png;base64,", "", -1)),
-	}
-
-	runtime := &util.RuntimeOptions{}
-
-	defer func() {
-		if r := tea.Recover(recover()); r != nil {
-			err = r
-		}
-	}()
-	result, err := client.CompareFaceWithOptions(compareFaceRequest, runtime)
-	if err != nil {
-		return false, err
-	}
-
-	if result == nil {
-		return false, nil
-	}
-
-	if *result.Body.Data.Thresholds[0] < *result.Body.Data.Confidence {
-		return true, nil
-	}
-
-	return false, nil
-}
--- a/faceId/provider.go
+++ b/faceId/provider.go
@@ -1,23 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package faceId
-
-type FaceIdProvider interface {
-	Check(base64ImageA string, base64ImageB string) (bool, error)
-}
-
-func GetFaceIdProvider(typ string, clientId string, clientSecret string, endPoint string) FaceIdProvider {
-	return NewAliyunFaceIdProvider(clientId, clientSecret, endPoint)
-}
--- a/form/auth.go
+++ b/form/auth.go
@@ -14,38 +14,28 @@

 package form

-import "reflect"
-
 type AuthForm struct {
-	Type         string `json:"type"`
-	SigninMethod string `json:"signinMethod"`
+	Type string `json:"type"`

-	Organization   string `json:"organization"`
-	Username       string `json:"username"`
-	Password       string `json:"password"`
-	Name           string `json:"name"`
-	FirstName      string `json:"firstName"`
-	LastName       string `json:"lastName"`
-	Gender         string `json:"gender"`
-	Bio            string `json:"bio"`
-	Tag            string `json:"tag"`
-	Education      string `json:"education"`
-	Email          string `json:"email"`
-	Phone          string `json:"phone"`
-	Affiliation    string `json:"affiliation"`
-	IdCard         string `json:"idCard"`
-	Language       string `json:"language"`
-	Region         string `json:"region"`
-	InvitationCode string `json:"invitationCode"`
+	Organization string `json:"organization"`
+	Username     string `json:"username"`
+	Password     string `json:"password"`
+	Name         string `json:"name"`
+	FirstName    string `json:"firstName"`
+	LastName     string `json:"lastName"`
+	Email        string `json:"email"`
+	Phone        string `json:"phone"`
+	Affiliation  string `json:"affiliation"`
+	IdCard       string `json:"idCard"`
+	Region       string `json:"region"`

-	Application  string `json:"application"`
-	ClientId     string `json:"clientId"`
-	Provider     string `json:"provider"`
-	ProviderBack string `json:"providerBack"`
-	Code         string `json:"code"`
-	State        string `json:"state"`
-	RedirectUri  string `json:"redirectUri"`
-	Method       string `json:"method"`
+	Application string `json:"application"`
+	ClientId    string `json:"clientId"`
+	Provider    string `json:"provider"`
+	Code        string `json:"code"`
+	State       string `json:"state"`
+	RedirectUri string `json:"redirectUri"`
+	Method      string `json:"method"`

 	EmailCode   string `json:"emailCode"`
 	PhoneCode   string `json:"phoneCode"`
@@ -61,25 +51,10 @@ type AuthForm struct {
 	CaptchaToken string `json:"captchaToken"`
 	ClientSecret string `json:"clientSecret"`

-	MfaType           string `json:"mfaType"`
-	Passcode          string `json:"passcode"`
-	RecoveryCode      string `json:"recoveryCode"`
-	EnableMfaRemember bool   `json:"enableMfaRemember"`
+	MfaType      string `json:"mfaType"`
+	Passcode     string `json:"passcode"`
+	RecoveryCode string `json:"recoveryCode"`

 	Plan    string `json:"plan"`
 	Pricing string `json:"pricing"`
-
-	FaceId      []float64 `json:"faceId"`
-	FaceIdImage []string  `json:"faceIdImage"`
-	UserCode    string    `json:"userCode"`
-}
-
-func GetAuthFormFieldValue(form *AuthForm, fieldName string) (bool, string) {
-	val := reflect.ValueOf(*form)
-	fieldValue := val.FieldByName(fieldName)
-
-	if fieldValue.IsValid() && fieldValue.Kind() == reflect.String {
-		return true, fieldValue.String()
-	}
-	return false, ""
 }
--- a/go.mod
+++ b/go.mod
@@ -1,249 +1,69 @@
 module github.com/casdoor/casdoor

-go 1.21
+go 1.16

 require (
 	github.com/Masterminds/squirrel v1.5.3
+	github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
-	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4
-	github.com/alibabacloud-go/facebody-20191230/v5 v5.1.2
-	github.com/alibabacloud-go/openapi-util v0.1.0
-	github.com/alibabacloud-go/tea v1.3.2
-	github.com/alibabacloud-go/tea-utils/v2 v2.0.7
-	github.com/aws/aws-sdk-go v1.45.5
+	github.com/aliyun/alibaba-cloud-sdk-go v1.62.188 // indirect
+	github.com/aws/aws-sdk-go v1.44.4
 	github.com/beego/beego v1.12.12
 	github.com/beevik/etree v1.1.0
-	github.com/casbin/casbin/v2 v2.77.2
-	github.com/casdoor/go-sms-sender v0.25.0
-	github.com/casdoor/gomail/v2 v2.1.0
-	github.com/casdoor/ldapserver v1.2.0
-	github.com/casdoor/notify v1.0.1
-	github.com/casdoor/oss v1.8.0
-	github.com/casdoor/xorm-adapter/v3 v3.1.0
-	github.com/casvisor/casvisor-go-sdk v1.4.0
+	github.com/casbin/casbin v1.9.1 // indirect
+	github.com/casbin/casbin/v2 v2.30.1
+	github.com/casdoor/go-sms-sender v0.12.0
+	github.com/casdoor/gomail/v2 v2.0.1
+	github.com/casdoor/oss v1.3.0
+	github.com/casdoor/xorm-adapter/v3 v3.0.4
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.9.0
-	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
+	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
 	github.com/fogleman/gg v1.3.0
-	github.com/go-asn1-ber/asn1-ber v1.5.5
-	github.com/go-git/go-git/v5 v5.13.0
-	github.com/go-ldap/ldap/v3 v3.4.6
+	github.com/forestmgy/ldapserver v1.1.0
+	github.com/go-git/go-git/v5 v5.6.0
+	github.com/go-ldap/ldap/v3 v3.3.0
 	github.com/go-mysql-org/go-mysql v1.7.0
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
-	github.com/go-webauthn/webauthn v0.10.2
-	github.com/golang-jwt/jwt/v5 v5.2.2
-	github.com/google/uuid v1.6.0
-	github.com/json-iterator/go v1.1.12
-	github.com/lestrrat-go/jwx v1.2.29
-	github.com/lib/pq v1.10.9
+	github.com/go-webauthn/webauthn v0.6.0
+	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/google/uuid v1.3.0
+	github.com/gorilla/mux v1.7.3 // indirect
+	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
+	github.com/lestrrat-go/jwx v1.2.21
+	github.com/lib/pq v1.10.2
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
-	github.com/markbates/goth v1.79.0
+	github.com/markbates/goth v1.75.2
 	github.com/mitchellh/mapstructure v1.5.0
+	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/nyaruka/phonenumbers v1.1.5
 	github.com/pquerna/otp v1.4.0
 	github.com/prometheus/client_golang v1.11.1
-	github.com/prometheus/client_model v0.4.0
+	github.com/prometheus/client_model v0.3.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/russellhaering/gosaml2 v0.9.0
 	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/sendgrid/sendgrid-go v3.14.0+incompatible
+	github.com/satori/go.uuid v1.2.0
+	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/stretchr/testify v1.10.0
-	github.com/stripe/stripe-go/v74 v74.29.0
+	github.com/stretchr/testify v1.8.3
+	github.com/stripe/stripe-go/v74 v74.29.0 // indirect
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
+	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/xorm-io/builder v0.3.13
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
-	golang.org/x/crypto v0.32.0
-	golang.org/x/net v0.34.0
-	golang.org/x/oauth2 v0.17.0
-	golang.org/x/text v0.21.0
-	google.golang.org/api v0.150.0
+	github.com/yusufpapurcu/wmi v1.2.2 // indirect
+	golang.org/x/crypto v0.11.0
+	golang.org/x/net v0.13.0
+	golang.org/x/oauth2 v0.10.0
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
-	layeh.com/radius v0.0.0-20221205141417-e7fbddd11d68
-	maunium.net/go/mautrix v0.16.0
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	modernc.org/sqlite v1.18.2
 )
-
-require (
-	cloud.google.com/go v0.110.8 // indirect
-	cloud.google.com/go/compute v1.23.1 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.3 // indirect
-	cloud.google.com/go/storage v1.35.1 // indirect
-	dario.cat/mergo v1.0.0 // indirect
-	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
-	github.com/Azure/azure-storage-blob-go v0.15.0 // indirect
-	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/BurntSushi/toml v0.3.1 // indirect
-	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v1.1.3 // indirect
-	github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20221121042443-a3fd332d56d9 // indirect
-	github.com/SherClockHolmes/webpush-go v1.2.0 // indirect
-	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
-	github.com/alibabacloud-go/darabonba-number v1.0.4 // indirect
-	github.com/alibabacloud-go/debug v1.0.1 // indirect
-	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
-	github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
-	github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
-	github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
-	github.com/alibabacloud-go/tea-oss-utils v1.1.0 // indirect
-	github.com/alibabacloud-go/tea-utils v1.3.6 // indirect
-	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
-	github.com/aliyun/alibaba-cloud-sdk-go v1.62.545 // indirect
-	github.com/aliyun/aliyun-oss-go-sdk v2.2.2+incompatible // indirect
-	github.com/aliyun/credentials-go v1.3.10 // indirect
-	github.com/apistd/uni-go-sdk v0.0.2 // indirect
-	github.com/atc0005/go-teams-notify/v2 v2.13.0 // indirect
-	github.com/baidubce/bce-sdk-go v0.9.156 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/blinkbean/dingtalk v0.0.0-20210905093040-7d935c0f7e19 // indirect
-	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
-	github.com/bwmarrin/discordgo v0.27.1 // indirect
-	github.com/casdoor/casdoor-go-sdk v0.50.0 // indirect
-	github.com/casdoor/go-reddit/v2 v2.1.0 // indirect
-	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/clbanning/mxj/v2 v2.7.0 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb // indirect
-	github.com/cyphar/filepath-securejoin v0.2.5 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
-	github.com/dghubble/oauth1 v0.7.2 // indirect
-	github.com/dghubble/sling v1.4.0 // indirect
-	github.com/di-wu/parser v0.2.2 // indirect
-	github.com/di-wu/xsd-datetime v1.0.0 // indirect
-	github.com/drswork/go-twitter v0.0.0-20221107160839-dea1b6ed53d7 // indirect
-	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
-	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
-	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.0 // indirect
-	github.com/go-lark/lark v1.9.0 // indirect
-	github.com/go-ole/go-ole v1.2.6 // indirect
-	github.com/go-webauthn/x v0.1.9 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
-	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/mock v1.6.0 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
-	github.com/gomodule/redigo v2.0.0+incompatible // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/go-tpm v0.9.0 // indirect
-	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
-	github.com/gregdel/pushover v1.2.1 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/jonboulle/clockwork v0.2.2 // indirect
-	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
-	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
-	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/iter v1.0.2 // indirect
-	github.com/lestrrat-go/option v1.0.1 // indirect
-	github.com/line/line-bot-sdk-go v7.8.0+incompatible // indirect
-	github.com/markbates/going v1.0.0 // indirect
-	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-ieproxy v0.0.1 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/mileusna/viber v1.0.1 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c // indirect
-	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
-	github.com/pingcap/errors v0.11.5-0.20210425183316-da1aaba5fb63 // indirect
-	github.com/pingcap/log v0.0.0-20210625125904-98ed8e2eb1c7 // indirect
-	github.com/pingcap/tidb/parser v0.0.0-20221126021158-6b02a5d8ba7d // indirect
-	github.com/pjbgf/sha1cd v0.3.0 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/common v0.30.0 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/qiniu/go-sdk/v7 v7.12.1 // indirect
-	github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
-	github.com/rs/zerolog v1.30.0 // indirect
-	github.com/scim2/filter-parser/v2 v2.2.0 // indirect
-	github.com/sendgrid/rest v2.6.9+incompatible // indirect
-	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
-	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
-	github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 // indirect
-	github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
-	github.com/skeema/knownhosts v1.3.0 // indirect
-	github.com/slack-go/slack v0.12.3 // indirect
-	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/syndtr/goleveldb v1.0.0 // indirect
-	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.744 // indirect
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sms v1.0.744 // indirect
-	github.com/tidwall/gjson v1.16.0 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
-	github.com/tidwall/pretty v1.2.1 // indirect
-	github.com/tidwall/sjson v1.2.5 // indirect
-	github.com/tjfoc/gmsm v1.4.1 // indirect
-	github.com/tklauser/go-sysconf v0.3.10 // indirect
-	github.com/tklauser/numcpus v0.4.0 // indirect
-	github.com/twilio/twilio-go v1.13.0 // indirect
-	github.com/ucloud/ucloud-sdk-go v0.22.5 // indirect
-	github.com/utahta/go-linenotify v0.5.0 // indirect
-	github.com/volcengine/volc-sdk-golang v1.0.117 // indirect
-	github.com/x448/float16 v0.8.4 // indirect
-	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	go.mau.fi/util v0.0.0-20230805171708-199bf3eec776 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.7.0 // indirect
-	go.uber.org/zap v1.19.1 // indirect
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/image v0.0.0-20190802002840-cff245a6509b // indirect
-	golang.org/x/mod v0.19.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.23.0 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
-	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
-	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
-	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	lukechampine.com/uint128 v1.1.1 // indirect
-	maunium.net/go/maulogger/v2 v2.4.1 // indirect
-	modernc.org/cc/v3 v3.37.0 // indirect
-	modernc.org/ccgo/v3 v3.16.9 // indirect
-	modernc.org/libc v1.18.0 // indirect
-	modernc.org/mathutil v1.5.0 // indirect
-	modernc.org/memory v1.3.0 // indirect
-	modernc.org/opt v0.1.1 // indirect
-	modernc.org/strutil v1.1.3 // indirect
-	modernc.org/token v1.0.1 // indirect
-)
--- a/go.sum
+++ b/go.sum
--- a/i18n/generate.go
+++ b/i18n/generate.go
@@ -84,10 +84,6 @@ func getAllFilePathsInFolder(folder string, fileSuffix string) []string {
 				return err
 			}

-			if strings.HasSuffix(path, "node_modules") {
-				return filepath.SkipDir
-			}
-
 			if !strings.HasSuffix(info.Name(), fileSuffix) {
 				return nil
 			}
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@@ -38,15 +38,7 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	applyToOtherLanguage("frontend", "tr", data)
 	applyToOtherLanguage("frontend", "ar", data)
 	applyToOtherLanguage("frontend", "he", data)
-	applyToOtherLanguage("frontend", "nl", data)
-	applyToOtherLanguage("frontend", "pl", data)
 	applyToOtherLanguage("frontend", "fi", data)
-	applyToOtherLanguage("frontend", "sv", data)
-	applyToOtherLanguage("frontend", "uk", data)
-	applyToOtherLanguage("frontend", "kk", data)
-	applyToOtherLanguage("frontend", "fa", data)
-	applyToOtherLanguage("frontend", "cs", data)
-	applyToOtherLanguage("frontend", "sk", data)
 }

 func TestGenerateI18nBackend(t *testing.T) {
@@ -68,13 +60,5 @@ func TestGenerateI18nBackend(t *testing.T) {
 	applyToOtherLanguage("backend", "tr", data)
 	applyToOtherLanguage("backend", "ar", data)
 	applyToOtherLanguage("backend", "he", data)
-	applyToOtherLanguage("backend", "nl", data)
-	applyToOtherLanguage("backend", "pl", data)
 	applyToOtherLanguage("backend", "fi", data)
-	applyToOtherLanguage("backend", "sv", data)
-	applyToOtherLanguage("backend", "uk", data)
-	applyToOtherLanguage("backend", "kk", data)
-	applyToOtherLanguage("backend", "fa", data)
-	applyToOtherLanguage("backend", "cs", data)
-	applyToOtherLanguage("backend", "sk", data)
 }
--- a/i18n/locales/ar/data.json
+++ b/i18n/locales/ar/data.json
@@ -1,191 +1,142 @@
 {
  "account": {
-    "Failed to add user": "فشل إضافة المستخدم",
-    "Get init score failed, error: %w": "فشل الحصول على النتيجة الأولية، الخطأ: %w",
-    "Please sign out first": "يرجى تسجيل الخروج أولاً",
-    "The application does not allow to sign up new account": "التطبيق لا يسمح بالتسجيل بحساب جديد"
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "auth": {
-    "Challenge method should be S256": "يجب أن تكون طريقة التحدي S256",
-    "DeviceCode Invalid": "رمز الجهاز غير صالح",
-    "Failed to create user, user information is invalid: %s": "فشل إنشاء المستخدم، معلومات المستخدم غير صالحة: %s",
-    "Failed to login in: %s": "فشل تسجيل الدخول: %s",
-    "Invalid token": "الرمز غير صالح",
-    "State expected: %s, but got: %s": "كان من المتوقع الحالة: %s، لكن حصلنا على: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "الحساب الخاص بالمزود: %s واسم المستخدم: %s (%s) غير موجود ولا يُسمح بالتسجيل كحساب جديد عبر %%s، يرجى استخدام طريقة أخرى للتسجيل",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "الحساب الخاص بالمزود: %s واسم المستخدم: %s (%s) غير موجود ولا يُسمح بالتسجيل كحساب جديد، يرجى الاتصال بدعم تكنولوجيا المعلومات",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "الحساب الخاص بالمزود: %s واسم المستخدم: %s (%s) مرتبط بالفعل بحساب آخر: %s (%s)",
-    "The application: %s does not exist": "التطبيق: %s غير موجود",
-    "The login method: login with LDAP is not enabled for the application": "طريقة تسجيل الدخول: تسجيل الدخول باستخدام LDAP غير مفعّلة لهذا التطبيق",
-    "The login method: login with SMS is not enabled for the application": "طريقة تسجيل الدخول: تسجيل الدخول باستخدام الرسائل النصية غير مفعّلة لهذا التطبيق",
-    "The login method: login with email is not enabled for the application": "طريقة تسجيل الدخول: تسجيل الدخول باستخدام البريد الإلكتروني غير مفعّلة لهذا التطبيق",
-    "The login method: login with face is not enabled for the application": "طريقة تسجيل الدخول: تسجيل الدخول باستخدام الوجه غير مفعّلة لهذا التطبيق",
-    "The login method: login with password is not enabled for the application": "طريقة تسجيل الدخول: تسجيل الدخول باستخدام كلمة المرور غير مفعّلة لهذا التطبيق",
-    "The organization: %s does not exist": "المنظمة: %s غير موجودة",
-    "The provider: %s does not exist": "المزود: %s غير موجود",
-    "The provider: %s is not enabled for the application": "المزود: %s غير مفعّل لهذا التطبيق",
-    "Unauthorized operation": "عملية غير مصرح بها",
-    "Unknown authentication type (not password or provider), form = %s": "نوع مصادقة غير معروف (ليس كلمة مرور أو مزود)، النموذج = %s",
-    "User's tag: %s is not listed in the application's tags": "وسم المستخدم: %s غير مدرج في وسوم التطبيق",
-    "UserCode Expired": "رمز المستخدم منتهي الصلاحية",
-    "UserCode Invalid": "رمز المستخدم غير صالح",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "المستخدم المدفوع %s ليس لديه اشتراك نشط أو معلق والتطبيق: %s ليس لديه تسعير افتراضي",
-    "the application for user %s is not found": "لم يتم العثور على التطبيق الخاص بالمستخدم %s",
-    "the organization: %s is not found": "لم يتم العثور على المنظمة: %s"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
-    "Service %s and %s do not match": "الخدمة %s و %s غير متطابقتين"
+    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s لا تلبي متطلبات تنسيق CIDR: %s",
-    "Affiliation cannot be blank": "الانتماء لا يمكن أن يكون فارغاً",
-    "CIDR for IP: %s should not be empty": "CIDR لعنوان IP: %s لا يجب أن يكون فارغاً",
-    "Default code does not match the code's matching rules": "الرمز الافتراضي لا يتطابق مع قواعد المطابقة",
-    "DisplayName cannot be blank": "اسم العرض لا يمكن أن يكون فارغاً",
-    "DisplayName is not valid real name": "اسم العرض ليس اسمًا حقيقيًا صالحًا",
-    "Email already exists": "البريد الإلكتروني موجود بالفعل",
-    "Email cannot be empty": "البريد الإلكتروني لا يمكن أن يكون فارغاً",
-    "Email is invalid": "البريد الإلكتروني غير صالح",
-    "Empty username.": "اسم المستخدم فارغ.",
-    "Face data does not exist, cannot log in": "بيانات الوجه غير موجودة، لا يمكن تسجيل الدخول",
-    "Face data mismatch": "عدم تطابق بيانات الوجه",
-    "Failed to parse client IP: %s": "فشل تحليل IP العميل: %s",
-    "FirstName cannot be blank": "الاسم الأول لا يمكن أن يكون فارغاً",
-    "Invitation code cannot be blank": "رمز الدعوة لا يمكن أن يكون فارغاً",
-    "Invitation code exhausted": "رمز الدعوة استُنفِد",
-    "Invitation code is invalid": "رمز الدعوة غير صالح",
-    "Invitation code suspended": "رمز الدعوة موقوف",
-    "LDAP user name or password incorrect": "اسم مستخدم LDAP أو كلمة المرور غير صحيحة",
-    "LastName cannot be blank": "الاسم الأخير لا يمكن أن يكون فارغاً",
-    "Multiple accounts with same uid, please check your ldap server": "حسابات متعددة بنفس uid، يرجى التحقق من خادم ldap الخاص بك",
-    "Organization does not exist": "المنظمة غير موجودة",
-    "Password cannot be empty": "كلمة المرور لا يمكن أن تكون فارغة",
-    "Phone already exists": "الهاتف موجود بالفعل",
-    "Phone cannot be empty": "الهاتف لا يمكن أن يكون فارغاً",
-    "Phone number is invalid": "رقم الهاتف غير صالح",
-    "Please register using the email corresponding to the invitation code": "يرجى التسجيل باستخدام البريد الإلكتروني المطابق لرمز الدعوة",
-    "Please register using the phone  corresponding to the invitation code": "يرجى التسجيل باستخدام الهاتف المطابق لرمز الدعوة",
-    "Please register using the username corresponding to the invitation code": "يرجى التسجيل باستخدام اسم المستخدم المطابق لرمز الدعوة",
-    "Session outdated, please login again": "الجلسة منتهية الصلاحية، يرجى تسجيل الدخول مرة أخرى",
-    "The invitation code has already been used": "رمز الدعوة تم استخدامه بالفعل",
-    "The user is forbidden to sign in, please contact the administrator": "المستخدم ممنوع من تسجيل الدخول، يرجى الاتصال بالمسؤول",
-    "The user: %s doesn't exist in LDAP server": "المستخدم: %s غير موجود في خادم LDAP",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "اسم المستخدم يمكن أن يحتوي فقط على أحرف وأرقام، شرطات سفلية أو علوية، لا يمكن أن تحتوي على شرطات متتالية، ولا يمكن أن يبدأ أو ينتهي بشرطة.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Hesap alanı \\\"%s\\\" için \\\"%s\\\" değeri, hesap öğesi regex'iyle eşleşmiyor",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Kayıt alanı \\\"%s\\\" için \\\"%s\\\" değeri, \\\"%s\\\" uygulamasının kayıt öğesi regex'iyle eşleşmiyor",
-    "Username already exists": "اسم المستخدم موجود بالفعل",
-    "Username cannot be an email address": "اسم المستخدم لا يمكن أن يكون عنوان بريد إلكتروني",
-    "Username cannot contain white spaces": "اسم المستخدم لا يمكن أن يحتوي على مسافات",
-    "Username cannot start with a digit": "اسم المستخدم لا يمكن أن يبدأ برقم",
-    "Username is too long (maximum is 255 characters).": "اسم المستخدم طويل جداً (الحد الأقصى 255 حرفاً).",
-    "Username must have at least 2 characters": "اسم المستخدم يجب أن يحتوي على حرفين على الأقل",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "اسم المستخدم يدعم تنسيق البريد الإلكتروني. كما أن اسم المستخدم يمكن أن يحتوي فقط على أحرف وأرقام، شرطات سفلية أو علوية، لا يمكن أن تحتوي على شرطات متتالية، ولا يمكن أن يبدأ أو ينتهي بشرطة. انتبه أيضًا لتنسيق البريد الإلكتروني.",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "لقد قمت بإدخال كلمة المرور أو الرمز الخطأ عدة مرات، يرجى الانتظار %d دقائق ثم المحاولة مرة أخرى",
-    "Your IP address: %s has been banned according to the configuration of: ": "عنوان IP الخاص بك: %s تم حظره وفقًا لتكوين: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Şifrenizin süresi doldu. Lütfen \\\"Şifremi unuttum\\\"a tıklayarak şifrenizi sıfırlayın",
-    "Your region is not allow to signup by phone": "منطقتك لا تسمح بالتسجيل عبر الهاتف",
-    "password or code is incorrect": "كلمة المرور أو الرمز غير صحيح",
-    "password or code is incorrect, you have %s remaining chances": "كلمة المرور أو الرمز غير صحيح، لديك %s فرصة متبقية",
-    "unsupported password type: %s": "نوع كلمة المرور غير مدعوم: %s"
-  },
-  "enforcer": {
-    "the adapter: %s is not found": "المحول: %s غير موجود"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
  },
  "general": {
-    "Failed to import groups": "فشل استيراد المجموعات",
-    "Failed to import users": "فشل استيراد المستخدمين",
-    "Missing parameter": "المعلمة مفقودة",
