feat: increase LDAP's "basedn" field to 500 chars (#4062 )

fix: improve "Copy signup page URL" button UI in invitation edit page (#4038 )
feat: fix missing search params bug in switchLoginOrganization() (#4058 )
2025-08-12 08:47:46 +08:00 · 2025-08-11 16:46:15 +08:00 · 2025-08-10 23:03:13 +08:00 · 2025-08-10 22:11:06 +08:00 · 2025-08-10 20:40:30 +08:00 · 2025-08-10 00:09:43 +08:00
10 changed files with 104 additions and 34 deletions
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"io"
 	"mime"
+	"path"
 	"path/filepath"
 	"strings"

@@ -187,6 +188,11 @@ func (c *ApiController) DeleteResource() {
 	}
 	_, resource.Name = refineFullFilePath(resource.Name)

+	tag := c.Input().Get("tag")
+	if tag == "Direct" {
+		resource.Name = path.Join(provider.PathPrefix, resource.Name)
+	}
+
 	err = object.DeleteFile(provider, resource.Name, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
--- a/object/enforcer.go
+++ b/object/enforcer.go
@@ -16,6 +16,7 @@ package object

 import (
 	"fmt"
+	"slices"

 	"github.com/casbin/casbin/v2"
 	"github.com/casdoor/casdoor/util"
@@ -209,7 +210,7 @@ func GetPolicies(id string) ([]*xormadapter.CasbinRule, error) {
 // Filter represents filter criteria with optional policy type
 type Filter struct {
 	Ptype       string   `json:"ptype,omitempty"`
-	FieldIndex  int      `json:"fieldIndex"`
+	FieldIndex  *int     `json:"fieldIndex,omitempty"`
 	FieldValues []string `json:"fieldValues"`
 }

@@ -262,24 +263,29 @@ func GetFilteredPoliciesMulti(id string, filters []Filter) ([]*xormadapter.Casbi
 		for _, policy := range allPolicies {
 			matchesAllFilters := true
 			for _, filter := range filters {
-				// If no policy type is specified, set it to the default policy type
+				// Default policy type if unspecified
 				if filter.Ptype == "" {
 					filter.Ptype = "p"
 				}
-				// Check policy type
+				// Always check policy type
 				if policy.Ptype != filter.Ptype {
 					matchesAllFilters = false
 					break
 				}

-				// Check if field index is valid (0-5 for V0-V5)
-				if filter.FieldIndex < 0 || filter.FieldIndex > 5 {
-					matchesAllFilters = false
-					break
+				// If FieldIndex is nil, only filter via ptype (skip field-value checks)
+				if filter.FieldIndex == nil {
+					continue
 				}

-				fieldValue := ""
-				switch filter.FieldIndex {
+				fieldIndex := *filter.FieldIndex
+				// If FieldIndex is out of range, also only filter via ptype
+				if fieldIndex < 0 || fieldIndex > 5 {
+					continue
+				}
+
+				var fieldValue string
+				switch fieldIndex {
 				case 0:
 					fieldValue = policy.V0
 				case 1:
@@ -294,15 +300,8 @@ func GetFilteredPoliciesMulti(id string, filters []Filter) ([]*xormadapter.Casbi
 					fieldValue = policy.V5
 				}

-				found := false
-				// Check if field value is in the list of expected values
-				for _, expectedValue := range filter.FieldValues {
-					if fieldValue == expectedValue {
-						found = true
-						break
-					}
-				}
-				if !found {
+				// When FieldIndex is provided and valid, enforce FieldValues (if any)
+				if len(filter.FieldValues) > 0 && !slices.Contains(filter.FieldValues, fieldValue) {
 					matchesAllFilters = false
 					break
 				}
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -30,7 +30,7 @@ type Ldap struct {
 	AllowSelfSignedCert bool     `xorm:"bool" json:"allowSelfSignedCert"`
 	Username            string   `xorm:"varchar(100)" json:"username"`
 	Password            string   `xorm:"varchar(100)" json:"password"`
-	BaseDn              string   `xorm:"varchar(100)" json:"baseDn"`
+	BaseDn              string   `xorm:"varchar(500)" json:"baseDn"`
 	Filter              string   `xorm:"varchar(200)" json:"filter"`
 	FilterFields        []string `xorm:"varchar(100)" json:"filterFields"`
 	DefaultGroup        string   `xorm:"varchar(100)" json:"defaultGroup"`
--- a/object/resource_direct.go
+++ b/object/resource_direct.go
@@ -31,9 +31,11 @@ func GetDirectResources(owner string, user string, provider *Provider, prefix st
 	fullPathPrefix := util.UrlJoin(provider.PathPrefix, prefix)
 	objects, err := storageProvider.List(fullPathPrefix)
 	for _, obj := range objects {
+		name := strings.TrimPrefix(obj.Path, "/")
+		name = strings.TrimPrefix(name, provider.PathPrefix+"/")
 		resource := &Resource{
 			Owner:       owner,
-			Name:        strings.TrimPrefix(obj.Path, "/"),
+			Name:        name,
 			CreatedTime: obj.LastModified.Local().Format(time.RFC3339),
 			User:        user,
 			Provider:    "",
--- a/web/src/InvitationEditPage.js
+++ b/web/src/InvitationEditPage.js
@@ -14,6 +14,7 @@

 import React from "react";
 import {Button, Card, Col, Input, InputNumber, Row, Select} from "antd";
+import {CopyOutlined} from "@ant-design/icons";
 import * as InvitationBackend from "./backend/InvitationBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
@@ -130,9 +131,6 @@ class InvitationEditPage extends React.Component {
          {this.state.mode === "add" ? i18next.t("invitation:New Invitation") : i18next.t("invitation:Edit Invitation")}&nbsp;&nbsp;&nbsp;&nbsp;
          <Button onClick={() => this.submitInvitationEdit(false)}>{i18next.t("general:Save")}</Button>
          <Button style={{marginLeft: "20px"}} type="primary" onClick={() => this.submitInvitationEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
-          <Button style={{marginLeft: "20px"}} onClick={_ => this.copySignupLink()}>
-            {i18next.t("application:Copy signup page URL")}
-          </Button>
          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteInvitation()}>{i18next.t("general:Cancel")}</Button> : null}
        </div>
      } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
@@ -192,6 +190,15 @@ class InvitationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          </Col>
+          <Col span={22} >
+            <Button style={{marginBottom: "10px"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={_ => this.copySignupLink()}>
+              {i18next.t("application:Copy signup page URL")}
+            </Button>
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("invitation:Quota"), i18next.t("invitation:Quota - Tooltip"))} :
@@ -337,9 +344,6 @@ class InvitationEditPage extends React.Component {
        <div style={{marginTop: "20px", marginLeft: "40px"}}>
          <Button size="large" onClick={() => this.submitInvitationEdit(false)}>{i18next.t("general:Save")}</Button>
          <Button style={{marginLeft