-    "Only admin user can specify user": "فقط المسؤول يمكنه تحديد المستخدم",
-    "Please login first": "يرجى تسجيل الدخول أولاً",
-    "The organization: %s should have one application at least": "المنظمة: %s يجب أن تحتوي على تطبيق واحد على الأقل",
-    "The user: %s doesn't exist": "المستخدم: %s غير موجود",
-    "Wrong userId": "معرف المستخدم غير صحيح",
-    "don't support captchaProvider: ": "لا يدعم captchaProvider: ",
-    "this operation is not allowed in demo mode": "هذه العملية غير مسموح بها في وضع العرض التوضيحي",
-    "this operation requires administrator to perform": "هذه العملية تتطلب مسؤولاً لتنفيذها"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
-    "Ldap server exist": "خادم LDAP موجود"
+    "Ldap server exist": "Ldap server exist"
  },
  "link": {
-    "Please link first": "يرجى الربط أولاً",
-    "This application has no providers": "هذا التطبيق لا يحتوي على مزودين",
-    "This application has no providers of type": "هذا التطبيق لا يحتوي على مزودين من النوع",
-    "This provider can't be unlinked": "لا يمكن فصل هذا المزود",
-    "You are not the global admin, you can't unlink other users": "أنت لست المسؤول العام، لا يمكنك فصل مستخدمين آخرين",
-    "You can't unlink yourself, you are not a member of any application": "لا يمكنك فصل نفسك، أنت لست عضواً في أي تطبيق"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
  },
  "organization": {
-    "Only admin can modify the %s.": "فقط المسؤول يمكنه تعديل %s.",
-    "The %s is immutable.": "%s غير قابل للتعديل.",
-    "Unknown modify rule %s.": "قاعدة تعديل غير معروفة %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "إضافة مستخدم جديد إلى المنظمة \"المدمجة\" غير متوفر حاليًا. يرجى ملاحظة: جميع المستخدمين في المنظمة \"المدمجة\" هم مسؤولون عالميون في Casdoor. يرجى الرجوع إلى الوثائق: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. إذا كنت لا تزال ترغب في إنشاء مستخدم للمنظمة \"المدمجة\"، اไป إلى صفحة إعدادات المنظمة وقم بتمكين خيار \"لديه موافقة صلاحية\"."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "İzin: \\\"%s\\\" mevcut değil"
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "provider": {
-    "Invalid application id": "معرف التطبيق غير صالح",
-    "the provider: %s does not exist": "المزود: %s غير موجود"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
  },
  "resource": {
-    "User is nil for tag: avatar": "المستخدم nil للوسم: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "اسم المستخدم أو fullFilePath فارغ: username = %s، fullFilePath = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
  },
  "saml": {
-    "Application %s not found": "التطبيق %s غير موجود"
+    "Application %s not found": "Application %s not found"
  },
  "saml_sp": {
-    "provider %s's category is not SAML": "فئة المزود %s ليست SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
  },
  "service": {
-    "Empty parameters for emailForm: %v": "معلمات فارغة لـ emailForm: %v",
-    "Invalid Email receivers: %s": "مستقبلو البريد الإلكتروني غير صالحين: %s",
-    "Invalid phone receivers: %s": "مستقلو الهاتف غير صالحين: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
  },
  "storage": {
-    "The objectKey: %s is not allowed": "مفتاح الكائن: %s غير مسموح به",
-    "The provider type: %s is not supported": "نوع المزود: %s غير مدعوم"
-  },
-  "subscription": {
-    "Error": "خطأ"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "token": {
-    "Grant_type: %s is not supported in this application": "Grant_type: %s غير مدعوم في هذا التطبيق",
-    "Invalid application or wrong clientSecret": "تطبيق غير صالح أو clientSecret خاطئ",
-    "Invalid client_id": "client_id غير صالح",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s غير موجود في قائمة Redirect URI المسموح بها",
-    "Token not found, invalid accessToken": "الرمز غير موجود، accessToken غير صالح"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
  },
  "user": {
-    "Display name cannot be empty": "اسم العرض لا يمكن أن يكون فارغاً",
-    "MFA email is enabled but email is empty": "تم تمكين MFA للبريد الإلكتروني لكن البريد الإلكتروني فارغ",
-    "MFA phone is enabled but phone number is empty": "تم تمكين MFA للهاتف لكن رقم الهاتف فارغ",
-    "New password cannot contain blank space.": "كلمة المرور الجديدة لا يمكن أن تحتوي على مسافات.",
-    "the user's owner and name should not be empty": "مالك المستخدم واسمه لا يجب أن يكونا فارغين"
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
  },
  "util": {
-    "No application is found for userId: %s": "لم يتم العثور على تطبيق لـ userId: %s",
-    "No provider for category: %s is found for application: %s": "لم يتم العثور على مزود للفئة: %s للتطبيق: %s",
-    "The provider: %s is not found": "المزود: %s غير موجود"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
  },
  "verification": {
-    "Invalid captcha provider.": "مزود captcha غير صالح.",
-    "Phone number is invalid in your region %s": "رقم الهاتف غير صالح في منطقتك %s",
-    "The verification code has already been used!": "رمز التحقق تم استخدامه بالفعل!",
-    "The verification code has not been sent yet!": "رمز التحقق لم يُرسل بعد!",
-    "Turing test failed.": "فشل اختبار تورينغ.",
-    "Unable to get the email modify rule.": "غير قادر على الحصول على قاعدة تعديل البريد الإلكتروني.",
-    "Unable to get the phone modify rule.": "غير قادر على الحصول على قاعدة تعديل الهاتف.",
-    "Unknown type": "نوع غير معروف",
-    "Wrong verification code!": "رمز التحقق خاطئ!",
-    "You should verify your code in %d min!": "يجب عليك التحقق من الرمز خلال %d دقيقة!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "lütfen uygulama için \\\"Sağlayıcılar\\\" listesine bir SMS sağlayıcı ekleyin: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "lütfen uygulama için \\\"Sağlayıcılar\\\" listesine bir E-posta sağlayıcı ekleyin: %s",
-    "the user does not exist, please sign up first": "المستخدم غير موجود، يرجى التسجيل أولاً"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "يرجى استدعاء WebAuthnSigninBegin أولاً"
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/cs/data.json
+++ b/i18n/locales/cs/data.json
@@ -1,191 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Nepodařilo se přidat uživatele",
-    "Get init score failed, error: %w": "Nepodařilo se získat počáteční skóre, chyba: %w",
-    "Please sign out first": "Nejprve se prosím odhlaste",
-    "The application does not allow to sign up new account": "Aplikace neumožňuje registraci nového účtu"
-  },
-  "auth": {
-    "Challenge method should be S256": "Metoda výzvy by měla být S256",
-    "DeviceCode Invalid": "DeviceCode je neplatný",
-    "Failed to create user, user information is invalid: %s": "Nepodařilo se vytvořit uživatele, informace o uživateli jsou neplatné: %s",
-    "Failed to login in: %s": "Nepodařilo se přihlásit: %s",
-    "Invalid token": "Neplatný token",
-    "State expected: %s, but got: %s": "Očekávaný stav: %s, ale získán: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) neexistuje a není povoleno se registrovat jako nový účet přes %%s, prosím použijte jiný způsob registrace",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) neexistuje a není povoleno se registrovat jako nový účet, prosím kontaktujte svou IT podporu",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) je již propojen s jiným účtem: %s (%s)",
-    "The application: %s does not exist": "Aplikace: %s neexistuje",
-    "The login method: login with LDAP is not enabled for the application": "Přihlašovací metoda: přihlášení pomocí LDAP není pro aplikaci povolena",
-    "The login method: login with SMS is not enabled for the application": "Přihlašovací metoda: přihlášení pomocí SMS není pro aplikaci povolena",
-    "The login method: login with email is not enabled for the application": "Přihlašovací metoda: přihlášení pomocí e-mailu není pro aplikaci povolena",
-    "The login method: login with face is not enabled for the application": "Přihlašovací metoda: přihlášení pomocí obličeje není pro aplikaci povolena",
-    "The login method: login with password is not enabled for the application": "Metoda přihlášení: přihlášení pomocí hesla není pro aplikaci povolena",
-    "The organization: %s does not exist": "Organizace: %s neexistuje",
-    "The provider: %s does not exist": "Poskytovatel: %s neexistuje",
-    "The provider: %s is not enabled for the application": "Poskytovatel: %s není pro aplikaci povolen",
-    "Unauthorized operation": "Neoprávněná operace",
-    "Unknown authentication type (not password or provider), form = %s": "Neznámý typ autentizace (není heslo nebo poskytovatel), formulář = %s",
-    "User's tag: %s is not listed in the application's tags": "Uživatelův tag: %s není uveden v tagech aplikace",
-    "UserCode Expired": "UserCode vypršel",
-    "UserCode Invalid": "UserCode je neplatný",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Placený uživatel %s nemá aktivní ani čekající předplatné a aplikace: %s nemá výchozí ceny",
-    "the application for user %s is not found": "Aplikace pro uživatele %s nebyla nalezena",
-    "the organization: %s is not found": "Organizace: %s nebyla nalezena"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Služba %s a %s se neshodují"
-  },
-  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s nesplňuje požadavky formátu CIDR: %s",
-    "Affiliation cannot be blank": "Příslušnost nemůže být prázdná",
-    "CIDR for IP: %s should not be empty": "CIDR pro IP: %s by neměl být prázdný",
-    "Default code does not match the code's matching rules": "Výchozí kód neodpovídá pravidlům shody kódu",
-    "DisplayName cannot be blank": "Zobrazované jméno nemůže být prázdné",
-    "DisplayName is not valid real name": "Zobrazované jméno není platné skutečné jméno",
-    "Email already exists": "Email již existuje",
-    "Email cannot be empty": "Email nemůže být prázdný",
-    "Email is invalid": "Email je neplatný",
-    "Empty username.": "Prázdné uživatelské jméno.",
-    "Face data does not exist, cannot log in": "Data obličeje neexistují, nelze se přihlásit",
-    "Face data mismatch": "Neshoda dat obličeje",
-    "Failed to parse client IP: %s": "Nepodařilo se parsovat IP klienta: %s",
-    "FirstName cannot be blank": "Křestní jméno nemůže být prázdné",
-    "Invitation code cannot be blank": "Pozvánkový kód nemůže být prázdný",
-    "Invitation code exhausted": "Pozvánkový kód je vyčerpán",
-    "Invitation code is invalid": "Pozvánkový kód je neplatný",
-    "Invitation code suspended": "Pozvánkový kód je pozastaven",
-    "LDAP user name or password incorrect": "Uživatelské jméno nebo heslo LDAP je nesprávné",
-    "LastName cannot be blank": "Příjmení nemůže být prázdné",
-    "Multiple accounts with same uid, please check your ldap server": "Více účtů se stejným uid, prosím zkontrolujte svůj ldap server",
-    "Organization does not exist": "Organizace neexistuje",
-    "Password cannot be empty": "Heslo nemůže být prázdné",
-    "Phone already exists": "Telefon již existuje",
-    "Phone cannot be empty": "Telefon nemůže být prázdný",
-    "Phone number is invalid": "Telefonní číslo je neplatné",
-    "Please register using the email corresponding to the invitation code": "Prosím registrujte se pomocí e-mailu odpovídajícího pozvánkovému kódu",
-    "Please register using the phone  corresponding to the invitation code": "Prosím registrujte se pomocí telefonu odpovídajícího pozvánkovému kódu",
-    "Please register using the username corresponding to the invitation code": "Prosím registrujte se pomocí uživatelského jména odpovídajícího pozvánkovému kódu",
-    "Session outdated, please login again": "Relace je zastaralá, prosím přihlaste se znovu",
-    "The invitation code has already been used": "Pozvánkový kód již byl použit",
-    "The user is forbidden to sign in, please contact the administrator": "Uživatel má zakázáno se přihlásit, prosím kontaktujte administrátora",
-    "The user: %s doesn't exist in LDAP server": "Uživatel: %s neexistuje na LDAP serveru",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Uživatelské jméno může obsahovat pouze alfanumerické znaky, podtržítka nebo pomlčky, nemůže mít po sobě jdoucí pomlčky nebo podtržítka a nemůže začínat nebo končit pomlčkou nebo podtržítkem.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Hodnota \\\"%s\\\" pro pole účtu \\\"%s\\\" neodpovídá regexu položky účtu",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Hodnota \\\"%s\\\" pro pole registrace \\\"%s\\\" neodpovídá regexu položky registrace aplikace \\\"%s\\\"",
-    "Username already exists": "Uživatelské jméno již existuje",
-    "Username cannot be an email address": "Uživatelské jméno nemůže být emailová adresa",
-    "Username cannot contain white spaces": "Uživatelské jméno nemůže obsahovat mezery",
-    "Username cannot start with a digit": "Uživatelské jméno nemůže začínat číslicí",
-    "Username is too long (maximum is 255 characters).": "Uživatelské jméno je příliš dlouhé (maximálně 255 znaků).",
-    "Username must have at least 2 characters": "Uživatelské jméno musí mít alespoň 2 znaky",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Uživatelské jméno podporuje formát e-mailu. Také uživatelské jméno může obsahovat pouze alfanumerické znaky, podtržítka nebo pomlčky, nemůže mít souvislé pomlčky nebo podtržítka a nemůže začínat nebo končit pomlčkou nebo podtržítkem. Také dbejte na formát e-mailu.",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali jste špatné heslo nebo kód příliš mnohokrát, prosím počkejte %d minut a zkuste to znovu",
-    "Your IP address: %s has been banned according to the configuration of: ": "Vaše IP adresa: %s byla zablokována podle konfigurace: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Vaše heslo vypršelo. Prosím resetujte si heslo kliknutím na \\\"Zapomněl jsem heslo\\\"",
-    "Your region is not allow to signup by phone": "Vaše oblast neumožňuje registraci pomocí telefonu",
-    "password or code is incorrect": "heslo nebo kód je nesprávný",
-    "password or code is incorrect, you have %s remaining chances": "heslo nebo kód je nesprávné, máte %s zbývajících pokusů",
-    "unsupported password type: %s": "nepodporovaný typ hesla: %s"
-  },
-  "enforcer": {
-    "the adapter: %s is not found": "adaptér: %s nebyl nalezen"
-  },
-  "general": {
-    "Failed to import groups": "Nepodařilo se importovat skupiny",
-    "Failed to import users": "Nepodařilo se importovat uživatele",
-    "Missing parameter": "Chybějící parametr",
-    "Only admin user can specify user": "Pouze administrátor může určit uživatele",
-    "Please login first": "Prosím, přihlaste se nejprve",
-    "The organization: %s should have one application at least": "Organizace: %s by měla mít alespoň jednu aplikaci",
-    "The user: %s doesn't exist": "Uživatel: %s neexistuje",
-    "Wrong userId": "Nesprávné uživatelské ID",
-    "don't support captchaProvider: ": "nepodporuje captchaProvider: ",
-    "this operation is not allowed in demo mode": "tato operace není povolena v demo režimu",
-    "this operation requires administrator to perform": "tato operace vyžaduje administrátora k provedení"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server existuje"
-  },
-  "link": {
-    "Please link first": "Prosím, nejprve propojte",
-    "This application has no providers": "Tato aplikace nemá žádné poskytovatele",
-    "This application has no providers of type": "Tato aplikace nemá žádné poskytovatele typu",
-    "This provider can't be unlinked": "Tento poskytovatel nemůže být odpojen",
-    "You are not the global admin, you can't unlink other users": "Nejste globální administrátor, nemůžete odpojovat jiné uživatele",
-    "You can't unlink yourself, you are not a member of any application": "Nemůžete odpojit sami sebe, nejste členem žádné aplikace"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Pouze administrátor může upravit %s.",
-    "The %s is immutable.": "%s je neměnný.",
-    "Unknown modify rule %s.": "Neznámé pravidlo úpravy %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "Přidání nového uživatele do 'vestavěné' organizace je momentálně zakázáno. Poznámka: všichni uživatelé v 'vestavěné' organizaci jsou globálními správci v Casdooru. Viz docs: https://casdoor.org/docs/basic/core-concepts#how  -dělá-casdoor-spravovat-sám. Pokud stále chcete vytvořit uživatele pro 'vestavěnou' organizaci, přejděte na stránku nastavení organizace a aktivujte možnost 'Má souhlas s oprávněními'."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "Oprávnění: \\\"%s\\\" neexistuje"
-  },
-  "provider": {
-    "Invalid application id": "Neplatné ID aplikace",
-    "the provider: %s does not exist": "poskytovatel: %s neexistuje"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "Uživatel je nil pro tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Uživatelské jméno nebo úplná cesta k souboru je prázdná: uživatelské jméno = %s, úplná cesta k souboru = %s"
-  },
-  "saml": {
-    "Application %s not found": "Aplikace %s nebyla nalezena"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "poskytovatel %s není kategorie SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Prázdné parametry pro emailForm: %v",
-    "Invalid Email receivers: %s": "Neplatní příjemci emailu: %s",
-    "Invalid phone receivers: %s": "Neplatní příjemci telefonu: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "objectKey: %s není povolen",
-    "The provider type: %s is not supported": "typ poskytovatele: %s není podporován"
-  },
-  "subscription": {
-    "Error": "Chyba"
-  },
-  "token": {
-    "Grant_type: %s is not supported in this application": "Grant_type: %s není v této aplikaci podporován",
-    "Invalid application or wrong clientSecret": "Neplatná aplikace nebo špatný clientSecret",
-    "Invalid client_id": "Neplatné client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Přesměrovací URI: %s neexistuje v seznamu povolených přesměrovacích URI",
-    "Token not found, invalid accessToken": "Token nenalezen, neplatný accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Zobrazované jméno nemůže být prázdné",
-    "MFA email is enabled but email is empty": "MFA e-mail je povolen, ale e-mail je prázdný",
-    "MFA phone is enabled but phone number is empty": "MFA telefon je povolen, ale telefonní číslo je prázdné",
-    "New password cannot contain blank space.": "Nové heslo nemůže obsahovat prázdné místo.",
-    "the user's owner and name should not be empty": "vlastník a jméno uživatele by neměly být prázdné"
-  },
-  "util": {
-    "No application is found for userId: %s": "Pro userId: %s nebyla nalezena žádná aplikace",
-    "No provider for category: %s is found for application: %s": "Pro kategorii: %s nebyl nalezen žádný poskytovatel pro aplikaci: %s",
-    "The provider: %s is not found": "Poskytovatel: %s nebyl nalezen"
-  },
-  "verification": {
-    "Invalid captcha provider.": "Neplatný poskytovatel captcha.",
-    "Phone number is invalid in your region %s": "Telefonní číslo je ve vaší oblasti %s neplatné",
-    "The verification code has already been used!": "Ověřovací kód již byl použit!",
-    "The verification code has not been sent yet!": "Ověřovací kód ještě nebyl odeslán!",
-    "Turing test failed.": "Turingův test selhal.",
-    "Unable to get the email modify rule.": "Nelze získat pravidlo pro úpravu emailu.",
-    "Unable to get the phone modify rule.": "Nelze získat pravidlo pro úpravu telefonu.",
-    "Unknown type": "Neznámý typ",
-    "Wrong verification code!": "Špatný ověřovací kód!",
-    "You should verify your code in %d min!": "Měli byste ověřit svůj kód do %d minut!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "prosím přidejte SMS poskytovatele do seznamu \\\"Providers\\\" pro aplikaci: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "prosím přidejte e-mailového poskytovatele do seznamu \\\"Providers\\\" pro aplikaci: %s",
-    "the user does not exist, please sign up first": "uživatel neexistuje, prosím nejprve se zaregistrujte"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Prosím, nejprve zavolejte WebAuthnSigninBegin"
-  }
-}
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@@ -7,7 +7,6 @@
  },
  "auth": {
    "Challenge method should be S256": "Die Challenge-Methode sollte S256 sein",
-    "DeviceCode Invalid": "Gerätecode ungültig",
    "Failed to create user, user information is invalid: %s": "Es konnte kein Benutzer erstellt werden, da die Benutzerinformationen ungültig sind: %s",
    "Failed to login in: %s": "Konnte nicht anmelden: %s",
    "Invalid token": "Ungültiges Token",
@@ -16,93 +15,54 @@
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Das Konto für den Anbieter %s und Benutzernamen %s (%s) existiert nicht und es ist nicht erlaubt, ein neues Konto anzumelden. Bitte wenden Sie sich an Ihren IT-Support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Das Konto für den Anbieter %s und Benutzernamen %s (%s) ist bereits mit einem anderen Konto verknüpft: %s (%s)",
    "The application: %s does not exist": "Die Anwendung: %s existiert nicht",
-    "The login method: login with LDAP is not enabled for the application": "Die Anmeldemethode: Anmeldung mit LDAP ist für die Anwendung nicht aktiviert",
-    "The login method: login with SMS is not enabled for the application": "Die Anmeldemethode: Anmeldung per SMS ist für die Anwendung nicht aktiviert",
-    "The login method: login with email is not enabled for the application": "Die Anmeldemethode: Anmeldung per E-Mail ist für die Anwendung nicht aktiviert",
-    "The login method: login with face is not enabled for the application": "Die Anmeldemethode: Anmeldung per Gesicht ist für die Anwendung nicht aktiviert",
    "The login method: login with password is not enabled for the application": "Die Anmeldeart \"Anmeldung mit Passwort\" ist für die Anwendung nicht aktiviert",
-    "The organization: %s does not exist": "Die Organisation: %s existiert nicht",
-    "The provider: %s does not exist": "Der Anbieter: %s existiert nicht",
    "The provider: %s is not enabled for the application": "Der Anbieter: %s ist nicht für die Anwendung aktiviert",
    "Unauthorized operation": "Nicht autorisierte Operation",
    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s",
-    "User's tag: %s is not listed in the application's tags": "Benutzer-Tag: %s ist nicht in den Tags der Anwendung aufgeführt",
-    "UserCode Expired": "Benutzercode abgelaufen",
-    "UserCode Invalid": "Benutzercode ungültig",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Bezahlter Benutzer %s hat kein aktives oder ausstehendes Abonnement und die Anwendung: %s hat keine Standardpreisgestaltung",
-    "the application for user %s is not found": "Die Anwendung für Benutzer %s wurde nicht gefunden",
-    "the organization: %s is not found": "Die Organisation: %s wurde nicht gefunden"
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s und %s stimmen nicht überein"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s erfüllt nicht die CIDR-Formatanforderungen: %s",
    "Affiliation cannot be blank": "Zugehörigkeit darf nicht leer sein",
-    "CIDR for IP: %s should not be empty": "CIDR für IP: %s darf nicht leer sein",
-    "Default code does not match the code's matching rules": "Standardcode entspricht nicht den Übereinstimmungsregeln des Codes",
    "DisplayName cannot be blank": "Anzeigename kann nicht leer sein",
    "DisplayName is not valid real name": "DisplayName ist kein gültiger Vorname",
    "Email already exists": "E-Mail existiert bereits",
    "Email cannot be empty": "E-Mail darf nicht leer sein",
    "Email is invalid": "E-Mail ist ungültig",
    "Empty username.": "Leerer Benutzername.",
-    "Face data does not exist, cannot log in": "Gesichtsdaten existieren nicht, Anmeldung nicht möglich",
-    "Face data mismatch": "Gesichtsdaten stimmen nicht überein",
-    "Failed to parse client IP: %s": "Fehler beim Parsen der Client-IP: %s",
    "FirstName cannot be blank": "Vorname darf nicht leer sein",
-    "Invitation code cannot be blank": "Einladungscode darf nicht leer sein",
-    "Invitation code exhausted": "Einladungscode aufgebraucht",
-    "Invitation code is invalid": "Einladungscode ist ungültig",
-    "Invitation code suspended": "Einladungscode ausgesetzt",
    "LDAP user name or password incorrect": "Ldap Benutzername oder Passwort falsch",
    "LastName cannot be blank": "Nachname darf nicht leer sein",
    "Multiple accounts with same uid, please check your ldap server": "Mehrere Konten mit derselben uid, bitte überprüfen Sie Ihren LDAP-Server",
    "Organization does not exist": "Organisation existiert nicht",
-    "Password cannot be empty": "Passwort darf nicht leer sein",
+    "Password must have at least 6 characters": "Das Passwort muss mindestens 6 Zeichen enthalten",
    "Phone already exists": "Telefon existiert bereits",
    "Phone cannot be empty": "Das Telefon darf nicht leer sein",
    "Phone number is invalid": "Die Telefonnummer ist ungültig",
-    "Please register using the email corresponding to the invitation code": "Bitte registrieren Sie sich mit der E-Mail, die zum Einladungscode gehört",
-    "Please register using the phone  corresponding to the invitation code": "Bitte registrieren Sie sich mit der Telefonnummer, die zum Einladungscode gehört",
-    "Please register using the username corresponding to the invitation code": "Bitte registrieren Sie sich mit dem Benutzernamen, der zum Einladungscode gehört",
    "Session outdated, please login again": "Sitzung abgelaufen, bitte erneut anmelden",
-    "The invitation code has already been used": "Der Einladungscode wurde bereits verwendet",
    "The user is forbidden to sign in, please contact the administrator": "Dem Benutzer ist der Zugang verboten, bitte kontaktieren Sie den Administrator",
-    "The user: %s doesn't exist in LDAP server": "Der Benutzer: %s existiert nicht im LDAP-Server",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Der Benutzername darf nur alphanumerische Zeichen, Unterstriche oder Bindestriche enthalten, keine aufeinanderfolgenden Bindestriche oder Unterstriche haben und darf nicht mit einem Bindestrich oder Unterstrich beginnen oder enden.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Der Wert \\\"%s\\\" für das Kontenfeld \\\"%s\\\" stimmt nicht mit dem Kontenelement-Regex überein",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Der Wert \\\"%s\\\" für das Registrierungsfeld \\\"%s\\\" stimmt nicht mit dem Registrierungselement-Regex der Anwendung \\\"%s\\\" überein",
    "Username already exists": "Benutzername existiert bereits",
    "Username cannot be an email address": "Benutzername kann keine E-Mail-Adresse sein",
    "Username cannot contain white spaces": "Benutzername darf keine Leerzeichen enthalten",
    "Username cannot start with a digit": "Benutzername darf nicht mit einer Ziffer beginnen",
-    "Username is too long (maximum is 255 characters).": "Benutzername ist zu lang (das Maximum beträgt 255 Zeichen).",
+    "Username is too long (maximum is 39 characters).": "Benutzername ist zu lang (das Maximum beträgt 39 Zeichen).",
    "Username must have at least 2 characters": "Benutzername muss mindestens 2 Zeichen lang sein",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Benutzername unterstützt E-Mail-Format. Der Benutzername darf nur alphanumerische Zeichen, Unterstriche oder Bindestriche enthalten, keine aufeinanderfolgenden Bindestriche oder Unterstriche haben und darf nicht mit einem Bindestrich oder Unterstrich beginnen oder enden. Achten Sie auch auf das E-Mail-Format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Sie haben zu oft das falsche Passwort oder den falschen Code eingegeben. Bitte warten Sie %d Minuten und versuchen Sie es erneut",
-    "Your IP address: %s has been banned according to the configuration of: ": "Ihre IP-Adresse: %s wurde laut Konfiguration gesperrt von: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Ihr Passwort ist abgelaufen. Bitte setzen Sie Ihr Passwort zurück, indem Sie auf \\\"Passwort vergessen\\\" klicken",
    "Your region is not allow to signup by phone": "Ihre Region ist nicht berechtigt, sich telefonisch anzumelden",
-    "password or code is incorrect": "Passwort oder Code ist falsch",
-    "password or code is incorrect, you have %s remaining chances": "Das Passwort oder der Code ist falsch. Du hast noch %s Versuche übrig",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "Das Passwort oder der Code ist falsch. Du hast noch %d Versuche übrig",
    "unsupported password type: %s": "Nicht unterstützter Passworttyp: %s"
  },
-  "enforcer": {
-    "the adapter: %s is not found": "Der Adapter: %s wurde nicht gefunden"
-  },
  "general": {
-    "Failed to import groups": "Gruppen importieren fehlgeschlagen",
-    "Failed to import users": "Fehler beim Importieren von Benutzern",
    "Missing parameter": "Fehlender Parameter",
-    "Only admin user can specify user": "Nur Administrator kann Benutzer angeben",
    "Please login first": "Bitte zuerst einloggen",
-    "The organization: %s should have one application at least": "Die Organisation: %s sollte mindestens eine Anwendung haben",
    "The user: %s doesn't exist": "Der Benutzer %s existiert nicht",
-    "Wrong userId": "Falsche Benutzer-ID",
    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:",
-    "this operation is not allowed in demo mode": "Dieser Vorgang ist im Demo-Modus nicht erlaubt",
-    "this operation requires administrator to perform": "Dieser Vorgang erfordert einen Administrator zur Ausführung"
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
    "Ldap server exist": "Es gibt einen LDAP-Server"
@@ -118,11 +78,7 @@
  "organization": {
    "Only admin can modify the %s.": "Nur der Administrator kann das %s ändern.",
    "The %s is immutable.": "Das %s ist unveränderlich.",
-    "Unknown modify rule %s.": "Unbekannte Änderungsregel %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "Das Hinzufügen eines neuen Benutzers zur 'eingebauten' Organisation ist derzeit deaktiviert. Bitte beachten Sie: Alle Benutzer in der 'eingebauten' Organisation sind globale Administratoren in Casdoor. Siehe die Docs: https://casdoor.org/docs/basic/core-concepts#how  -does-casdoor-manage-sich selbst. Wenn Sie immer noch einen Benutzer für die 'eingebaute' Organisation erstellen möchten, gehen Sie auf die Einstellungsseite der Organisation und aktivieren Sie die Option 'Habt Berechtigungszustimmung'."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "Die Berechtigung: \\\"%s\\\" existiert nicht"
+    "Unknown modify rule %s.": "Unbekannte Änderungsregel %s."
  },
  "provider": {
    "Invalid application id": "Ungültige Anwendungs-ID",
@@ -147,10 +103,8 @@
    "The objectKey: %s is not allowed": "Der Objektschlüssel %s ist nicht erlaubt",
    "The provider type: %s is not supported": "Der Anbieter-Typ %s wird nicht unterstützt"
  },
-  "subscription": {
-    "Error": "Fehler"
-  },
  "token": {
+    "Empty clientId or clientSecret": "Leerer clientId oder clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s wird von dieser Anwendung nicht unterstützt",
    "Invalid application or wrong clientSecret": "Ungültige Anwendung oder falsches clientSecret",
    "Invalid client_id": "Ungültige client_id",
@@ -159,10 +113,10 @@
  },
  "user": {
    "Display name cannot be empty": "Anzeigename darf nicht leer sein",
-    "MFA email is enabled but email is empty": "MFA-E-Mail ist aktiviert, aber E-Mail ist leer",
-    "MFA phone is enabled but phone number is empty": "MFA-Telefon ist aktiviert, aber Telefonnummer ist leer",
-    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten.",
-    "the user's owner and name should not be empty": "Eigentümer und Name des Benutzers dürfen nicht leer sein"
+    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten."
+  },
+  "user_upload": {
+    "Failed to import users": "Fehler beim Importieren von Benutzern"
  },
  "util": {
    "No application is found for userId: %s": "Es wurde keine Anwendung für die Benutzer-ID gefunden: %s",
@@ -170,22 +124,19 @@
    "The provider: %s is not found": "Der Anbieter: %s wurde nicht gefunden"
  },
  "verification": {
+    "Code has not been sent yet!": "Der Code wurde noch nicht versendet!",
    "Invalid captcha provider.": "Ungültiger Captcha-Anbieter.",
    "Phone number is invalid in your region %s": "Die Telefonnummer ist in Ihrer Region %s ungültig",
-    "The verification code has already been used!": "Der Verifizierungscode wurde bereits verwendet!",
-    "The verification code has not been sent yet!": "Der Verifizierungscode wurde noch nicht gesendet!",
    "Turing test failed.": "Turing-Test fehlgeschlagen.",
    "Unable to get the email modify rule.": "Nicht in der Lage, die E-Mail-Änderungsregel zu erhalten.",
    "Unable to get the phone modify rule.": "Nicht in der Lage, die Telefon-Änderungsregel zu erhalten.",
    "Unknown type": "Unbekannter Typ",
    "Wrong verification code!": "Falscher Bestätigungscode!",
    "You should verify your code in %d min!": "Du solltest deinen Code in %d Minuten verifizieren!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "Bitte fügen Sie einen SMS-Anbieter zur \\\"Providers\\\"-Liste für die Anwendung hinzu: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "Bitte fügen Sie einen E-Mail-Anbieter zur \\\"Providers\\\"-Liste für die Anwendung hinzu: %s",
    "the user does not exist, please sign up first": "Der Benutzer existiert nicht, bitte zuerst anmelden"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
+    "Found no credentials for this user": "Es wurden keine Anmeldeinformationen für diesen Benutzer gefunden",
    "Please call WebAuthnSigninBegin first": "Bitte rufen Sie zuerst WebAuthnSigninBegin auf"
  }
 }
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@@ -7,7 +7,6 @@
  },
  "auth": {
    "Challenge method should be S256": "Challenge method should be S256",
-    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
@@ -16,93 +15,54 @@
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
-    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
-    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
-    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The organization: %s does not exist": "The organization: %s does not exist",
-    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
-    "UserCode Expired": "UserCode Expired",
-    "UserCode Invalid": "UserCode Invalid",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
-    "the application for user %s is not found": "the application for user %s is not found",
-    "the organization: %s is not found": "the organization: %s is not found"
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
-    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "DisplayName cannot be blank",
    "DisplayName is not valid real name": "DisplayName is not valid real name",
    "Email already exists": "Email already exists",
    "Email cannot be empty": "Email cannot be empty",
    "Email is invalid": "Email is invalid",
    "Empty username.": "Empty username.",
-    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
-    "Face data mismatch": "Face data mismatch",
-    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "FirstName cannot be blank",
-    "Invitation code cannot be blank": "Invitation code cannot be blank",
-    "Invitation code exhausted": "Invitation code exhausted",
-    "Invitation code is invalid": "Invitation code is invalid",
-    "Invitation code suspended": "Invitation code suspended",
    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
    "LastName cannot be blank": "LastName cannot be blank",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
-    "Password cannot be empty": "Password cannot be empty",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
-    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
-    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
-    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
    "Session outdated, please login again": "Session outdated, please login again",
-    "The invitation code has already been used": "The invitation code has already been used",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
    "Username cannot contain white spaces": "Username cannot contain white spaces",
    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %s remaining chances": "password or code is incorrect, you have %s remaining chances",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
-  "enforcer": {
-    "the adapter: %s is not found": "the adapter: %s is not found"
-  },
  "general": {
-    "Failed to import groups": "Failed to import groups",
-    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
-    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
-    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
-    "this operation requires administrator to perform": "this operation requires administrator to perform"
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist"
@@ -118,11 +78,7 @@
  "organization": {
    "Only admin can modify the %s.": "Only admin can modify the %s.",
    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "provider": {
    "Invalid application id": "Invalid application id",
@@ -147,10 +103,8 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
-  "subscription": {
-    "Error": "Error"
-  },
  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
    "Invalid client_id": "Invalid client_id",
@@ -159,10 +113,10 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
-    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
@@ -170,18 +124,15 @@
    "The provider: %s is not found": "The provider: %s is not found"
  },
  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
    "Invalid captcha provider.": "Invalid captcha provider.",
    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "The verification code has already been used!": "The verification code has already been used!",
-    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
    "Unknown type": "Unknown type",
    "Wrong verification code!": "Wrong verification code!",
    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@@ -7,7 +7,6 @@
  },
  "auth": {
    "Challenge method should be S256": "El método de desafío debe ser S256",
-    "DeviceCode Invalid": "Código de dispositivo inválido",
    "Failed to create user, user information is invalid: %s": "No se pudo crear el usuario, la información del usuario es inválida: %s",
    "Failed to login in: %s": "No se ha podido iniciar sesión en: %s",
    "Invalid token": "Token inválido",
@@ -16,93 +15,54 @@
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "La cuenta para el proveedor: %s y el nombre de usuario: %s (%s) no existe y no se permite registrarse como una nueva cuenta, por favor contacte a su soporte de TI",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "La cuenta para proveedor: %s y nombre de usuario: %s (%s) ya está vinculada a otra cuenta: %s (%s)",
    "The application: %s does not exist": "La aplicación: %s no existe",
-    "The login method: login with LDAP is not enabled for the application": "El método de inicio de sesión: inicio de sesión con LDAP no está habilitado para la aplicación",
-    "The login method: login with SMS is not enabled for the application": "El método de inicio de sesión: inicio de sesión con SMS no está habilitado para la aplicación",
-    "The login method: login with email is not enabled for the application": "El método de inicio de sesión: inicio de sesión con correo electrónico no está habilitado para la aplicación",
-    "The login method: login with face is not enabled for the application": "El método de inicio de sesión: inicio de sesión con reconocimiento facial no está habilitado para la aplicación",
    "The login method: login with password is not enabled for the application": "El método de inicio de sesión: inicio de sesión con contraseña no está habilitado para la aplicación",
-    "The organization: %s does not exist": "La organización: %s no existe",
-    "The provider: %s does not exist": "El proveedor: %s no existe",
    "The provider: %s is not enabled for the application": "El proveedor: %s no está habilitado para la aplicación",
    "Unauthorized operation": "Operación no autorizada",
    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s",
-    "User's tag: %s is not listed in the application's tags": "La etiqueta del usuario: %s no está incluida en las etiquetas de la aplicación",
-    "UserCode Expired": "Código de usuario expirado",
-    "UserCode Invalid": "Código de usuario inválido",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "El usuario de pago %s no tiene una suscripción activa o pendiente y la aplicación: %s no tiene precio predeterminado",
-    "the application for user %s is not found": "no se encontró la aplicación para el usuario %s",
-    "the organization: %s is not found": "no se encontró la organización: %s"
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Los servicios %s y %s no coinciden"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s no cumple con los requisitos del formato CIDR: %s",
    "Affiliation cannot be blank": "Afiliación no puede estar en blanco",
-    "CIDR for IP: %s should not be empty": "El CIDR para la IP: %s no debe estar vacío",
-    "Default code does not match the code's matching rules": "El código predeterminado no coincide con las reglas de coincidencia de códigos",
    "DisplayName cannot be blank": "El nombre de visualización no puede estar en blanco",
    "DisplayName is not valid real name": "El nombre de pantalla no es un nombre real válido",
    "Email already exists": "El correo electrónico ya existe",
    "Email cannot be empty": "El correo electrónico no puede estar vacío",
    "Email is invalid": "El correo electrónico no es válido",
    "Empty username.": "Nombre de usuario vacío.",
-    "Face data does not exist, cannot log in": "No existen datos faciales, no se puede iniciar sesión",
-    "Face data mismatch": "Los datos faciales no coinciden",
-    "Failed to parse client IP: %s": "Error al analizar la IP del cliente: %s",
    "FirstName cannot be blank": "El nombre no puede estar en blanco",
-    "Invitation code cannot be blank": "El código de invitación no puede estar vacío",
-    "Invitation code exhausted": "Código de invitación agotado",
-    "Invitation code is invalid": "Código de invitación inválido",
-    "Invitation code suspended": "Código de invitación suspendido",
    "LDAP user name or password incorrect": "Nombre de usuario o contraseña de Ldap incorrectos",
    "LastName cannot be blank": "El apellido no puede estar en blanco",
    "Multiple accounts with same uid, please check your ldap server": "Cuentas múltiples con el mismo uid, por favor revise su servidor ldap",
    "Organization does not exist": "La organización no existe",
-    "Password cannot be empty": "La contraseña no puede estar vacía",
+    "Password must have at least 6 characters": "La contraseña debe tener al menos 6 caracteres",
    "Phone already exists": "El teléfono ya existe",
    "Phone cannot be empty": "Teléfono no puede estar vacío",
    "Phone number is invalid": "El número de teléfono no es válido",
-    "Please register using the email corresponding to the invitation code": "Regístrese usando el correo electrónico correspondiente al código de invitación",
-    "Please register using the phone  corresponding to the invitation code": "Regístrese usando el número de teléfono correspondiente al código de invitación",
-    "Please register using the username corresponding to the invitation code": "Regístrese usando el nombre de usuario correspondiente al código de invitación",
    "Session outdated, please login again": "Sesión expirada, por favor vuelva a iniciar sesión",
-    "The invitation code has already been used": "El código de invitación ya ha sido utilizado",
    "The user is forbidden to sign in, please contact the administrator": "El usuario no está autorizado a iniciar sesión, por favor contacte al administrador",
-    "The user: %s doesn't exist in LDAP server": "El usuario: %s no existe en el servidor LDAP",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "El nombre de usuario solo puede contener caracteres alfanuméricos, guiones bajos o guiones, no puede tener guiones o subrayados consecutivos, y no puede comenzar ni terminar con un guión o subrayado.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "El valor \\\"%s\\\" para el campo de cuenta \\\"%s\\\" no coincide con la expresión regular del elemento de cuenta",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "El valor \\\"%s\\\" para el campo de registro \\\"%s\\\" no coincide con la expresión regular del elemento de registro de la aplicación \\\"%s\\\"",
    "Username already exists": "El nombre de usuario ya existe",
    "Username cannot be an email address": "Nombre de usuario no puede ser una dirección de correo electrónico",
    "Username cannot contain white spaces": "Nombre de usuario no puede contener espacios en blanco",
    "Username cannot start with a digit": "El nombre de usuario no puede empezar con un dígito",
-    "Username is too long (maximum is 255 characters).": "El nombre de usuario es demasiado largo (el máximo es de 255 caracteres).",
+    "Username is too long (maximum is 39 characters).": "El nombre de usuario es demasiado largo (el máximo es de 39 caracteres).",
    "Username must have at least 2 characters": "Nombre de usuario debe tener al menos 2 caracteres",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "El nombre de usuario admite formato de correo electrónico. Además, el nombre de usuario solo puede contener caracteres alfanuméricos, guiones bajos o guiones, no puede tener guiones bajos o guiones consecutivos y no puede comenzar ni terminar con un guión o guión bajo. También preste atención al formato del correo electrónico.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Has ingresado la contraseña o código incorrecto demasiadas veces, por favor espera %d minutos e intenta de nuevo",
-    "Your IP address: %s has been banned according to the configuration of: ": "Su dirección IP: %s ha sido bloqueada según la configuración de: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Su contraseña ha expirado. Restablezca su contraseña haciendo clic en \\\"Olvidé mi contraseña\\\"",
    "Your region is not allow to signup by phone": "Tu región no está permitida para registrarse por teléfono",
-    "password or code is incorrect": "contraseña o código incorrecto",
-    "password or code is incorrect, you have %s remaining chances": "Contraseña o código incorrecto, tienes %s intentos restantes",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "Contraseña o código incorrecto, tienes %d intentos restantes",
    "unsupported password type: %s": "Tipo de contraseña no compatible: %s"
  },
-  "enforcer": {
-    "the adapter: %s is not found": "no se encontró el adaptador: %s"
-  },
  "general": {
-    "Failed to import groups": "Error al importar grupos",
-    "Failed to import users": "Error al importar usuarios",
    "Missing parameter": "Parámetro faltante",
-    "Only admin user can specify user": "Solo el usuario administrador puede especificar usuario",
    "Please login first": "Por favor, inicia sesión primero",
-    "The organization: %s should have one application at least": "La organización: %s debe tener al menos una aplicación",
    "The user: %s doesn't exist": "El usuario: %s no existe",
-    "Wrong userId": "ID de usuario incorrecto",
    "don't support captchaProvider: ": "No apoyo a captchaProvider",
-    "this operation is not allowed in demo mode": "esta operación no está permitida en modo de demostración",
-    "this operation requires administrator to perform": "esta operación requiere que el administrador la realice"
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
    "Ldap server exist": "El servidor LDAP existe"
@@ -118,11 +78,7 @@
  "organization": {
    "Only admin can modify the %s.": "Solo el administrador puede modificar los %s.",
    "The %s is immutable.": "El %s es inmutable.",
-    "Unknown modify rule %s.": "Regla de modificación desconocida %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "La adición de un nuevo usuario a la organización 'integrada' está actualmente deshabilitada. Tenga en cuenta: todos los usuarios de la organización 'integrada' son administradores globales en Casdoor. Consulte los docs: https://casdoor.org/docs/basic/core-concepts#how  -does-casdoor-manage-itself. Si todavía desea crear un usuario para la organización 'integrada', vaya a la página de configuración de la organización y habilite la opción 'Tiene consentimiento de privilegios'."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "El permiso: \\\"%s\\\" no existe"
+    "Unknown modify rule %s.": "Regla de modificación desconocida %s."
  },
  "provider": {
    "Invalid application id": "Identificación de aplicación no válida",
@@ -147,10 +103,8 @@
    "The objectKey: %s is not allowed": "El objectKey: %s no está permitido",
    "The provider type: %s is not supported": "El tipo de proveedor: %s no es compatible"
  },
-  "subscription": {
-    "Error": "Error"
-  },
  "token": {
+    "Empty clientId or clientSecret": "ClienteId o clienteSecret vacío",
    "Grant_type: %s is not supported in this application": "El tipo de subvención: %s no es compatible con esta aplicación",
    "Invalid application or wrong clientSecret": "Solicitud inválida o clientSecret incorrecto",
    "Invalid client_id": "Identificador de cliente no válido",
@@ -159,10 +113,10 @@
  },
  "user": {
    "Display name cannot be empty": "El nombre de pantalla no puede estar vacío",
-    "MFA email is enabled but email is empty": "El correo electrónico MFA está habilitado pero el correo está vacío",
-    "MFA phone is enabled but phone number is empty": "El teléfono MFA está habilitado pero el número de teléfono está vacío",
-    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco.",
-    "the user's owner and name should not be empty": "el propietario y el nombre del usuario no deben estar vacíos"
+    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco."
+  },
+  "user_upload": {
+    "Failed to import users": "Error al importar usuarios"
  },
  "util": {
    "No application is found for userId: %s": "No se encuentra ninguna aplicación para el Id de usuario: %s",
@@ -170,22 +124,19 @@
    "The provider: %s is not found": "El proveedor: %s no se encuentra"
  },
  "verification": {
+    "Code has not been sent yet!": "¡El código aún no ha sido enviado!",
    "Invalid captcha provider.": "Proveedor de captcha no válido.",
    "Phone number is invalid in your region %s": "El número de teléfono es inválido en tu región %s",
-    "The verification code has already been used!": "¡El código de verificación ya ha sido utilizado!",
-    "The verification code has not been sent yet!": "¡El código de verificación aún no ha sido enviado!",
    "Turing test failed.": "El test de Turing falló.",
    "Unable to get the email modify rule.": "No se puede obtener la regla de modificación de correo electrónico.",
    "Unable to get the phone modify rule.": "No se pudo obtener la regla de modificación del teléfono.",
    "Unknown type": "Tipo desconocido",
    "Wrong verification code!": "¡Código de verificación incorrecto!",
    "You should verify your code in %d min!": "¡Deberías verificar tu código en %d minutos!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "agregue un proveedor de SMS a la lista \\\"Proveedores\\\" para la aplicación: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "agregue un proveedor de correo electrónico a la lista \\\"Proveedores\\\" para la aplicación: %s",
    "the user does not exist, please sign up first": "El usuario no existe, por favor regístrese primero"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
+    "Found no credentials for this user": "No se encontraron credenciales para este usuario",
    "Please call WebAuthnSigninBegin first": "Por favor, llama primero a WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/fa/data.json
+++ b/i18n/locales/fa/data.json
@@ -1,191 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "عدم موفقیت در افزودن کاربر",
-    "Get init score failed, error: %w": "عدم موفقیت در دریافت امتیاز اولیه، خطا: %w",
-    "Please sign out first": "لطفاً ابتدا خارج شوید",
-    "The application does not allow to sign up new account": "برنامه اجازه ثبت‌نام حساب جدید را نمی‌دهد"
-  },
-  "auth": {
-    "Challenge method should be S256": "روش چالش باید S256 باشد",
-    "DeviceCode Invalid": "کد دستگاه نامعتبر است",
-    "Failed to create user, user information is invalid: %s": "عدم موفقیت در ایجاد کاربر، اطلاعات کاربر نامعتبر است: %s",
-    "Failed to login in: %s": "عدم موفقیت در ورود: %s",
-    "Invalid token": "توکن نامعتبر",
-    "State expected: %s, but got: %s": "وضعیت مورد انتظار: %s، اما دریافت شد: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "حساب برای ارائه‌دهنده: %s و نام کاربری: %s (%s) وجود ندارد و مجاز به ثبت‌نام به‌عنوان حساب جدید از طریق %%s نیست، لطفاً از روش دیگری برای ثبت‌نام استفاده کنید",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "حساب برای ارائه‌دهنده: %s و نام کاربری: %s (%s) وجود ندارد و مجاز به ثبت‌نام به‌عنوان حساب جدید نیست، لطفاً با پشتیبانی IT خود تماس بگیرید",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "حساب برای ارائه‌دهنده: %s و نام کاربری: %s (%s) در حال حاضر به حساب دیگری مرتبط است: %s (%s)",
-    "The application: %s does not exist": "برنامه: %s وجود ندارد",
-    "The login method: login with LDAP is not enabled for the application": "روش ورود: ورود با LDAP برای برنامه فعال نیست",
-    "The login method: login with SMS is not enabled for the application": "روش ورود: ورود با پیامک برای برنامه فعال نیست",
-    "The login method: login with email is not enabled for the application": "روش ورود: ورود با ایمیل برای برنامه فعال نیست",
-    "The login method: login with face is not enabled for the application": "روش ورود: ورود با چهره برای برنامه فعال نیست",
-    "The login method: login with password is not enabled for the application": "روش ورود: ورود با رمز عبور برای برنامه فعال نیست",
-    "The organization: %s does not exist": "سازمان: %s وجود ندارد",
-    "The provider: %s does not exist": "ارائه‌کننده: %s وجود ندارد",
-    "The provider: %s is not enabled for the application": "ارائه‌دهنده: %s برای برنامه فعال نیست",
-    "Unauthorized operation": "عملیات غیرمجاز",
-    "Unknown authentication type (not password or provider), form = %s": "نوع احراز هویت ناشناخته (نه رمز عبور و نه ارائه‌دهنده)، فرم = %s",
-    "User's tag: %s is not listed in the application's tags": "برچسب کاربر: %s در برچسب‌های برنامه فهرست نشده است",
-    "UserCode Expired": "کد کاربر منقضی شده است",
-    "UserCode Invalid": "کد کاربر نامعتبر است",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "کاربر پرداختی %s اشتراک فعال یا در انتظار ندارد و برنامه: %s قیمت‌گذاری پیش‌فرض ندارد",
-    "the application for user %s is not found": " برنامه برای کاربر %s پیدا نشد",
-    "the organization: %s is not found": "سازمان: %s پیدا نشد"
-  },
-  "cas": {
-    "Service %s and %s do not match": "سرویس %s و %s مطابقت ندارند"
-  },
-  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s با نیازهای فرمت CIDR مطابقت ندارد: %s",
-    "Affiliation cannot be blank": "وابستگی نمی‌تواند خالی باشد",
-    "CIDR for IP: %s should not be empty": "CIDR برای IP: %s نباید خالی باشد",
-    "Default code does not match the code's matching rules": "کد پیش‌فرض با قوانین تطبیق کد مطابقت ندارد",
-    "DisplayName cannot be blank": "نام نمایشی نمی‌تواند خالی باشد",
-    "DisplayName is not valid real name": "نام نمایشی یک نام واقعی معتبر نیست",
-    "Email already exists": "ایمیل قبلاً وجود دارد",
-    "Email cannot be empty": "ایمیل نمی‌تواند خالی باشد",
-    "Email is invalid": "ایمیل نامعتبر است",
-    "Empty username.": "نام کاربری خالی است.",
-    "Face data does not exist, cannot log in": "داده‌های چهره وجود ندارد، نمی‌توان وارد شد",
-    "Face data mismatch": "عدم تطابق داده‌های چهره",
-    "Failed to parse client IP: %s": "پارس کردن IP مشتری ناموفق بود: %s",
-    "FirstName cannot be blank": "نام نمی‌تواند خالی باشد",
-    "Invitation code cannot be blank": "کد دعوت نمی‌تواند خالی باشد",
-    "Invitation code exhausted": "کد دعوت استفاده شده است",
-    "Invitation code is invalid": "کد دعوت نامعتبر است",
-    "Invitation code suspended": "کد دعوت معلق است",
-    "LDAP user name or password incorrect": "نام کاربری یا رمز عبور LDAP نادرست است",
-    "LastName cannot be blank": "نام خانوادگی نمی‌تواند خالی باشد",
-    "Multiple accounts with same uid, please check your ldap server": "چندین حساب با uid یکسان، لطفاً سرور LDAP خود را بررسی کنید",
-    "Organization does not exist": "سازمان وجود ندارد",
-    "Password cannot be empty": "رمز عبور نمی‌تواند خالی باشد",
-    "Phone already exists": "تلفن قبلاً وجود دارد",
-    "Phone cannot be empty": "تلفن نمی‌تواند خالی باشد",
-    "Phone number is invalid": "شماره تلفن نامعتبر است",
-    "Please register using the email corresponding to the invitation code": "لطفاً با استفاده از ایمیل مربوط به کد دعوت ثبت‌نام کنید",
-    "Please register using the phone  corresponding to the invitation code": "لطفاً با استفاده از تلفن مربوط به کد دعوت ثبت‌نام کنید",
-    "Please register using the username corresponding to the invitation code": "لطفاً با استفاده از نام کاربری مربوط به کد دعوت ثبت‌نام کنید",
-    "Session outdated, please login again": "جلسه منقضی شده است، لطفاً دوباره وارد شوید",
-    "The invitation code has already been used": "کد دعوت قبلاً استفاده شده است",
-    "The user is forbidden to sign in, please contact the administrator": "ورود کاربر ممنوع است، لطفاً با مدیر تماس بگیرید",
-    "The user: %s doesn't exist in LDAP server": "کاربر: %s در سرور LDAP وجود ندارد",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "نام کاربری فقط می‌تواند حاوی کاراکترهای الفبایی عددی، زیرخط یا خط تیره باشد، نمی‌تواند خط تیره یا زیرخط متوالی داشته باشد، و نمی‌تواند با خط تیره یا زیرخط شروع یا پایان یابد.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "مقدار \\\"%s\\\" برای فیلد حساب \\\"%s\\\" با regex مورد نظر مطابقت ندارد",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "مقدار \\\"%s\\\" برای فیلد ثبت‌نام \\\"%s\\\" با regex مورد نظر برنامه \\\"%s\\\" مطابقت ندارد",
-    "Username already exists": "نام کاربری قبلاً وجود دارد",
-    "Username cannot be an email address": "نام کاربری نمی‌تواند یک آدرس ایمیل باشد",
-    "Username cannot contain white spaces": "نام کاربری نمی‌تواند حاوی فاصله باشد",
-    "Username cannot start with a digit": "نام کاربری نمی‌تواند با یک رقم شروع شود",
-    "Username is too long (maximum is 255 characters).": "نام کاربری بیش از حد طولانی است (حداکثر ۳۹ کاراکتر).",
-    "Username must have at least 2 characters": "نام کاربری باید حداقل ۲ کاراکتر داشته باشد",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "نام کاربری از فرمت ایمیل پشتیبانی می‌کند. همچنین نام کاربری تنها می‌تواند شامل کاراکترهای الفبایی-عددی، زیرخط یا خط تیره باشد، نمی‌تواند دارای خطوط تیره یا زیرخطوط متوالی باشد و نمی‌تواند با خط تیره یا زیرخط شروع یا پایان یابد. همچنین به فرمت ایمیل توجه کنید.",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "شما رمز عبور یا کد اشتباه را بیش از حد وارد کرده‌اید، لطفاً %d دقیقه صبر کنید و دوباره تلاش کنید",
-    "Your IP address: %s has been banned according to the configuration of: ": "آدرس IP شما: %s طبق تنظیمات بلاک شده است: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "رمز عبور شما منقضی شده است. لطفاً با کلیک بر روی \\\"فراموشی رمز عبور\\\" رمز عبور خود را بازنشانی کنید",
-    "Your region is not allow to signup by phone": "منطقه شما اجازه ثبت‌نام با تلفن را ندارد",
-    "password or code is incorrect": "رمز عبور یا کد نادرست است",
-    "password or code is incorrect, you have %s remaining chances": "رمز عبور یا کد نادرست است، شما %s فرصت باقی‌مانده دارید",
-    "unsupported password type: %s": "نوع رمز عبور پشتیبانی نشده: %s"
-  },
-  "enforcer": {
-    "the adapter: %s is not found": "آداپتر: %s پیدا نشد"
-  },
-  "general": {
-    "Failed to import groups": "ورود گروه‌ها ناموفق بود",
-    "Failed to import users": "عدم موفقیت در وارد کردن کاربران",
-    "Missing parameter": "پارامتر گمشده",
-    "Only admin user can specify user": "فقط کاربر مدیر می‌تواند کاربر را مشخص کند",
-    "Please login first": "لطفاً ابتدا وارد شوید",
-    "The organization: %s should have one application at least": "سازمان: %s باید حداقل یک برنامه داشته باشد",
-    "The user: %s doesn't exist": "کاربر: %s وجود ندارد",
-    "Wrong userId": "شناسه کاربر اشتباه است",
-    "don't support captchaProvider: ": "از captchaProvider پشتیبانی نمی‌شود: ",
-    "this operation is not allowed in demo mode": "این عملیات در حالت دمو مجاز نیست",
-    "this operation requires administrator to perform": "این عملیات نیاز به مدیر برای انجام دارد"
-  },
-  "ldap": {
-    "Ldap server exist": "سرور LDAP وجود دارد"
-  },
-  "link": {
-    "Please link first": "لطفاً ابتدا پیوند دهید",
-    "This application has no providers": "این برنامه ارائه‌دهنده‌ای ندارد",
-    "This application has no providers of type": "این برنامه ارائه‌دهنده‌ای از نوع ندارد",
-    "This provider can't be unlinked": "این ارائه‌دهنده نمی‌تواند لغو پیوند شود",
-    "You are not the global admin, you can't unlink other users": "شما مدیر جهانی نیستید، نمی‌توانید کاربران دیگر را لغو پیوند کنید",
-    "You can't unlink yourself, you are not a member of any application": "شما نمی‌توانید خودتان را لغو پیوند کنید، شما عضو هیچ برنامه‌ای نیستید"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "فقط مدیر می‌تواند %s را تغییر دهد.",
-    "The %s is immutable.": "%s غیرقابل تغییر است.",
-    "Unknown modify rule %s.": "قانون تغییر ناشناخته %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "افزودن کاربر جدید به سازمان «built-in» (درونی) در حال حاضر غیرفعال است. توجه داشته باشید: همه کاربران در سازمان «built-in» مدیران جهانی در Casdoor هستند. به مستندات مراجعه کنید: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. اگر همچنان می‌خواهید یک کاربر برای سازمان «built-in» ایجاد کنید، به صفحه تنظیمات سازمان بروید و گزینه «مجوز موافقت با امتیازات» را فعال کنید."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "مجوز: \\\"%s\\\" وجود ندارد"
-  },
-  "provider": {
-    "Invalid application id": "شناسه برنامه نامعتبر",
-    "the provider: %s does not exist": "ارائه‌دهنده: %s وجود ندارد"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "کاربر برای برچسب: آواتار تهی است",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "نام کاربری یا مسیر کامل فایل خالی است: نام کاربری = %s، مسیر کامل فایل = %s"
-  },
-  "saml": {
-    "Application %s not found": "برنامه %s یافت نشد"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "دسته‌بندی ارائه‌دهنده %s SAML نیست"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "پارامترهای خالی برای emailForm: %v",
-    "Invalid Email receivers: %s": "گیرندگان ایمیل نامعتبر: %s",
-    "Invalid phone receivers: %s": "گیرندگان تلفن نامعتبر: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "objectKey: %s مجاز نیست",
-    "The provider type: %s is not supported": "نوع ارائه‌دهنده: %s پشتیبانی نمی‌شود"
-  },
-  "subscription": {
-    "Error": "خطا"
-  },
-  "token": {
-    "Grant_type: %s is not supported in this application": "grant_type: %s در این برنامه پشتیبانی نمی‌شود",
-    "Invalid application or wrong clientSecret": "برنامه نامعتبر یا clientSecret نادرست",
-    "Invalid client_id": "client_id نامعتبر",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "آدرس بازگشت: %s در لیست آدرس‌های بازگشت مجاز وجود ندارد",
-    "Token not found, invalid accessToken": "توکن یافت نشد، accessToken نامعتبر"
-  },
-  "user": {
-    "Display name cannot be empty": "نام نمایشی نمی‌تواند خالی باشد",
-    "MFA email is enabled but email is empty": "ایمیل MFA فعال است اما ایمیل خالی است",
-    "MFA phone is enabled but phone number is empty": "تلفن MFA فعال است اما شماره تلفن خالی است",
-    "New password cannot contain blank space.": "رمز عبور جدید نمی‌تواند حاوی فاصله خالی باشد.",
-    "the user's owner and name should not be empty": "مالک و نام کاربر نباید خالی باشند"
-  },
-  "util": {
-    "No application is found for userId: %s": "هیچ برنامه‌ای برای userId: %s یافت نشد",
-    "No provider for category: %s is found for application: %s": "هیچ ارائه‌دهنده‌ای برای دسته‌بندی: %s برای برنامه: %s یافت نشد",
-    "The provider: %s is not found": "ارائه‌دهنده: %s یافت نشد"
-  },
-  "verification": {
-    "Invalid captcha provider.": "ارائه‌دهنده کپچا نامعتبر.",
-    "Phone number is invalid in your region %s": "شماره تلفن در منطقه شما نامعتبر است %s",
-    "The verification code has already been used!": "کد تایید قبلاً استفاده شده است!",
-    "The verification code has not been sent yet!": "کد تأیید هنوز ارسال نشده است!",
-    "Turing test failed.": "تست تورینگ ناموفق بود.",
-    "Unable to get the email modify rule.": "عدم توانایی در دریافت قانون تغییر ایمیل.",
-    "Unable to get the phone modify rule.": "عدم توانایی در دریافت قانون تغییر تلفن.",
-    "Unknown type": "نوع ناشناخته",
-    "Wrong verification code!": "کد تأیید اشتباه!",
-    "You should verify your code in %d min!": "شما باید کد خود را در %d دقیقه تأیید کنید!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "لطفاً یک ارائه‌کننده SMS به لیست \\\"ارائه‌کنندگان\\\" برای برنامه اضافه کنید: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "لطفاً یک ارائه‌کننده ایمیل به لیست \\\"ارائه‌کنندگان\\\" برای برنامه اضافه کنید: %s",
-    "the user does not exist, please sign up first": "کاربر وجود ندارد، لطفاً ابتدا ثبت‌نام کنید"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "لطفاً ابتدا WebAuthnSigninBegin را فراخوانی کنید"
-  }
-}
--- a/i18n/locales/fi/data.json
+++ b/i18n/locales/fi/data.json
@@ -1,191 +1,142 @@
 {
  "account": {
-    "Failed to add user": "Käyttäjän lisäys epäonnistui",
-    "Get init score failed, error: %w": "Alkupisteen haku epäonnistui, virhe: %w",
-    "Please sign out first": "Kirjaudu ensin ulos",
-    "The application does not allow to sign up new account": "Sovellus ei salli uuden tilin luomista"
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "auth": {
-    "Challenge method should be S256": "Haasteen metodin tulee olla S256",
-    "DeviceCode Invalid": "DeviceCode virheellinen",
-    "Failed to create user, user information is invalid: %s": "Käyttäjän luonti epäonnistui, käyttäjätiedot ovat virheelliset: %s",
-    "Failed to login in: %s": "Sisäänkirjautuminen epäonnistui: %s",
-    "Invalid token": "Virheellinen token",
-    "State expected: %s, but got: %s": "Odotettiin tilaa: %s, mutta saatiin: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Tiliä providerille: %s ja käyttäjälle: %s (%s) ei ole olemassa, eikä sitä voi rekisteröidä uutena tilinä kautta %%s, käytä toista tapaa rekisteröityä",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Tiliä providerille: %s ja käyttäjälle: %s (%s) ei ole olemassa, eikä sitä voi rekisteröidä uutena tilinä, ota yhteyttä IT-tukeen",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Tili providerille: %s ja käyttäjälle: %s (%s) on jo linkitetty toiseen tiliin: %s (%s)",
-    "The application: %s does not exist": "Sovellus: %s ei ole olemassa",
-    "The login method: login with LDAP is not enabled for the application": "Kirjautumistapa: kirjautuminen LDAP:n kautta ei ole käytössä sovelluksessa",
-    "The login method: login with SMS is not enabled for the application": "Kirjautumistapa: kirjautuminen SMS:n kautta ei ole käytössä sovelluksessa",
-    "The login method: login with email is not enabled for the application": "Kirjautumistapa: kirjautuminen sähköpostin kautta ei ole käytössä sovelluksessa",
-    "The login method: login with face is not enabled for the application": "Kirjautumistapa: kirjautuminen kasvotunnistuksella ei ole käytössä sovelluksessa",
-    "The login method: login with password is not enabled for the application": "Kirjautumistapa: kirjautuminen salasanalla ei ole käytössä sovelluksessa",
-    "The organization: %s does not exist": "Organisaatio: %s ei ole olemassa",
-    "The provider: %s does not exist": "Provider: %s ei ole olemassa",
-    "The provider: %s is not enabled for the application": "Provider: %s ei ole käytössä sovelluksessa",
-    "Unauthorized operation": "Luvaton toiminto",
-    "Unknown authentication type (not password or provider), form = %s": "Tuntematon todennustyyppi (ei salasana tai provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "Käyttäjän tagi: %s ei ole listattu sovelluksen tageissa",
-    "UserCode Expired": "UserCode vanhentunut",
-    "UserCode Invalid": "UserCode virheellinen",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "maksettu-käyttäjä %s ei ole aktiivista tai odottavaa tilausta ja sovellus: %s ei ole oletushinnoittelua",
-    "the application for user %s is not found": "sovellusta käyttäjälle %s ei löydy",
-    "the organization: %s is not found": "organisaatiota: %s ei löydy"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
-    "Service %s and %s do not match": "Palvelu %s ja %s eivät täsmää"
+    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s ei täytä CIDR-muodon vaatimuksia: %s",
-    "Affiliation cannot be blank": "Affiliaatio ei voi olla tyhjä",
-    "CIDR for IP: %s should not be empty": "CIDR IP:lle: %s ei saa olla tyhjä",
-    "Default code does not match the code's matching rules": "Oletuskoodi ei täsmää koodin täsmäyssääntöihin",
-    "DisplayName cannot be blank": "Näyttönimi ei voi olla tyhjä",
-    "DisplayName is not valid real name": "Näyttönimi ei ole kelvollinen oikea nimi",
-    "Email already exists": "Sähköposti on jo olemassa",
-    "Email cannot be empty": "Sähköposti ei voi olla tyhjä",
-    "Email is invalid": "Sähköposti on virheellinen",
-    "Empty username.": "Tyhjä käyttäjänimi.",
-    "Face data does not exist, cannot log in": "Kasvodataa ei ole olemassa, ei voi kirjautua",
-    "Face data mismatch": "Kasvodata ei täsmää",
-    "Failed to parse client IP: %s": "Client IP:n jäsentäminen epäonnistui: %s",
-    "FirstName cannot be blank": "Etunimi ei voi olla tyhjä",
-    "Invitation code cannot be blank": "Kutsukoodi ei voi olla tyhjä",
-    "Invitation code exhausted": "Kutsukoodi on käytetty loppuun",
-    "Invitation code is invalid": "Kutsukoodi on virheellinen",
-    "Invitation code suspended": "Kutsukoodi on keskeytetty",
-    "LDAP user name or password incorrect": "LDAP-käyttäjänimi tai salasana on virheellinen",
-    "LastName cannot be blank": "Sukunimi ei voi olla tyhjä",
-    "Multiple accounts with same uid, please check your ldap server": "Useita tilejä samalla uid:llä, tarkista ldap-palvelimesi",
-    "Organization does not exist": "Organisaatiota ei ole olemassa",
-    "Password cannot be empty": "Salasana ei voi olla tyhjä",
-    "Phone already exists": "Puhelinnumero on jo olemassa",
-    "Phone cannot be empty": "Puhelinnumero ei voi olla tyhjä",
-    "Phone number is invalid": "Puhelinnumero on virheellinen",
-    "Please register using the email corresponding to the invitation code": "Rekisteröidy käyttämällä kutsukoodiin vastaavaa sähköpostia",
-    "Please register using the phone  corresponding to the invitation code": "Rekisteröidy käyttämällä kutsukoodiin vastaavaa puhelinnumeroa",
-    "Please register using the username corresponding to the invitation code": "Rekisteröidy käyttämällä kutsukoodiin vastaavaa käyttäjänimeä",
-    "Session outdated, please login again": "Istunto vanhentunut, kirjaudu uudelleen",
-    "The invitation code has already been used": "Kutsukoodi on jo käytetty",
-    "The user is forbidden to sign in, please contact the administrator": "Käyttäjän kirjautuminen on estetty, ota yhteyttä ylläpitäjään",
-    "The user: %s doesn't exist in LDAP server": "Käyttäjä: %s ei ole olemassa LDAP-palvelimessa",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Käyttäjänimi voi sisältää vain alfanumeerisia merkkejä, alaviivoja tai tavuviivoja, ei voi sisältää peräkkäisiä tavuviivoja tai alaviivoja, eikä voi alkaa tai loppua tavuviivalla tai alaviivalla.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Arvo \\\"%s\\\" tili-kentälle \\\"%s\\\" ei täsmää tili-alkion regexiin",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Arvo \\\"%s\\\" rekisteröitymiskentälle \\\"%s\\\" ei täsmää sovelluksen \\\"%s\\\" rekisteröitymiskentän regexiin",
-    "Username already exists": "Käyttäjänimi on jo olemassa",
-    "Username cannot be an email address": "Käyttäjänimi ei voi olla sähköpostiosoite",
-    "Username cannot contain white spaces": "Käyttäjänimi ei voi sisältää välilyöntejä",
-    "Username cannot start with a digit": "Käyttäjänimi ei voi alkaa numerolla",
-    "Username is too long (maximum is 255 characters).": "Käyttäjänimi on liian pitkä (enintään 255 merkkiä).",
-    "Username must have at least 2 characters": "Käyttäjänimessä on oltava vähintään 2 merkkiä",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Käyttäjänimi tukee sähköpostimuotoa. Lisäksi käyttäjänimi voi sisältää vain alfanumeerisia merkkejä, alaviivoja tai tavuviivoja, ei voi sisältää peräkkäisiä tavuviivoja tai alaviivoja, eikä voi alkaa tai loppua tavuviivalla tai alaviivalla. Huomioi myös sähköpostimuoto.",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Olet syöttänyt väärän salasanan tai koodin liian monta kertaa, odota %d minuuttia ja yritä uudelleen",
-    "Your IP address: %s has been banned according to the configuration of: ": "IP-osoitteesi: %s on estetty asetuksen mukaan: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Salasanasi on vanhentunut. Nollaa salasanasi klikkaamalla \\\"Unohdin salasanan\\\"",
-    "Your region is not allow to signup by phone": "Alueellasi ei ole sallittua rekisteröityä puhelimella",
-    "password or code is incorrect": "salasana tai koodi on virheellinen",
-    "password or code is incorrect, you have %s remaining chances": "salasana tai koodi on virheellinen, sinulla on %s yritystä jäljellä",
-    "unsupported password type: %s": "ei-tuettu salasanatyyppi: %s"
-  },
-  "enforcer": {
-    "the adapter: %s is not found": "adapteria: %s ei löydy"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
  },
  "general": {
-    "Failed to import groups": "Ryhmien tuonti epäonnistui",
-    "Failed to import users": "Käyttäjien tuonti epäonnistui",
-    "Missing parameter": "Parametri puuttuu",
-    "Only admin user can specify user": "Vain ylläpitäjä voi määrittää käyttäjän",
-    "Please login first": "Kirjaudu ensin sisään",
-    "The organization: %s should have one application at least": "Organisaatiolla: %s on oltava vähintään yksi sovellus",
-    "The user: %s doesn't exist": "Käyttäjää: %s ei ole olemassa",
-    "Wrong userId": "Väärä userId",
-    "don't support captchaProvider: ": "ei tueta captchaProvider: ",
-    "this operation is not allowed in demo mode": "tämä toiminto ei ole sallittu demo-tilassa",
-    "this operation requires administrator to perform": "tämä toiminto vaatii ylläpitäjän suorittamista"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
-    "Ldap server exist": "LDAP-palvelin on olemassa"
+    "Ldap server exist": "Ldap server exist"
  },
  "link": {
-    "Please link first": "Linkitä ensin",
-    "This application has no providers": "Tällä sovelluksella ei ole providereita",
-    "This application has no providers of type": "Tällä sovelluksella ei ole tämän tyyppisiä providereita",
-    "This provider can't be unlinked": "Tätä provideria ei voi irrottaa",
-    "You are not the global admin, you can't unlink other users": "Et ole globaali ylläpitäjä, et voi irrottaa muita käyttäjiä",
-    "You can't unlink yourself, you are not a member of any application": "Et voi irrottaa itseäsi, et ole minkään sovelluksen jäsen"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
  },
  "organization": {
-    "Only admin can modify the %s.": "Vain ylläpitäjä voi muokata %s.",
-    "The %s is immutable.": "%s on muuttumaton.",
-    "Unknown modify rule %s.": "Tuntematon muokkaussääntö %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "Uuden käyttäjän lisääminen 'built-in'-organisaatioon on tällä hetkellä poistettu käytöstä. Huomioi: Kaikki 'built-in'-organisaation käyttäjät ovat Casdoorin globaaleja ylläpitäjiä. Katso dokumentaatio: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. Jos haluat silti luoda käyttäjän 'built-in'-organisaatiolle, siirry organisaation asetussivulle ja käytä käyttöön vaihtoehdon 'On oikeuksien suostumus'."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "Oikeutta: \\\"%s\\\" ei ole olemassa"
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "provider": {
-    "Invalid application id": "Virheellinen sovelluksen id",
-    "the provider: %s does not exist": "provideria: %s ei ole olemassa"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
  },
  "resource": {
-    "User is nil for tag: avatar": "Käyttäjä on nil tagille: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Käyttäjänimi tai fullFilePath on tyhjä: username = %s, fullFilePath = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
  },
  "saml": {
-    "Application %s not found": "Sovellusta %s ei löydy"
+    "Application %s not found": "Application %s not found"
  },
  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s:n kategoria ei ole SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
  },
  "service": {
-    "Empty parameters for emailForm: %v": "Tyhjät parametrit emailFormille: %v",
-    "Invalid Email receivers: %s": "Virheelliset sähköpostivastaanottajat: %s",
-    "Invalid phone receivers: %s": "Virheelliset puhelinvastaanottajat: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
  },
  "storage": {
-    "The objectKey: %s is not allowed": "objectKey: %s ei ole sallittu",
-    "The provider type: %s is not supported": "Provider-tyyppiä: %s ei tueta"
-  },
-  "subscription": {
-    "Error": "Virhe"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "token": {
-    "Grant_type: %s is not supported in this application": "Grant_type: %s ei ole tuettu tässä sovelluksessa",
-    "Invalid application or wrong clientSecret": "Virheellinen sovellus tai väärä clientSecret",
-    "Invalid client_id": "Virheellinen client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Uudelleenohjaus-URI: %s ei ole sallittujen uudelleenohjaus-URI-listassa",
-    "Token not found, invalid accessToken": "Tokenia ei löydy, virheellinen accessToken"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
  },
  "user": {
-    "Display name cannot be empty": "Näyttönimi ei voi olla tyhjä",
-    "MFA email is enabled but email is empty": "MFA-sähköposti on käytössä, mutta sähköposti on tyhjä",
-    "MFA phone is enabled but phone number is empty": "MFA-puhelin on käytössä, mutta puhelinnumero on tyhjä",
-    "New password cannot contain blank space.": "Uusi salasana ei voi sisältää välilyöntejä.",
-    "the user's owner and name should not be empty": "käyttäjän omistaja ja nimi eivät saa olla tyhjiä"
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
  },
  "util": {
-    "No application is found for userId: %s": "Sovellusta ei löydy userId:lle: %s",
-    "No provider for category: %s is found for application: %s": "Provideria kategorialle: %s ei löydy sovellukselle: %s",
-    "The provider: %s is not found": "Provideria: %s ei löydy"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
  },
  "verification": {
-    "Invalid captcha provider.": "Virheellinen captcha-provider.",
-    "Phone number is invalid in your region %s": "Puhelinnumero on virheellinen alueellasi %s",
-    "The verification code has already been used!": "Vahvistuskoodi on jo käytetty!",
-    "The verification code has not been sent yet!": "Vahvistuskoodia ei ole vielä lähetetty!",
-    "Turing test failed.": "Turing-testi epäonnistui.",
-    "Unable to get the email modify rule.": "Sähköpostin muokkaussääntöä ei saada.",
-    "Unable to get the phone modify rule.": "Puhelimen muokkaussääntöä ei saada.",
-    "Unknown type": "Tuntematon tyyppi",
-    "Wrong verification code!": "Väärä vahvistuskoodi!",
-    "You should verify your code in %d min!": "Sinun tulee vahvistaa koodisi %d minuutissa!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "lisää SMS-provider \"Providers\"-listalle sovellukselle: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "lisää sähköposti-provider \"Providers\"-listalle sovellukselle: %s",
-    "the user does not exist, please sign up first": "käyttäjää ei ole olemassa, rekisteröidy ensin"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Kutsu ensin WebAuthnSigninBegin"
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@@ -7,7 +7,6 @@
  },
  "auth": {
    "Challenge method should be S256": "La méthode de défi doit être S256",
-    "DeviceCode Invalid": "Code appareil invalide",
    "Failed to create user, user information is invalid: %s": "Échec de la création de l'utilisateur, les informations utilisateur sont invalides : %s",
    "Failed to login in: %s": "Échec de la connexion : %s",
    "Invalid token": "Jeton invalide",
@@ -16,93 +15,54 @@
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Le compte pour le fournisseur : %s et le nom d'utilisateur : %s (%s) n'existe pas et n'est pas autorisé à s'inscrire comme nouveau compte, veuillez contacter votre support informatique",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Le compte du fournisseur : %s et le nom d'utilisateur : %s (%s) sont déjà liés à un autre compte : %s (%s)",
    "The application: %s does not exist": "L'application : %s n'existe pas",
-    "The login method: login with LDAP is not enabled for the application": "La méthode de connexion : connexion LDAP n'est pas activée pour l'application",
-    "The login method: login with SMS is not enabled for the application": "La méthode de connexion : connexion par SMS n'est pas activée pour l'application",
-    "The login method: login with email is not enabled for the application": "La méthode de connexion : connexion par e-mail n'est pas activée pour l'application",
-    "The login method: login with face is not enabled for the application": "La méthode de connexion : connexion par visage n'est pas activée pour l'application",
    "The login method: login with password is not enabled for the application": "La méthode de connexion : connexion avec mot de passe n'est pas activée pour l'application",
-    "The organization: %s does not exist": "L'organisation : %s n'existe pas",
-    "The provider: %s does not exist": "Le fournisseur : %s n'existe pas",
    "The provider: %s is not enabled for the application": "Le fournisseur :%s n'est pas activé pour l'application",
    "Unauthorized operation": "Opération non autorisée",
    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s",
-    "User's tag: %s is not listed in the application's tags": "Le tag de l'utilisateur : %s n'est pas répertorié dans les tags de l'application",
-    "UserCode Expired": "Code utilisateur expiré",
-    "UserCode Invalid": "Code utilisateur invalide",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "L'utilisateur payant %s n'a pas d'abonnement actif ou en attente et l'application : %s n'a pas de tarification par défaut",
-    "the application for user %s is not found": "L'application pour l'utilisateur %s est introuvable",
-    "the organization: %s is not found": "L'organisation : %s est introuvable"
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Les services %s et %s ne correspondent pas"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s ne respecte pas les exigences du format CIDR : %s",
    "Affiliation cannot be blank": "Affiliation ne peut pas être vide",
-    "CIDR for IP: %s should not be empty": "Le CIDR pour l'IP : %s ne doit pas être vide",
-    "Default code does not match the code's matching rules": "Le code par défaut ne correspond pas aux règles de correspondance du code",
    "DisplayName cannot be blank": "Le nom d'affichage ne peut pas être vide",
    "DisplayName is not valid real name": "DisplayName n'est pas un nom réel valide",
    "Email already exists": "E-mail déjà existant",
    "Email cannot be empty": "L'e-mail ne peut pas être vide",
    "Email is invalid": "L'adresse e-mail est invalide",
    "Empty username.": "Nom d'utilisateur vide.",
-    "Face data does not exist, cannot log in": "Les données faciales n'existent pas, connexion impossible",
-    "Face data mismatch": "Données faciales incorrectes",
-    "Failed to parse client IP: %s": "Échec de l'analyse de l'IP client : %s",
    "FirstName cannot be blank": "Le prénom ne peut pas être laissé vide",
-    "Invitation code cannot be blank": "Le code d'invitation ne peut pas être vide",
-    "Invitation code exhausted": "Code d'invitation épuisé",
-    "Invitation code is invalid": "Code d'invitation invalide",
-    "Invitation code suspended": "Code d'invitation suspendu",
    "LDAP user name or password incorrect": "Nom d'utilisateur ou mot de passe LDAP incorrect",
    "LastName cannot be blank": "Le nom de famille ne peut pas être vide",
    "Multiple accounts with same uid, please check your ldap server": "Plusieurs comptes avec le même identifiant d'utilisateur, veuillez vérifier votre serveur LDAP",
    "Organization does not exist": "L'organisation n'existe pas",
-    "Password cannot be empty": "Le mot de passe ne peut pas être vide",
+    "Password must have at least 6 characters": "Le mot de passe doit comporter au moins 6 caractères",
    "Phone already exists": "Le téléphone existe déjà",
    "Phone cannot be empty": "Le téléphone ne peut pas être vide",
    "Phone number is invalid": "Le numéro de téléphone est invalide",
-    "Please register using the email corresponding to the invitation code": "Veuillez vous inscrire avec l'e-mail correspondant au code d'invitation",
-    "Please register using the phone  corresponding to the invitation code": "Veuillez vous inscrire avec le téléphone correspondant au code d'invitation",
-    "Please register using the username corresponding to the invitation code": "Veuillez vous inscrire avec le nom d'utilisateur correspondant au code d'invitation",
    "Session outdated, please login again": "Session expirée, veuillez vous connecter à nouveau",
-    "The invitation code has already been used": "Le code d'invitation a déjà été utilisé",
    "The user is forbidden to sign in, please contact the administrator": "L'utilisateur est interdit de se connecter, veuillez contacter l'administrateur",
-    "The user: %s doesn't exist in LDAP server": "L'utilisateur : %s n'existe pas sur le serveur LDAP",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Le nom d'utilisateur ne peut contenir que des caractères alphanumériques, des traits soulignés ou des tirets, ne peut pas avoir de tirets ou de traits soulignés consécutifs et ne peut pas commencer ou se terminer par un tiret ou un trait souligné.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "La valeur \\\"%s\\\" pour le champ de compte \\\"%s\\\" ne correspond pas à l'expression régulière de l'élément de compte",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "La valeur \\\"%s\\\" pour le champ d'inscription \\\"%s\\\" ne correspond pas à l'expression régulière de l'élément d'inscription de l'application \\\"%s\\\"",
    "Username already exists": "Nom d'utilisateur existe déjà",
    "Username cannot be an email address": "Nom d'utilisateur ne peut pas être une adresse e-mail",
    "Username cannot contain white spaces": "Nom d'utilisateur ne peut pas contenir d'espaces blancs",
    "Username cannot start with a digit": "Nom d'utilisateur ne peut pas commencer par un chiffre",
-    "Username is too long (maximum is 255 characters).": "Nom d'utilisateur est trop long (maximum de 255 caractères).",
+    "Username is too long (maximum is 39 characters).": "Nom d'utilisateur est trop long (maximum de 39 caractères).",
    "Username must have at least 2 characters": "Le nom d'utilisateur doit comporter au moins 2 caractères",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Le nom d'utilisateur prend en charge le format e-mail. De plus, il ne peut contenir que des caractères alphanumériques, des tirets bas ou des traits d'union, ne peut pas avoir de traits d'union ou de tirets bas consécutifs, et ne peut pas commencer ou se terminer par un trait d'union ou un tiret bas. Faites également attention au format de l'e-mail.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Vous avez entré le mauvais mot de passe ou code plusieurs fois, veuillez attendre %d minutes et réessayer",
-    "Your IP address: %s has been banned according to the configuration of: ": "Votre adresse IP : %s a été bannie selon la configuration de : ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Votre mot de passe a expiré. Veuillez le réinitialiser en cliquant sur \\\"Mot de passe oublié\\\"",
    "Your region is not allow to signup by phone": "Votre région n'est pas autorisée à s'inscrire par téléphone",
-    "password or code is incorrect": "mot de passe ou code incorrect",
-    "password or code is incorrect, you have %s remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %s chances",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %d chances",
    "unsupported password type: %s": "Type de mot de passe non pris en charge : %s"
  },
-  "enforcer": {
-    "the adapter: %s is not found": "l'adaptateur : %s est introuvable"
-  },
  "general": {
-    "Failed to import groups": "Échec de l'importation des groupes",
-    "Failed to import users": "Échec de l'importation des utilisateurs",
    "Missing parameter": "Paramètre manquant",
-    "Only admin user can specify user": "Seul un administrateur peut désigner un utilisateur",
    "Please login first": "Veuillez d'abord vous connecter",
-    "The organization: %s should have one application at least": "L'organisation : %s doit avoir au moins une application",
    "The user: %s doesn't exist": "L'utilisateur : %s n'existe pas",
-    "Wrong userId": "ID utilisateur incorrect",
-    "don't support captchaProvider: ": "ne prend pas en charge captchaProvider: ",
-    "this operation is not allowed in demo mode": "cette opération n'est pas autorisée en mode démo",
-    "this operation requires administrator to perform": "cette opération nécessite un administrateur pour être effectuée"
+    "don't support captchaProvider: ": "Ne pas prendre en charge la captchaProvider",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
    "Ldap server exist": "Le serveur LDAP existe"
@@ -118,11 +78,7 @@
  "organization": {
    "Only admin can modify the %s.": "Seul l'administrateur peut modifier le %s.",
    "The %s is immutable.": "Le %s est immuable.",
-    "Unknown modify rule %s.": "Règle de modification inconnue %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "L'ajout d'un nouvel utilisateur à l'organisation « built-in » (intégrée) est actuellement désactivé. Veuillez noter : Tous les utilisateurs de l'organisation « built-in » sont des administrateurs globaux dans Casdoor. Consulter la documentation : https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. Si vous souhaitez encore créer un utilisateur pour l'organisation « built-in », accédez à la page des paramètres de l'organisation et activez l'option « A le consentement aux privilèges »."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "La permission : \\\"%s\\\" n'existe pas"
+    "Unknown modify rule %s.": "Règle de modification inconnue %s."
  },
  "provider": {
    "Invalid application id": "Identifiant d'application invalide",
@@ -147,10 +103,8 @@
    "The objectKey: %s is not allowed": "La clé d'objet : %s n'est pas autorisée",
    "The provider type: %s is not supported": "Le type de fournisseur : %s n'est pas pris en charge"
  },
-  "subscription": {
-    "Error": "Erreur"
-  },
  "token": {
+    "Empty clientId or clientSecret": "clientId ou clientSecret vide",
    "Grant_type: %s is not supported in this application": "Type_de_subvention : %s n'est pas pris en charge dans cette application",
    "Invalid application or wrong clientSecret": "Application invalide ou clientSecret incorrect",
    "Invalid client_id": "Identifiant de client invalide",
@@ -159,10 +113,10 @@
  },
  "user": {
    "Display name cannot be empty": "Le nom d'affichage ne peut pas être vide",
-    "MFA email is enabled but email is empty": "L'authentification MFA par e-mail est activée mais l'e-mail est vide",
-    "MFA phone is enabled but phone number is empty": "L'authentification MFA par téléphone est activée mais le numéro de téléphone est vide",
-    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace.",
-    "the user's owner and name should not be empty": "le propriétaire et le nom de l'utilisateur ne doivent pas être vides"
+    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace."
+  },
+  "user_upload": {
+    "Failed to import users": "Échec de l'importation des utilisateurs"
  },
  "util": {
    "No application is found for userId: %s": "Aucune application n'a été trouvée pour l'identifiant d'utilisateur : %s",
@@ -170,22 +124,19 @@
    "The provider: %s is not found": "Le fournisseur : %s n'a pas été trouvé"
  },
  "verification": {
+    "Code has not been sent yet!": "Le code n'a pas encore été envoyé !",
    "Invalid captcha provider.": "Fournisseur de captcha invalide.",
    "Phone number is invalid in your region %s": "Le numéro de téléphone n'est pas valide dans votre région %s",
-    "The verification code has already been used!": "Le code de vérification a déjà été utilisé !",
-    "The verification code has not been sent yet!": "Le code de vérification n'a pas encore été envoyé !",
    "Turing test failed.": "Le test de Turing a échoué.",
    "Unable to get the email modify rule.": "Incapable d'obtenir la règle de modification de courriel.",
    "Unable to get the phone modify rule.": "Impossible d'obtenir la règle de modification de téléphone.",
    "Unknown type": "Type inconnu",
    "Wrong verification code!": "Mauvais code de vérification !",
    "You should verify your code in %d min!": "Vous devriez vérifier votre code en %d min !",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "veuillez ajouter un fournisseur SMS à la liste \\\"Providers\\\" pour l'application : %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "veuillez ajouter un fournisseur d'e-mail à la liste \\\"Providers\\\" pour l'application : %s",
    "the user does not exist, please sign up first": "L'utilisateur n'existe pas, veuillez vous inscrire d'abord"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
+    "Found no credentials for this user": "Aucune référence trouvée pour cet utilisateur",
    "Please call WebAuthnSigninBegin first": "Veuillez d'abord appeler WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/he/data.json
+++ b/i18n/locales/he/data.json
@@ -1,191 +1,142 @@
 {
  "account": {
-    "Failed to add user": "הוספת משתמש נכשלה",
-    "Get init score failed, error: %w": "קבלת ניקוד התחלתי נכשלה, שגיאה: %w",
-    "Please sign out first": "אנא התנתק תחילה",
-    "The application does not allow to sign up new account": "האפליקציה אינה מאפשרת הרשמה של חשבון חדש"
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "auth": {
-    "Challenge method should be S256": "שיטת האתגר חייבת להיות S256",
-    "DeviceCode Invalid": "קוד מכשיר שגוי",
-    "Failed to create user, user information is invalid: %s": "יצירת משתמש נכשלה, פרטי המשתמש שגויים: %s",
-    "Failed to login in: %s": "כניסה נכשלה: %s",
-    "Invalid token": "אסימון שגוי",
-    "State expected: %s, but got: %s": "מצב צפוי: %s, אך התקבל: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "החשבון עבור ספק: %s ושם משתמש: %s (%s) אינו קיים ואינו מאופשר להרשמה כחשבון חדש דרך %%s, אנא השתמש בדרך אחרת להרשמה",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "החשבון עבור ספק: %s ושם משתמש: %s (%s) אינו קיים ואינו מאופשר להרשמה כחשבון חדש, אנא צור קשר עם התמיכה הטכנית",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "החשבון עבור ספק: %s ושם משתמש: %s (%s) כבר מקושר לחשבון אחר: %s (%s)",
-    "The application: %s does not exist": "האפליקציה: %s אינה קיימת",
-    "The login method: login with LDAP is not enabled for the application": "שיטת הכניסה: כניסה עם LDAP אינה מאופשרת לאפליקציה",
-    "The login method: login with SMS is not enabled for the application": "שיטת הכניסה: כניסה עם SMS אינה מאופשרת לאפליקציה",
-    "The login method: login with email is not enabled for the application": "שיטת הכניסה: כניסה עם אימייל אינה מאופשרת לאפליקציה",
-    "The login method: login with face is not enabled for the application": "שיטת הכניסה: כניסה עם פנים אינה מאופשרת לאפליקציה",
-    "The login method: login with password is not enabled for the application": "שיטת הכניסה: כניסה עם סיסמה אינה מאופשרת לאפליקציה",
-    "The organization: %s does not exist": "הארגון: %s אינו קיים",
-    "The provider: %s does not exist": "הספק: %s אינו קיים",
-    "The provider: %s is not enabled for the application": "הספק: %s אינו מאופשר לאפליקציה",
-    "Unauthorized operation": "פעולה לא מורשית",
-    "Unknown authentication type (not password or provider), form = %s": "סוג אימות לא ידוע (לא סיסמה או ספק), טופס = %s",
-    "User's tag: %s is not listed in the application's tags": "תגית המשתמש: %s אינה רשומה בתגיות האפליקציה",
-    "UserCode Expired": "קוד משתמש פג תוקף",
-    "UserCode Invalid": "קוד משתמש שגוי",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "משתמש בתשלום %s אין לו מנוי פעיל או ממתין והאפליקציה: %s אין לה תמחור ברירת מחדל",
-    "the application for user %s is not found": "האפליקציה עבור המשתמש %s לא נמצאה",
-    "the organization: %s is not found": "הארגון: %s לא נמצא"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
-    "Service %s and %s do not match": "השירות %s ו-%s אינם תואמים"
+    "Service %s and %s do not match": "Service %s and %s do not match"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s אינו עומד בדרישות התבנית CIDR: %s",
-    "Affiliation cannot be blank": "השתייכות אינה יכולה להיות ריקה",
-    "CIDR for IP: %s should not be empty": "CIDR עבור IP: %s לא צריך להיות ריק",
-    "Default code does not match the code's matching rules": "קוד ברירת המחדל אינו תואם לכללי ההתאמה של הקוד",
-    "DisplayName cannot be blank": "שם התצוגה אינו יכול להיות ריק",
-    "DisplayName is not valid real name": "שם התצוגה אינו שם אמיתי תקף",
-    "Email already exists": "האימייל כבר קיים",
-    "Email cannot be empty": "האימייל אינו יכול להיות ריק",
-    "Email is invalid": "האימייל אינו תקף",
-    "Empty username.": "שם משתמש ריק.",
-    "Face data does not exist, cannot log in": "נתוני פנים אינם קיימים, לא ניתן להיכנס",
-    "Face data mismatch": "אי התאמת נתוני פנים",
-    "Failed to parse client IP: %s": "ניתוח כתובת ה-IP של הלקוח נכשל: %s",
-    "FirstName cannot be blank": "שם פרטי אינו יכול להיות ריק",
-    "Invitation code cannot be blank": "קוד הזמנה אינו יכול להיות ריק",
-    "Invitation code exhausted": "קוד ההזמנה נוצל",
-    "Invitation code is invalid": "קוד ההזמנה שגוי",
-    "Invitation code suspended": "קוד ההזמנה הושעה",
-    "LDAP user name or password incorrect": "שם משתמש או סיסמה של LDAP שגויים",
-    "LastName cannot be blank": "שם משפחה אינו יכול להיות ריק",
-    "Multiple accounts with same uid, please check your ldap server": "מספר חשבונות עם אותו uid, אנא בדוק את שרת ה-LDAP שלך",
-    "Organization does not exist": "הארגון אינו קיים",
-    "Password cannot be empty": "הסיסמה אינה יכולה להיות ריקה",
-    "Phone already exists": "הטלפון כבר קיים",
-    "Phone cannot be empty": "הטלפון אינו יכול להיות ריק",
-    "Phone number is invalid": "מספר הטלפון אינו תקף",
-    "Please register using the email corresponding to the invitation code": "אנא הרשם באמצעות האימייל התואם לקוד ההזמנה",
-    "Please register using the phone  corresponding to the invitation code": "אנא הרשם באמצעות הטלפון המתאים לקוד ההזמנה",
-    "Please register using the username corresponding to the invitation code": "אנא הרשם באמצעות שם המשתמש התואם לקוד ההזמנה",
-    "Session outdated, please login again": "הסשן פג תוקף, אנא התחבר שוב",
-    "The invitation code has already been used": "קוד ההזמנה כבר נוצל",
-    "The user is forbidden to sign in, please contact the administrator": "המשתמש אסור להיכנס, אנא צור קשר עם המנהל",
-    "The user: %s doesn't exist in LDAP server": "המשתמש: %s אינו קיים בשרת ה-LDAP",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "שם המשתמש יכול להכיל רק תווים אלפאנומריים, קווים תחתונים או מקפים, לא יכול להכיל מקפים או קווים תחתונים רצופים, ולא יכול להתחיל או להסתיים עם מקף או קו תחתון.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "הערך \\\"%s\\\" עבור שדה החשבון \\\"%s\\\" אינו תואם ל-regex של פריט החשבון",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "הערך \\\"%s\\\" עבור שדה ההרשמה \\\"%s\\\" אינו תואם ל-regex של פריט ההרשמה של האפליקציה \\\"%s\\\"",
-    "Username already exists": "שם המשתמש כבר קיים",
-    "Username cannot be an email address": "שם המשתמש לא יכול להיות כתובת אימייל",
-    "Username cannot contain white spaces": "שם המשתמש לא יכול להכיל רווחים",
-    "Username cannot start with a digit": "שם המשתמש לא יכול להתחיל בספרה",
-    "Username is too long (maximum is 255 characters).": "שם המשתמש ארוך מדי (מקסימום 255 תווים).",
-    "Username must have at least 2 characters": "שם המשתמש חייב להכיל לפחות 2 תווים",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "שם המשתמש תומך בתבנית אימייל. כמו כן, שם המשתמש יכול להכיל רק תווים אלפאנומריים, קווים תחתונים או מקפים, לא יכול להכיל מקפים או קווים תחתונים רצופים, ולא יכול להתחיל או להסתיים עם מקף או קו תחתון. שים לב גם לתבנית האימייל.",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "הזנת סיסמה או קוד שגוי יותר מדי פעמים, אנא המתן %d דקות ונסה שוב",
-    "Your IP address: %s has been banned according to the configuration of: ": "כתובת ה-IP שלך: %s נחסמה לפי התצורה של: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "הסיסמה שלך פגה. אנא אפס את הסיסמה שלך על ידי לחיצה על \\\"שכחתי סיסמה\\\"",
-    "Your region is not allow to signup by phone": "האזור שלך אינו מאפשר הרשמה באמצעות טלפון",
-    "password or code is incorrect": "סיסמה או קוד שגויים",
-    "password or code is incorrect, you have %s remaining chances": "סיסמה או קוד שגויים, יש לך %s ניסיונות נותרים",
-    "unsupported password type: %s": "סוג סיסמה לא נתמך: %s"
-  },
-  "enforcer": {
-    "the adapter: %s is not found": "המתאם: %s לא נמצא"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
  },
  "general": {
-    "Failed to import groups": "יבוא קבוצות נכשל",
-    "Failed to import users": "יבוא משתמשים נכשל",
-    "Missing parameter": "חסר פרמטר",
-    "Only admin user can specify user": "רק משתמש מנהל יכול לציין משתמש",
-    "Please login first": "אנא התחבר תחילה",
-    "The organization: %s should have one application at least": "הארגון: %s צריך להכיל לפחות אפליקציה אחת",
-    "The user: %s doesn't exist": "המשתמש: %s לא קיים",
-    "Wrong userId": "מזהה משתמש שגוי",
-    "don't support captchaProvider: ": "לא נתמך captchaProvider: ",
-    "this operation is not allowed in demo mode": "פעולה זו אינה מותרת במצב הדגמה",
-    "this operation requires administrator to perform": "פעולה זו דורשת מנהל לביצוע"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
-    "Ldap server exist": "שרת LDAP קיים"
+    "Ldap server exist": "Ldap server exist"
  },
  "link": {
-    "Please link first": "אנא קשר תחילה",
-    "This application has no providers": "לאפליקציה זו אין ספקים",
-    "This application has no providers of type": "לאפליקציה זו אין ספקים מסוג",
-    "This provider can't be unlinked": "ספק זה לא יכול להיות מנותק",
-    "You are not the global admin, you can't unlink other users": "אינך מנהל גלובלי, אינך יכול לנתק משתמשים אחרים",
-    "You can't unlink yourself, you are not a member of any application": "אינך יכול לנתק את עצמך, אינך חבר באף אפליקציה"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
  },
  "organization": {
-    "Only admin can modify the %s.": "רק מנהל יכול לשנות את %s.",
-    "The %s is immutable.": "%s הוא בלתי ניתן לשינוי.",
-    "Unknown modify rule %s.": "כלל שינוי לא ידוע %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "הוספת משתמש חדש לארגון 'מובנה' מושבת כעת. שימו לב: כל המשתמשים בארגון 'מובנה' הם מנהלים גלובליים ב-Casdoor. ראו את המסמכים: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. אם עדיין תרצו ליצור משתמש לארגון 'מובנה', עברו לדף הגדרות הארגון והפעילו את האפשרות 'יש הסכמה לזכויות'."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "ההרשאה: \\\"%s\\\" אינה קיימת"
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "provider": {
-    "Invalid application id": "מזהה אפליקציה שגוי",
-    "the provider: %s does not exist": "הספק: %s אינו קיים"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
  },
  "resource": {
-    "User is nil for tag: avatar": "המשתמש הוא nil עבור התג: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "שם המשתמש או fullFilePath ריקים: username = %s, fullFilePath = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
  },
  "saml": {
-    "Application %s not found": "אפליקציה %s לא נמצאה"
+    "Application %s not found": "Application %s not found"
  },
  "saml_sp": {
-    "provider %s's category is not SAML": "הקטגוריה של הספק %s אינה SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
  },
  "service": {
-    "Empty parameters for emailForm: %v": "פרמטרים ריקים עבור emailForm: %v",
-    "Invalid Email receivers: %s": "מקבלי אימייל שגויים: %s",
-    "Invalid phone receivers: %s": "מקבלי SMS שגויים: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
  },
  "storage": {
-    "The objectKey: %s is not allowed": "המפתח objectKey: %s אינו מורשה",
-    "The provider type: %s is not supported": "סוג הספק: %s אינו נתמך"
-  },
-  "subscription": {
-    "Error": "שגיאה"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "token": {
-    "Grant_type: %s is not supported in this application": "סוג ההרשאה: %s אינו נתמך באפליקציה זו",
-    "Invalid application or wrong clientSecret": "אפליקציה שגויה או clientSecret שגוי",
-    "Invalid client_id": "client_id שגוי",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "כתובת הפניה: %s לא קיימת ברשימת כתובות הפניה המורשות",
-    "Token not found, invalid accessToken": "אסימון לא נמצא, accessToken שגוי"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
  },
  "user": {
-    "Display name cannot be empty": "שם התצוגה אינו יכול להיות ריק",
-    "MFA email is enabled but email is empty": "MFA דוא\"ל מופעל אך הדוא\"ל ריק",
-    "MFA phone is enabled but phone number is empty": "MFA טלפון מופעל אך מספר הטלפון ריק",
-    "New password cannot contain blank space.": "הסיסמה החדשה אינה יכולה להכיל רווחים.",
-    "the user's owner and name should not be empty": "הבעלים והשם של המשתמש אינם יכולים להיות ריקים"
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
  },
  "util": {
-    "No application is found for userId: %s": "לא נמצאה אפליקציה עבור userId: %s",
-    "No provider for category: %s is found for application: %s": "לא נמצא ספק עבור הקטגוריה: %s עבור האפליקציה: %s",
-    "The provider: %s is not found": "הספק: %s לא נמצא"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
  },
  "verification": {
-    "Invalid captcha provider.": "ספק captcha שגוי.",
-    "Phone number is invalid in your region %s": "מספר הטלפון אינו תקף באזורך %s",
-    "The verification code has already been used!": "קוד האימות כבר נוצל!",
-    "The verification code has not been sent yet!": "קוד האימות טרם נשלח!",
-    "Turing test failed.": "מבחן טיורינג נכשל.",
-    "Unable to get the email modify rule.": "לא ניתן לקבל את כלל שינוי האימייל.",
-    "Unable to get the phone modify rule.": "לא ניתן לקבל את כלל שינוי הטלפון.",
-    "Unknown type": "סוג לא ידוע",
-    "Wrong verification code!": "קוד אימות שגוי!",
-    "You should verify your code in %d min!": "עליך לאמת את הקוד שלך תוך %d דקות!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "אנא הוסף ספק SMS לרשימת \\\"ספקים\\\" עבור האפליקציה: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "אנא הוסף ספק אימייל לרשימת \\\"ספקים\\\" עבור האפליקציה: %s",
-    "the user does not exist, please sign up first": "המשתמש אינו קיים, אנא הרשם תחילה"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "אנא קרא ל-WebAuthnSigninBegin תחילה"
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@@ -1,132 +1,88 @@
 {
  "account": {
    "Failed to add user": "Gagal menambahkan pengguna",
-    "Get init score failed, error: %w": "Gagal mendapatkan nilai inisiasi, kesalahan: %w",
+    "Get init score failed, error: %w": "Gagal mendapatkan nilai init, kesalahan: %w",
    "Please sign out first": "Silakan keluar terlebih dahulu",
-    "The application does not allow to sign up new account": "Aplikasi tidak memperbolehkan pendaftaran akun baru"
+    "The application does not allow to sign up new account": "Aplikasi tidak memperbolehkan untuk mendaftar akun baru"
  },
  "auth": {
    "Challenge method should be S256": "Metode tantangan harus S256",
-    "DeviceCode Invalid": "Kode perangkat tidak valid",
    "Failed to create user, user information is invalid: %s": "Gagal membuat pengguna, informasi pengguna tidak valid: %s",
    "Failed to login in: %s": "Gagal masuk: %s",
    "Invalid token": "Token tidak valid",
    "State expected: %s, but got: %s": "Diharapkan: %s, tapi diperoleh: %s",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru melalui %%s, silakan gunakan cara lain untuk mendaftar",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru, silakan hubungi dukungan IT Anda",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Akun untuk penyedia: %s dan username: %s (%s) sudah terhubung dengan akun lain: %s (%s)",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Akun untuk provider: %s dan username: %s (%s) sudah terhubung dengan akun lain: %s (%s)",
    "The application: %s does not exist": "Aplikasi: %s tidak ada",
-    "The login method: login with LDAP is not enabled for the application": "Metode masuk: masuk dengan LDAP tidak diaktifkan untuk aplikasi ini",
-    "The login method: login with SMS is not enabled for the application": "Metode masuk: masuk dengan SMS tidak diaktifkan untuk aplikasi ini",
-    "The login method: login with email is not enabled for the application": "Metode masuk: masuk dengan email tidak diaktifkan untuk aplikasi ini",
-    "The login method: login with face is not enabled for the application": "Metode masuk: masuk dengan wajah tidak diaktifkan untuk aplikasi ini",
-    "The login method: login with password is not enabled for the application": "Metode login: login dengan sandi tidak diaktifkan untuk aplikasi tersebut",
-    "The organization: %s does not exist": "Organisasi: %s tidak ada",
-    "The provider: %s does not exist": "Penyedia: %s tidak ada",
+    "The login method: login with password is not enabled for the application": "Metode login: login dengan kata sandi tidak diaktifkan untuk aplikasi tersebut",
    "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
    "Unauthorized operation": "Operasi tidak sah",
-    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan sandi atau penyedia), formulir = %s",
-    "User's tag: %s is not listed in the application's tags": "Tag pengguna: %s tidak terdaftar dalam tag aplikasi",
-    "UserCode Expired": "Kode pengguna kedaluwarsa",
-    "UserCode Invalid": "Kode pengguna tidak valid",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "pengguna berbayar %s tidak memiliki langganan aktif atau tertunda dan aplikasi: %s tidak memiliki harga default",
-    "the application for user %s is not found": "aplikasi untuk pengguna %s tidak ditemukan",
-    "the organization: %s is not found": "organisasi: %s tidak ditemukan"
+    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Layanan %s dan %s tidak cocok"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s tidak memenuhi persyaratan format CIDR: %s",
    "Affiliation cannot be blank": "Keterkaitan tidak boleh kosong",
-    "CIDR for IP: %s should not be empty": "CIDR untuk IP: %s tidak boleh kosong",
-    "Default code does not match the code's matching rules": "Kode default tidak cocok dengan aturan pencocokan kode",
    "DisplayName cannot be blank": "Nama Pengguna tidak boleh kosong",
    "DisplayName is not valid real name": "DisplayName bukanlah nama asli yang valid",
    "Email already exists": "Email sudah ada",
    "Email cannot be empty": "Email tidak boleh kosong",
    "Email is invalid": "Email tidak valid",
    "Empty username.": "Nama pengguna kosong.",
-    "Face data does not exist, cannot log in": "Data wajah tidak ada, tidak dapat masuk",
-    "Face data mismatch": "Ketidakcocokan data wajah",
-    "Failed to parse client IP: %s": "Gagal mengurai IP klien: %s",
    "FirstName cannot be blank": "Nama depan tidak boleh kosong",
-    "Invitation code cannot be blank": "Kode undangan tidak boleh kosong",
-    "Invitation code exhausted": "Kode undangan habis",
-    "Invitation code is invalid": "Kode undangan tidak valid",
-    "Invitation code suspended": "Kode undangan ditangguhkan",
-    "LDAP user name or password incorrect": "Nama pengguna atau sandi LDAP salah",
+    "LDAP user name or password incorrect": "Nama pengguna atau kata sandi Ldap salah",
    "LastName cannot be blank": "Nama belakang tidak boleh kosong",
-    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server LDAP Anda",
+    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server ldap Anda",
    "Organization does not exist": "Organisasi tidak ada",
-    "Password cannot be empty": "Kata sandi tidak boleh kosong",
+    "Password must have at least 6 characters": "Kata sandi harus memiliki minimal 6 karakter",
    "Phone already exists": "Telepon sudah ada",
    "Phone cannot be empty": "Telepon tidak boleh kosong",
    "Phone number is invalid": "Nomor telepon tidak valid",
-    "Please register using the email corresponding to the invitation code": "Silakan daftar menggunakan email yang sesuai dengan kode undangan",
-    "Please register using the phone  corresponding to the invitation code": "Silakan daftar menggunakan nomor telepon yang sesuai dengan kode undangan",
-    "Please register using the username corresponding to the invitation code": "Silakan daftar menggunakan nama pengguna yang sesuai dengan kode undangan",
-    "Session outdated, please login again": "Sesi kadaluwarsa, silakan masuk lagi",
-    "The invitation code has already been used": "Kode undangan sudah digunakan",
+    "Session outdated, please login again": "Sesi kedaluwarsa, silakan masuk lagi",
    "The user is forbidden to sign in, please contact the administrator": "Pengguna dilarang masuk, silakan hubungi administrator",
-    "The user: %s doesn't exist in LDAP server": "Pengguna: %s tidak ada di server LDAP",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Nama pengguna hanya bisa menggunakan karakter alfanumerik, garis bawah atau tanda hubung, tidak boleh memiliki dua tanda hubung atau garis bawah berurutan, dan tidak boleh diawali atau diakhiri dengan tanda hubung atau garis bawah.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Nilai \\\"%s\\\" untuk bidang akun \\\"%s\\\" tidak cocok dengan regex item akun",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Nilai \\\"%s\\\" untuk bidang pendaftaran \\\"%s\\\" tidak cocok dengan regex item pendaftaran aplikasi \\\"%s\\\"",
    "Username already exists": "Nama pengguna sudah ada",
    "Username cannot be an email address": "Username tidak bisa menjadi alamat email",
    "Username cannot contain white spaces": "Username tidak boleh mengandung spasi",
    "Username cannot start with a digit": "Username tidak dapat dimulai dengan angka",
-    "Username is too long (maximum is 255 characters).": "Nama pengguna terlalu panjang (maksimum 255 karakter).",
+    "Username is too long (maximum is 39 characters).": "Nama pengguna terlalu panjang (maksimum 39 karakter).",
    "Username must have at least 2 characters": "Nama pengguna harus memiliki setidaknya 2 karakter",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Nama pengguna mendukung format email. Nama pengguna hanya boleh berisi karakter alfanumerik, garis bawah atau tanda hubung, tidak boleh memiliki garis bawah atau tanda hubung berturut-turut, dan tidak boleh diawali atau diakhiri dengan garis bawah atau tanda hubung. Perhatikan juga format email.",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan sandi atau kode yang salah terlalu sering, mohon tunggu selama %d menit lalu coba kembali",
-    "Your IP address: %s has been banned according to the configuration of: ": "Alamat IP Anda: %s telah diblokir sesuai konfigurasi: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Kata sandi Anda telah kedaluwarsa. Silakan atur ulang kata sandi dengan mengklik \\\"Lupa kata sandi\\\"",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan kata sandi atau kode yang salah terlalu banyak kali, mohon tunggu selama %d menit dan coba lagi",
    "Your region is not allow to signup by phone": "Wilayah Anda tidak diizinkan untuk mendaftar melalui telepon",
-    "password or code is incorrect": "kata sandi atau kode salah",
-    "password or code is incorrect, you have %s remaining chances": "Sandi atau kode salah, Anda memiliki %s kesempatan tersisa",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "Kata sandi atau kode salah, Anda memiliki %d kesempatan tersisa",
    "unsupported password type: %s": "jenis sandi tidak didukung: %s"
  },
-  "enforcer": {
-    "the adapter: %s is not found": "adapter: %s tidak ditemukan"
-  },
  "general": {
-    "Failed to import groups": "Gagal mengimpor grup",
-    "Failed to import users": "Gagal mengimpor pengguna",
    "Missing parameter": "Parameter hilang",
-    "Only admin user can specify user": "Hanya pengguna admin yang dapat menentukan pengguna",
    "Please login first": "Silahkan login terlebih dahulu",
-    "The organization: %s should have one application at least": "Organisasi: %s harus memiliki setidaknya satu aplikasi",
    "The user: %s doesn't exist": "Pengguna: %s tidak ada",
-    "Wrong userId": "userId salah",
    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:",
-    "this operation is not allowed in demo mode": "operasi ini tidak diizinkan dalam mode demo",
-    "this operation requires administrator to perform": "operasi ini memerlukan administrator untuk melakukannya"
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
    "Ldap server exist": "Server ldap ada"
  },
  "link": {
-    "Please link first": "Silahkan tautkan terlebih dahulu",
+    "Please link first": "Tolong tautkan terlebih dahulu",
    "This application has no providers": "Aplikasi ini tidak memiliki penyedia",
    "This application has no providers of type": " Aplikasi ini tidak memiliki penyedia tipe ",
-    "This provider can't be unlinked": "Penyedia layanan ini tidak dapat dipisahkan",
+    "This provider can't be unlinked": "Pemberi layanan ini tidak dapat dipisahkan",
    "You are not the global admin, you can't unlink other users": "Anda bukan admin global, Anda tidak dapat memutuskan tautan pengguna lain",
    "You can't unlink yourself, you are not a member of any application": "Anda tidak dapat memutuskan tautan diri sendiri, karena Anda bukan anggota dari aplikasi apa pun"
  },
  "organization": {
    "Only admin can modify the %s.": "Hanya admin yang dapat memodifikasi %s.",
    "The %s is immutable.": "%s tidak dapat diubah.",
-    "Unknown modify rule %s.": "Aturan modifikasi tidak diketahui %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "Penambahan pengguna baru ke organisasi 'built-in' (terintegrasi) saat ini dinonaktifkan. Perhatikan: Semua pengguna di organisasi 'built-in' adalah administrator global di Casdoor. Lihat dokumentasi: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. Jika Anda masih ingin membuat pengguna untuk organisasi 'built-in', buka halaman pengaturan organisasi dan aktifkan opsi 'Memiliki persetujuan hak istimewa'."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "Izin: \\\"%s\\\" tidak ada"
+    "Unknown modify rule %s.": "Aturan modifikasi tidak diketahui %s."
  },
  "provider": {
    "Invalid application id": "ID aplikasi tidak valid",
-    "the provider: %s does not exist": "penyedia: %s tidak ada"
+    "the provider: %s does not exist": "provider: %s tidak ada"
  },
  "resource": {
    "User is nil for tag: avatar": "Pengguna kosong untuk tag: avatar",
@@ -147,22 +103,20 @@
    "The objectKey: %s is not allowed": "Kunci objek: %s tidak diizinkan",
    "The provider type: %s is not supported": "Jenis penyedia: %s tidak didukung"
  },
-  "subscription": {
-    "Error": "Kesalahan"
-  },
  "token": {
+    "Empty clientId or clientSecret": "Kosong clientId atau clientSecret",
    "Grant_type: %s is not supported in this application": "Jenis grant (grant_type) %s tidak didukung dalam aplikasi ini",
    "Invalid application or wrong clientSecret": "Aplikasi tidak valid atau clientSecret salah",
-    "Invalid client_id": "ID klien tidak valid",
+    "Invalid client_id": "Invalid client_id = ID klien tidak valid",
    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI pengalihan: %s tidak ada dalam daftar URI Pengalihan yang diizinkan",
    "Token not found, invalid accessToken": "Token tidak ditemukan, accessToken tidak valid"
  },
  "user": {
    "Display name cannot be empty": "Nama tampilan tidak boleh kosong",
-    "MFA email is enabled but email is empty": "Email MFA diaktifkan tetapi email kosong",
-    "MFA phone is enabled but phone number is empty": "Telepon MFA diaktifkan tetapi nomor telepon kosong",
-    "New password cannot contain blank space.": "Sandi baru tidak boleh mengandung spasi kosong.",
-    "the user's owner and name should not be empty": "pemilik dan nama pengguna tidak boleh kosong"
+    "New password cannot contain blank space.": "Kata sandi baru tidak boleh mengandung spasi kosong."
+  },
+  "user_upload": {
+    "Failed to import users": "Gagal mengimpor pengguna"
  },
  "util": {
    "No application is found for userId: %s": "Tidak ditemukan aplikasi untuk userId: %s",
@@ -170,22 +124,19 @@
    "The provider: %s is not found": "Penyedia: %s tidak ditemukan"
  },
  "verification": {
+    "Code has not been sent yet!": "Kode belum dikirimkan!",
    "Invalid captcha provider.": "Penyedia captcha tidak valid.",
    "Phone number is invalid in your region %s": "Nomor telepon tidak valid di wilayah anda %s",
-    "The verification code has already been used!": "Kode verifikasi sudah digunakan!",
-    "The verification code has not been sent yet!": "Kode verifikasi belum dikirim!",
    "Turing test failed.": "Tes Turing gagal.",
    "Unable to get the email modify rule.": "Tidak dapat memperoleh aturan modifikasi email.",
    "Unable to get the phone modify rule.": "Tidak dapat memodifikasi aturan telepon.",
    "Unknown type": "Tipe tidak diketahui",
    "Wrong verification code!": "Kode verifikasi salah!",
    "You should verify your code in %d min!": "Anda harus memverifikasi kode Anda dalam %d menit!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "silakan tambahkan penyedia SMS ke daftar \\\"Providers\\\" untuk aplikasi: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "silakan tambahkan penyedia Email ke daftar \\\"Providers\\\" untuk aplikasi: %s",
    "the user does not exist, please sign up first": "Pengguna tidak ada, silakan daftar terlebih dahulu"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
+    "Found no credentials for this user": "Tidak ditemukan kredensial untuk pengguna ini",
    "Please call WebAuthnSigninBegin first": "Harap panggil WebAuthnSigninBegin terlebih dahulu"
  }
 }
--- a/i18n/locales/it/data.json
+++ b/i18n/locales/it/data.json
@@ -1,191 +1,150 @@
 {
  "account": {
-    "Failed to add user": "Aggiunta utente fallita",
-    "Get init score failed, error: %w": "Errore iniziale punteggio: %w",
-    "Please sign out first": "Esegui prima il logout",
-    "The application does not allow to sign up new account": "L'app non consente registrazione"
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "auth": {
-    "Challenge method should be S256": "Metodo challenge deve essere S256",
-    "DeviceCode Invalid": "Codice dispositivo non valido",
-    "Failed to create user, user information is invalid: %s": "Creazione utente fallita: dati non validi: %s",
-    "Failed to login in: %s": "Login fallito: %s",
-    "Invalid token": "Token non valido",
-    "State expected: %s, but got: %s": "Stato atteso: %s, ricevuto: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Account per provider: %s e utente: %s (%s) non esiste, registrazione tramite %%s non consentita",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Account per provider: %s e utente: %s (%s) non esiste, registrazione non consentita: contatta l'assistenza IT",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Account per provider: %s e utente: %s (%s) già collegato a un altro account: %s (%s)",
-    "The application: %s does not exist": "L'app: %s non esiste",
-    "The login method: login with LDAP is not enabled for the application": "Metodo di accesso: login con LDAP non abilitato per l'applicazione",
-    "The login method: login with SMS is not enabled for the application": "Metodo di accesso: login con SMS non abilitato per l'applicazione",
-    "The login method: login with email is not enabled for the application": "Metodo di accesso: login con email non abilitato per l'applicazione",
-    "The login method: login with face is not enabled for the application": "Metodo di accesso: login con riconoscimento facciale non abilitato per l'applicazione",
-    "The login method: login with password is not enabled for the application": "Login con password non abilitato per questa app",
-    "The organization: %s does not exist": "L'organizzazione: %s non esiste",
-    "The provider: %s does not exist": "Il provider: %s non esiste",
-    "The provider: %s is not enabled for the application": "Il provider: %s non è abilitato per l'app",
-    "Unauthorized operation": "Operazione non autorizzata",
-    "Unknown authentication type (not password or provider), form = %s": "Tipo di autenticazione sconosciuto (non password o provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "Il tag dell'utente: %s non è presente nei tag dell'applicazione",
-    "UserCode Expired": "Codice utente scaduto",
-    "UserCode Invalid": "Codice utente non valido",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "L'utente a pagamento %s non ha una sottoscrizione attiva o in attesa e l'applicazione: %s non ha una tariffazione predefinita",
-    "the application for user %s is not found": "applicazione per l'utente %s non trovata",
-    "the organization: %s is not found": "organizzazione: %s non trovata"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
-    "Service %s and %s do not match": "Servizi %s e %s non corrispondono"
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s non soddisfa i requisiti di formato CIDR: %s",
-    "Affiliation cannot be blank": "Affiliazione obbligatoria",
-    "CIDR for IP: %s should not be empty": "Il CIDR per l'IP: %s non deve essere vuoto",
-    "Default code does not match the code's matching rules": "Il codice predefinito non rispetta le regole di corrispondenza del codice",
-    "DisplayName cannot be blank": "Nome visualizzato obbligatorio",
-    "DisplayName is not valid real name": "Nome visualizzato non valido",
-    "Email already exists": "Email già esistente",
-    "Email cannot be empty": "Email obbligatoria",
-    "Email is invalid": "Email non valida",
-    "Empty username.": "Username vuoto",
-    "Face data does not exist, cannot log in": "Dati facciali assenti, impossibile effettuare il login",
-    "Face data mismatch": "Mancata corrispondenza dei dati facciali",
-    "Failed to parse client IP: %s": "Impossibile analizzare l'IP del client: %s",
-    "FirstName cannot be blank": "Nome obbligatorio",
-    "Invitation code cannot be blank": "Il codice di invito non può essere vuoto",
-    "Invitation code exhausted": "Codice di invito esaurito",
-    "Invitation code is invalid": "Codice di invito non valido",
-    "Invitation code suspended": "Codice di invito sospeso",
-    "LDAP user name or password incorrect": "LDAP username o password errati",
-    "LastName cannot be blank": "Cognome obbligatorio",
-    "Multiple accounts with same uid, please check your ldap server": "UID duplicato, verifica il server LDAP",
-    "Organization does not exist": "Organizzazione inesistente",
-    "Password cannot be empty": "La password non può essere vuota",
-    "Phone already exists": "Telefono già esistente",
-    "Phone cannot be empty": "Telefono obbligatorio",
-    "Phone number is invalid": "Numero telefono non valido",
-    "Please register using the email corresponding to the invitation code": "Registrati con l'email corrispondente al codice di invito",
-    "Please register using the phone  corresponding to the invitation code": "Registrati con il numero di telefono corrispondente al codice di invito",
-    "Please register using the username corresponding to the invitation code": "Registrati con il nome utente corrispondente al codice di invito",
-    "Session outdated, please login again": "Sessione scaduta, rieffettua il login",
-    "The invitation code has already been used": "Il codice di invito è già stato utilizzato",
-    "The user is forbidden to sign in, please contact the administrator": "Utente bloccato, contatta l'amministratore",
-    "The user: %s doesn't exist in LDAP server": "L'utente: %s non esiste nel server LDAP",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Username solo caratteri alfanumerici, underscore o trattini. Non può iniziare/finire con trattino o underscore.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Il valore \\\"%s\\\" per il campo account \\\"%s\\\" non corrisponde alla regex dell'elemento account",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Il valore \\\"%s\\\" per il campo registrazione \\\"%s\\\" non corrisponde alla regex dell'elemento registrazione dell'applicazione \\\"%s\\\"",
-    "Username already exists": "Username già esistente",
-    "Username cannot be an email address": "Username non può essere un'email",
-    "Username cannot contain white spaces": "Username non può contenere spazi",
-    "Username cannot start with a digit": "Username non può iniziare con un numero",
-    "Username is too long (maximum is 255 characters).": "Username troppo lungo (max 255 caratteri)",
-    "Username must have at least 2 characters": "Username minimo 2 caratteri",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Il nome utente supporta il formato email. Inoltre il nome utente può contenere solo caratteri alfanumerici, underscore o trattini, non può avere trattini o underscore consecutivi e non può iniziare o terminare con un trattino o underscore. Presta attenzione al formato email.",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Troppi tentativi errati, attendi %d minuti",
-    "Your IP address: %s has been banned according to the configuration of: ": "Il tuo indirizzo IP: %s è stato bannato secondo la configurazione di: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "La tua password è scaduta. Reimposta la password cliccando \\\"Password dimenticata\\\"",
-    "Your region is not allow to signup by phone": "Registrazione via telefono non consentita nella tua regione",
-    "password or code is incorrect": "password o codice errati",
-    "password or code is incorrect, you have %s remaining chances": "password o codice errati, %s tentativi rimasti",
-    "unsupported password type: %s": "tipo password non supportato: %s"
-  },
-  "enforcer": {
-    "the adapter: %s is not found": "l'adapter: %s non è stato trovato"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
  },
  "general": {
-    "Failed to import groups": "Impossibile importare i gruppi",
-    "Failed to import users": "Importazione utenti fallita",
-    "Missing parameter": "Parametro mancante",
-    "Only admin user can specify user": "Solo un utente amministratore può specificare l'utente",
-    "Please login first": "Effettua prima il login",
-    "The organization: %s should have one application at least": "L'organizzazione: %s deve avere almeno un'applicazione",
-    "The user: %s doesn't exist": "Utente: %s non esiste",
-    "Wrong userId": "ID utente errato",
-    "don't support captchaProvider: ": "captchaProvider non supportato: ",
-    "this operation is not allowed in demo mode": "questa operazione non è consentita in modalità demo",
-    "this operation requires administrator to perform": "questa operazione richiede un amministratore"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
-    "Ldap server exist": "Server LDAP esistente"
+    "Ldap server exist": "Ldap server exist"
  },
  "link": {
-    "Please link first": "Collega prima",
-    "This application has no providers": "L'app non ha provider",
-    "This application has no providers of type": "L'app non ha provider di tipo",
-    "This provider can't be unlinked": "Questo provider non può essere scollegato",
-    "You are not the global admin, you can't unlink other users": "Non sei admin globale, non puoi scollegare altri utenti",
-    "You can't unlink yourself, you are not a member of any application": "Non puoi scollegarti, non sei membro di alcuna app"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
  },
  "organization": {
-    "Only admin can modify the %s.": "Solo admin può modificare %s.",
-    "The %s is immutable.": "%s è immutabile.",
-    "Unknown modify rule %s.": "Regola modifica %s sconosciuta.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "L'aggiunta di un nuovo utente all'organizzazione 'built-in' (integrata) è attualmente disabilitata. Si noti che tutti gli utenti nell'organizzazione 'built-in' sono amministratori globali in Casdoor. Consultare la documentazione: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. Se si desidera comunque creare un utente per l'organizzazione 'built-in', andare alla pagina delle impostazioni dell'organizzazione e abilitare l'opzione 'Ha il consenso ai privilegi'."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "Il permesso: \\\"%s\\\" non esiste"
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "provider": {
-    "Invalid application id": "ID app non valido",
-    "the provider: %s does not exist": "provider: %s non esiste"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
  },
  "resource": {
-    "User is nil for tag: avatar": "Utente nullo per tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username o percorso file vuoti: username = %s, fullFilePath = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
  },
  "saml": {
-    "Application %s not found": "App %s non trovata"
+    "Application %s not found": "Application %s not found"
  },
  "saml_sp": {
-    "provider %s's category is not SAML": "Provider %s non è di tipo SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
  },
  "service": {
-    "Empty parameters for emailForm: %v": "Parametri emailForm vuoti: %v",
-    "Invalid Email receivers: %s": "Destinatari email non validi: %s",
-    "Invalid phone receivers: %s": "Destinatari SMS non validi: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
  },
  "storage": {
-    "The objectKey: %s is not allowed": "Chiave oggetto: %s non consentita",
-    "The provider type: %s is not supported": "Tipo provider: %s non supportato"
-  },
-  "subscription": {
-    "Error": "Errore"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "token": {
-    "Grant_type: %s is not supported in this application": "Grant_type: %s non supportato in questa app",
-    "Invalid application or wrong clientSecret": "App non valida o clientSecret errato",
-    "Invalid client_id": "client_id non valido",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI di redirect: %s non consentito",
-    "Token not found, invalid accessToken": "Token non trovato, accessToken non valido"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
  },
  "user": {
-    "Display name cannot be empty": "Nome visualizzato obbligatorio",
-    "MFA email is enabled but email is empty": "L'email MFA è abilitata ma l'email è vuota",
-    "MFA phone is enabled but phone number is empty": "Il telefono MFA è abilitato ma il numero di telefono è vuoto",
-    "New password cannot contain blank space.": "Nuova password non può contenere spazi",
-    "the user's owner and name should not be empty": "il proprietario e il nome dell'utente non devono essere vuoti"
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
  },
  "util": {
-    "No application is found for userId: %s": "Nessuna app trovata per userId: %s",
-    "No provider for category: %s is found for application: %s": "Nessun provider per categoria: %s nell'app: %s",
-    "The provider: %s is not found": "Provider: %s non trovato"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
  },
  "verification": {
-    "Invalid captcha provider.": "Provider captcha non valido",
-    "Phone number is invalid in your region %s": "Numero telefono non valido nella regione %s",
-    "The verification code has already been used!": "Il codice di verifica è già stato utilizzato!",
-    "The verification code has not been sent yet!": "Il codice di verifica non è ancora stato inviato!",
-    "Turing test failed.": "Test Turing fallito",
-    "Unable to get the email modify rule.": "Impossibile ottenere regola modifica email",
-    "Unable to get the phone modify rule.": "Impossibile ottenere regola modifica telefono",
-    "Unknown type": "Tipo sconosciuto",
-    "Wrong verification code!": "Codice verifica errato!",
-    "You should verify your code in %d min!": "Verifica codice entro %d min!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "aggiungi un provider SMS all'elenco \\\"Providers\\\" per l'applicazione: %s",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "aggiungi un provider Email all'elenco \\\"Providers\\\" per l'applicazione: %s",
-    "the user does not exist, please sign up first": "Utente inesistente, registrati prima"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Chiamare prima WebAuthnSigninBegin"
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@@ -7,7 +7,6 @@
  },
  "auth": {
    "Challenge method should be S256": "チャレンジメソッドはS256である必要があります",
-    "DeviceCode Invalid": "デバイスコードが無効です",
    "Failed to create user, user information is invalid: %s": "ユーザーの作成に失敗しました。ユーザー情報が無効です：%s",
    "Failed to login in: %s": "ログインできませんでした：%s",
    "Invalid token": "無効なトークン",
@@ -16,93 +15,54 @@
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "プロバイダー名：%sとユーザー名：%s（%s）のアカウントは存在しません。新しいアカウントとしてサインアップすることはできません。 ITサポートに連絡してください",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "プロバイダのアカウント：%s とユーザー名：%s (%s) は既に別のアカウント：%s (%s) にリンクされています",
    "The application: %s does not exist": "アプリケーション: %sは存在しません",
-    "The login method: login with LDAP is not enabled for the application": "このアプリケーションでは LDAP ログインは有効になっていません",
-    "The login method: login with SMS is not enabled for the application": "このアプリケーションでは SMS ログインは有効になっていません",
-    "The login method: login with email is not enabled for the application": "このアプリケーションではメールログインは有効になっていません",
-    "The login method: login with face is not enabled for the application": "このアプリケーションでは顔認証ログインは有効になっていません",
    "The login method: login with password is not enabled for the application": "ログイン方法：パスワードでのログインはアプリケーションで有効になっていません",
-    "The organization: %s does not exist": "組織「%s」は存在しません",
-    "The provider: %s does not exist": "プロバイダ「%s」は存在しません",
    "The provider: %s is not enabled for the application": "プロバイダー：%sはアプリケーションでは有効化されていません",
    "Unauthorized operation": "不正操作",
    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s",
-    "User's tag: %s is not listed in the application's tags": "ユーザータグ「%s」はアプリケーションのタグに含まれていません",
-    "UserCode Expired": "ユーザーコードの有効期限が切れています",
-    "UserCode Invalid": "ユーザーコードが無効です",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "有料ユーザー「%s」には有効または保留中のサブスクリプションがなく、アプリケーション「%s」にはデフォルトの価格設定がありません",
-    "the application for user %s is not found": "ユーザー「%s」のアプリケーションが見つかりません",
-    "the organization: %s is not found": "組織「%s」が見つかりません"
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "サービス%sと%sは一致しません"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s は CIDR フォーマットの要件を満たしていません: %s",
    "Affiliation cannot be blank": "所属は空白にできません",
-    "CIDR for IP: %s should not be empty": "IP「%s」の CIDR は空にできません",
-    "Default code does not match the code's matching rules": "デフォルトコードがコードの一致ルールに一致しません",
    "DisplayName cannot be blank": "表示名は空白にできません",
    "DisplayName is not valid real name": "表示名は有効な実名ではありません",
    "Email already exists": "メールは既に存在します",
    "Email cannot be empty": "メールが空白にできません",
    "Email is invalid": "電子メールは無効です",
    "Empty username.": "空のユーザー名。",
-    "Face data does not exist, cannot log in": "顔認証データが存在しないため、ログインできません",
-    "Face data mismatch": "顔認証データが一致しません",
-    "Failed to parse client IP: %s": "クライアント IP「%s」の解析に失敗しました",
    "FirstName cannot be blank": "ファーストネームは空白にできません",
-    "Invitation code cannot be blank": "招待コードは空にできません",
-    "Invitation code exhausted": "招待コードの使用回数が上限に達しました",
-    "Invitation code is invalid": "招待コードが無効です",
-    "Invitation code suspended": "招待コードは一時的に無効化されています",
    "LDAP user name or password incorrect": "Ldapのユーザー名またはパスワードが間違っています",
    "LastName cannot be blank": "姓は空白にできません",
    "Multiple accounts with same uid, please check your ldap server": "同じuidを持つ複数のアカウントがあります。あなたのLDAPサーバーを確認してください",
    "Organization does not exist": "組織は存在しません",
-    "Password cannot be empty": "パスワードは空にできません",
+    "Password must have at least 6 characters": "パスワードは少なくとも6つの文字が必要です",
    "Phone already exists": "電話はすでに存在しています",
    "Phone cannot be empty": "電話は空っぽにできません",
    "Phone number is invalid": "電話番号が無効です",
-    "Please register using the email corresponding to the invitation code": "招待コードに対応するメールアドレスで登録してください",
-    "Please register using the phone  corresponding to the invitation code": "招待コードに対応する電話番号で登録してください",
-    "Please register using the username corresponding to the invitation code": "招待コードに対応するユーザー名で登録してください",
    "Session outdated, please login again": "セッションが期限切れになりました。再度ログインしてください",
-    "The invitation code has already been used": "この招待コードは既に使用されています",
    "The user is forbidden to sign in, please contact the administrator": "ユーザーはサインインできません。管理者に連絡してください",
-    "The user: %s doesn't exist in LDAP server": "ユーザー「%s」は LDAP サーバーに存在しません",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "ユーザー名には英数字、アンダースコア、ハイフンしか含めることができません。連続したハイフンまたはアンダースコアは不可であり、ハイフンまたはアンダースコアで始まるまたは終わることもできません。",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "アカウントフィールド「%s」の値「%s」がアカウント項目の正規表現に一致しません",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "アプリケーション「%s」のサインアップ項目「%s」の値「%s」が正規表現に一致しません",
    "Username already exists": "ユーザー名はすでに存在しています",
    "Username cannot be an email address": "ユーザー名には電子メールアドレスを使用できません",
    "Username cannot contain white spaces": "ユーザ名にはスペースを含めることはできません",
    "Username cannot start with a digit": "ユーザー名は数字で始めることはできません",
-    "Username is too long (maximum is 255 characters).": "ユーザー名が長すぎます（最大255文字）。",
+    "Username is too long (maximum is 39 characters).": "ユーザー名が長すぎます（最大39文字）。",
    "Username must have at least 2 characters": "ユーザー名は少なくとも2文字必要です",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "ユーザー名はメール形式もサポートします。ユーザー名は英数字、アンダースコア、またはハイフンのみを含め、連続するハイフンやアンダースコアは使用できません。また、ハイフンまたはアンダースコアで始まったり終わったりすることもできません。メール形式にも注意してください。",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "あなたは間違ったパスワードまたはコードを何度も入力しました。%d 分間待ってから再度お試しください",
-    "Your IP address: %s has been banned according to the configuration of: ": "あなたの IP アドレス「%s」は設定によりアクセスが禁止されています: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "パスワードの有効期限が切れています。「パスワードを忘れた方はこちら」をクリックしてリセットしてください",
    "Your region is not allow to signup by phone": "あなたの地域は電話でサインアップすることができません",
-    "password or code is incorrect": "パスワードまたはコードが正しくありません",
-    "password or code is incorrect, you have %s remaining chances": "パスワードまたはコードが間違っています。あと %s 回の試行機会があります",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "パスワードまたはコードが間違っています。あと%d回の試行機会があります",
    "unsupported password type: %s": "サポートされていないパスワードタイプ：%s"
  },
-  "enforcer": {
-    "the adapter: %s is not found": "アダプタ「%s」が見つかりません"
-  },
  "general": {
-    "Failed to import groups": "グループのインポートに失敗しました",
-    "Failed to import users": "ユーザーのインポートに失敗しました",
    "Missing parameter": "不足しているパラメーター",
-    "Only admin user can specify user": "管理者ユーザーのみがユーザーを指定できます",
    "Please login first": "最初にログインしてください",
-    "The organization: %s should have one application at least": "組織「%s」は少なくとも1つのアプリケーションを持っている必要があります",
    "The user: %s doesn't exist": "そのユーザー：%sは存在しません",
-    "Wrong userId": "無効なユーザーIDです",
    "don't support captchaProvider: ": "captchaProviderをサポートしないでください",
-    "this operation is not allowed in demo mode": "この操作はデモモードでは許可されていません",
-    "this operation requires administrator to perform": "この操作は管理者権限が必要です"
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
  },
  "ldap": {
    "Ldap server exist": "LDAPサーバーは存在します"
@@ -118,11 +78,7 @@
  "organization": {
    "Only admin can modify the %s.": "管理者のみが%sを変更できます。",
    "The %s is immutable.": "%sは不変です。",
-    "Unknown modify rule %s.": "未知の変更ルール%s。",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "「built-in」（組み込み）組織への新しいユーザーの追加は現在無効になっています。注意：「built-in」組織のすべてのユーザーは、Casdoor のグローバル管理者です。ドキュメントを参照してください：https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself。「built-in」組織のユーザーを作成したい場合は、組織の設定ページに移動し、「特権同意を持つ」オプションを有効にしてください。"
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "権限「%s」は存在しません"
+    "Unknown modify rule %s.": "未知の変更ルール%s。"
  },
  "provider": {
    "Invalid application id": "アプリケーションIDが無効です",
@@ -147,10 +103,8 @@
    "The objectKey: %s is not allowed": "オブジェクトキー %s は許可されていません",
    "The provider type: %s is not supported": "プロバイダータイプ：%sはサポートされていません"
  },
-  "subscription": {
-    "Error": "エラー"
-  },
  "token": {
+    "Empty clientId or clientSecret": "クライアントIDまたはクライアントシークレットが空です",
    "Grant_type: %s is not supported in this application": "grant_type：%sはこのアプリケーションでサポートされていません",
    "Invalid application or wrong clientSecret": "無効なアプリケーションまたは誤ったクライアントシークレットです",
    "Invalid client_id": "client_idが無効です",
@@ -159,10 +113,10 @@
  },
  "user": {
    "Display name cannot be empty": "表示名は空にできません",
-    "MFA email is enabled but email is empty": "MFA メールが有効になっていますが、メールアドレスが空です",
-    "MFA phone is enabled but phone number is empty": "MFA 電話番号が有効になっていますが、電話番号が空です",
-    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。",
-    "the user's owner and name should not be empty": "ユーザーのオーナーと名前は空にできません"
+    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。"
+  },
+  "user_upload": {
+    "Failed to import users": "ユーザーのインポートに失敗しました"
  },
  "util": {
    "No application is found for userId: %s": "ユーザーIDに対するアプリケーションが見つかりません： %s",
@@ -170,22 +124,19 @@
    "The provider: %s is not found": "プロバイダー：%sが見つかりません"
  },
  "verification": {
+    "Code has not been sent yet!": "まだコードが送信されていません！",
    "Invalid captcha provider.": "無効なCAPTCHAプロバイダー。",
    "Phone number is invalid in your region %s": "電話番号はあなたの地域で無効です %s",
-    "The verification code has already been used!": "この検証コードは既に使用されています！",
-    "The verification code has not been sent yet!": "検証コードはまだ送信されていません！",
    "Turing test failed.": "チューリングテストは失敗しました。",
    "Unable to get the email modify rule.": "電子メール変更規則を取得できません。",
    "Unable to get the phone modify rule.": "電話の変更ルールを取得できません。",
    "Unknown type": "不明なタイプ",
    "Wrong verification code!": "誤った検証コードです！",
    "You should verify your code in %d min!": "あなたは%d分であなたのコードを確認する必要があります！",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "アプリケーション「%s」の「Providers」リストに SMS プロバイダを追加してください",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "アプリケーション「%s」の「Providers」リストにメールプロバイダを追加してください",
    "the user does not exist, please sign up first": "ユーザーは存在しません。まず登録してください"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
+    "Found no credentials for this user": "このユーザーの資格情報が見つかりませんでした",
    "Please call WebAuthnSigninBegin first": "最初にWebAuthnSigninBeginを呼び出してください"
  }
 }
--- a/i18n/locales/kk/data.json
+++ b/i18n/locales/kk/data.json
@@ -1,191 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Gebruiker toevoegen mislukt",
-    "Get init score failed, error: %w": "Initiële score ophalen mislukt, fout: %w",
-    "Please sign out first": "Gelieve eerst uit te loggen",
-    "The application does not allow to sign up new account": "De applicatie staat geen nieuwe registraties toe"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge-methode moet S256 zijn",
-    "DeviceCode Invalid": "DeviceCode ongeldig",
-    "Failed to create user, user information is invalid: %s": "Gebruiker aanmaken mislukt, gebruikersinformatie ongeldig: %s",
-    "Failed to login in: %s": "Inloggen mislukt: %s",
-    "Invalid token": "Ongeldige token",
-    "State expected: %s, but got: %s": "Verwachte state: %s, maar kreeg: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Account voor provider: %s en gebruikersnaam: %s (%s) bestaat niet en mag niet registreren via %%s, gebruik een andere methode",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Account voor provider: %s en gebruikersnaam: %s (%s) bestaat niet en mag niet registreren, contacteer IT-support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Account voor provider: %s en gebruikersnaam: %s (%s) is al gelinkt aan ander account: %s (%s)",
-    "The application: %s does not exist": "Applicatie: %s bestaat niet",
-    "The login method: login with LDAP is not enabled for the application": "Inloggen via LDAP is niet ingeschakeld voor deze applicatie",
-    "The login method: login with SMS is not enabled for the application": "Inloggen via SMS is niet ingeschakeld voor deze applicatie",
-    "The login method: login with email is not enabled for the application": "Inloggen via e-mail is niet ingeschakeld voor deze applicatie",
-    "The login method: login with face is not enabled for the application": "Inloggen via gezichtsherkenning is niet ingeschakeld voor deze applicatie",
-    "The login method: login with password is not enabled for the application": "Inloggen via wachtwoord is niet ingeschakeld voor deze applicatie",
-    "The organization: %s does not exist": "Organisatie: %s bestaat niet",
-    "The provider: %s does not exist": "Provider: %s bestaat niet",
-    "The provider: %s is not enabled for the application": "Provider: %s is niet ingeschakeld voor de applicatie",
-    "Unauthorized operation": "Ongeautoriseerde handeling",
-    "Unknown authentication type (not password or provider), form = %s": "Onbekend authenticatietype (geen wachtwoord of provider), formulier = %s",
-    "User's tag: %s is not listed in the application's tags": "Gebruikerstag: %s staat niet in de applicatietags",
-    "UserCode Expired": "UserCode verlopen",
-    "UserCode Invalid": "UserCode ongeldig",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Betaalde gebruiker %s heeft geen actief of lopend abonnement en applicatie: %s heeft geen standaardprijzen",
-    "the application for user %s is not found": "Applicatie voor gebruiker %s niet gevonden",
-    "the organization: %s is not found": "Organisatie: %s niet gevonden"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s en %s komen niet overeen"
-  },
-  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s voldoet niet aan CIDR-formaat: %s",
-    "Affiliation cannot be blank": "Organisatie mag niet leeg zijn",
-    "CIDR for IP: %s should not be empty": "CIDR voor IP: %s mag niet leeg zijn",
-    "Default code does not match the code's matching rules": "Standaardcode komt niet overeen met matching rules",
-    "DisplayName cannot be blank": "Weergavenaam mag niet leeg zijn",
-    "DisplayName is not valid real name": "Weergavenaam is geen geldige echte naam",
-    "Email already exists": "E-mailadres bestaat al",
-    "Email cannot be empty": "E-mailadres mag niet leeg zijn",
-    "Email is invalid": "Ongeldig e-mailadres",
-    "Empty username.": "Lege gebruikersnaam.",
-    "Face data does not exist, cannot log in": "Gezichtsgegevens ontbreken, inloggen niet mogelijk",
-    "Face data mismatch": "Gezichtsgegevens komen niet overeen",
-    "Failed to parse client IP: %s": "Client-IP parsen mislukt: %s",
-    "FirstName cannot be blank": "Voornaam mag niet leeg zijn",
-    "Invitation code cannot be blank": "Uitnodigingscode mag niet leeg zijn",
-    "Invitation code exhausted": "Uitnodigingscode uitgeput",
-    "Invitation code is invalid": "Uitnodigingscode ongeldig",
-    "Invitation code suspended": "Uitnodigingscode opgeschort",
-    "LDAP user name or password incorrect": "LDAP-gebruikersnaam of wachtwoord onjuist",
-    "LastName cannot be blank": "Achternaam mag niet leeg zijn",
-    "Multiple accounts with same uid, please check your ldap server": "Meerdere accounts met zelfde uid, controleer LDAP-server",
-    "Organization does not exist": "Organisatie bestaat niet",
-    "Password cannot be empty": "Wachtwoord mag niet leeg zijn",
-    "Phone already exists": "Telefoonnummer bestaat al",
-    "Phone cannot be empty": "Telefoonnummer mag niet leeg zijn",
-    "Phone number is invalid": "Ongeldig telefoonnummer",
-    "Please register using the email corresponding to the invitation code": "Registreer met het e-mailadres dat hoort bij de uitnodigingscode",
-    "Please register using the phone  corresponding to the invitation code": "Registreer met het telefoonnummer dat hoort bij de uitnodigingscode",
-    "Please register using the username corresponding to the invitation code": "Registreer met de gebruikersnaam die hoort bij de uitnodigingscode",
-    "Session outdated, please login again": "Sessie verlopen, gelieve opnieuw in te loggen",
-    "The invitation code has already been used": "Uitnodigingscode is al gebruikt",
-    "The user is forbidden to sign in, please contact the administrator": "Gebruiker mag niet inloggen, contacteer beheerder",
-    "The user: %s doesn't exist in LDAP server": "Gebruiker: %s bestaat niet in LDAP-server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Gebruikersnaam mag alleen alfanumerieke tekens, underscores of koppeltekens bevatten, geen opeenvolgende koppeltekens/underscores, en mag niet beginnen of eindigen met koppelteken of underscore.",
-    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Хадгаламалық өрісі \\\"%s\\\" үшін мәні \\\"%s\\\" хадгаламалық элементінің регекспімен сәйкес келмейді",
-    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Тіркелу өрісі \\\"%s\\\" үшін мәні \\\"%s\\\" қолданба \\\"%s\\\"-нің тіркелу элементінің регекспімен сәйкес келмейді",
-    "Username already exists": "Gebruikersnaam bestaat al",
-    "Username cannot be an email address": "Gebruikersnaam mag geen e-mailadres zijn",
-    "Username cannot contain white spaces": "Gebruikersnaam mag geen spaties bevatten",
-    "Username cannot start with a digit": "Gebruikersnaam mag niet met cijfer beginnen",
-    "Username is too long (maximum is 255 characters).": "Gebruikersnaam te lang (maximaal 255 tekens).",
-    "Username must have at least 2 characters": "Gebruikersnaam moet minstens 2 tekens hebben",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Gebruikersnaam ondersteunt e-mailformaat. Mag alleen alfanumerieke tekens, underscores of koppeltekens bevatten, geen opeenvolgende koppeltekens/underscores, en mag niet beginnen of eindigen met koppelteken of underscore. Let op e-mailformaat.",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Te vaak verkeerd wachtwoord of code ingevoerd, wacht %d minuten en probeer opnieuw",
-    "Your IP address: %s has been banned according to the configuration of: ": "Je IP-adres: %s is verbannen volgens configuratie van: ",
-    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Сіздің пароліңіз мерзімі аяқталды. Кликтап \\\"Парольді ұмытып қалдым\\\" нұсқасын қалпына келтіріңіз",
-    "Your region is not allow to signup by phone": "Registratie per telefoon niet toegestaan in jouw regio",
-    "password or code is incorrect": "wachtwoord of code onjuist",
-    "password or code is incorrect, you have %s remaining chances": "wachtwoord of code onjuist, nog %s pogingen over",
-    "unsupported password type: %s": "niet-ondersteund wachtwoordtype: %s"
-  },
-  "enforcer": {
-    "the adapter: %s is not found": "adapter: %s niet gevonden"
-  },
-  "general": {
-    "Failed to import groups": "Importeren groepen mislukt",
-    "Failed to import users": "Importeren gebruikers mislukt",
-    "Missing parameter": "Ontbrekende parameter",
-    "Only admin user can specify user": "Alleen beheerder mag gebruiker specificeren",
-    "Please login first": "Gelieve eerst in te loggen",
-    "The organization: %s should have one application at least": "Organisatie: %s moet minstens één applicatie hebben",
-    "The user: %s doesn't exist": "Gebruiker: %s bestaat niet",
-    "Wrong userId": "Verkeerde userId",
-    "don't support captchaProvider: ": "captchaProvider niet ondersteund: ",
-    "this operation is not allowed in demo mode": "deze handeling is niet toegestaan in demo-modus",
-    "this operation requires administrator to perform": "deze handeling vereist beheerder"
-  },
-  "ldap": {
-    "Ldap server exist": "LDAP-server bestaat al"
-  },
-  "link": {
-    "Please link first": "Gelieve eerst te linken",
-    "This application has no providers": "Deze applicatie heeft geen providers",
-    "This application has no providers of type": "Deze applicatie heeft geen providers van type",
-    "This provider can't be unlinked": "Deze provider kan niet ontkoppeld worden",
-    "You are not the global admin, you can't unlink other users": "Je bent geen globale beheerder, je kunt andere gebruikers niet ontkoppelen",
-    "You can't unlink yourself, you are not a member of any application": "Je kunt jezelf niet ontkoppelen, je bent geen lid van enige applicatie"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Alleen beheerder kan %s wijzigen.",
-    "The %s is immutable.": "%s is onveranderlijk.",
-    "Unknown modify rule %s.": "Onbekende wijzigingsregel %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "'Built-in' (құрылымдық) ұйымға жаңа пайдаланушы қосу әзірге өшірілген. Ескеріңіз: 'Built-in' ұйымдағы барлық пайдаланушылар Casdoor дөгел әкімдері болып табылады. Документацияға қараңыз: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. Егер сіз әлі де 'Built-in' ұйымы үшін пайдаланушы жасауын қаласаңыз, ұйымның баптаулар бетinə оралыңыз және 'Рұқсатларға растау бар' опциясын қосу іске ашыңыз."
-  },
-  "permission": {
-    "The permission: \\\"%s\\\" doesn't exist": "Рұқсат: \\\"%s\\\" жоқ"
-  },
-  "provider": {
-    "Invalid application id": "Ongeldige applicatie-ID",
-    "the provider: %s does not exist": "provider: %s bestaat niet"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "Gebruiker is nil voor tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Gebruikersnaam of fullFilePath is leeg: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Applicatie %s niet gevonden"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s is niet van categorie SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Lege parameters voor emailForm: %v",
-    "Invalid Email receivers: %s": "Ongeldige e-mailontvangers: %s",
-    "Invalid phone receivers: %s": "Ongeldige telefoonontvangers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "objectKey: %s is niet toegestaan",
-    "The provider type: %s is not supported": "Providertype: %s wordt niet ondersteund"
-  },
-  "subscription": {
-    "Error": "Fout"
-  },
-  "token": {
-    "Grant_type: %s is not supported in this application": "Grant_type: %s wordt niet ondersteund in deze applicatie",
-    "Invalid application or wrong clientSecret": "Ongeldige applicatie of verkeerde clientSecret",
-    "Invalid client_id": "Ongeldige client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s staat niet in toegestane lijst",
-    "Token not found, invalid accessToken": "Token niet gevonden, ongeldige accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Weergavenaam mag niet leeg zijn",
-    "MFA email is enabled but email is empty": "MFA-e-mail is ingeschakeld maar e-mailadres is leeg",
-    "MFA phone is enabled but phone number is empty": "MFA-telefoon is ingeschakeld maar telefoonnummer is leeg",
-    "New password cannot contain blank space.": "Nieuw wachtwoord mag geen spaties bevatten.",
-    "the user's owner and name should not be empty": "eigenaar en naam van gebruiker mogen niet leeg zijn"
-  },
-  "util": {
-    "No application is found for userId: %s": "Geen applicatie gevonden voor userId: %s",
-    "No provider for category: %s is found for application: %s": "Geen provider voor categorie: %s gevonden voor applicatie: %s",
-    "The provider: %s is not found": "Provider: %s niet gevonden"
-  },
-  "verification": {
-    "Invalid captcha provider.": "Ongeldige captcha-provider.",
-    "Phone number is invalid in your region %s": "Telefoonnummer ongeldig in regio %s",
-    "The verification code has already been used!": "Verificatiecode is al gebruikt!",
-    "The verification code has not been sent yet!": "Verificatiecode is nog niet verstuurd!",
-    "Turing test failed.": "Turing-test mislukt.",
-    "Unable to get the email modify rule.": "Kan e-mail-wijzigingsregel niet ophalen.",
-    "Unable to get the phone modify rule.": "Kan telefoon-wijzigingsregel niet ophalen.",
-    "Unknown type": "Onbekend type",
-    "Wrong verification code!": "Verkeerde verificatiecode!",
-    "You should verify your code in %d min!": "Verifieer je code binnen %d min!",
-    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "Күріспе: %s қолданбасының \\\"Провайдерлер\\\" тізіміне SMS провайдерін қосыңыз",
-    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "Күріспе: %s қолданбасының \\\"Провайдерлер\\\" тізіміне Электрондық пошта провайдерін қосыңыз",
-    "the user does not exist, please sign up first": "gebruiker bestaat niet, registreer eerst"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Roep eerst WebAuthnSigninBegin aan"
-  }
-}
--- a/Show More
+++ b/Show More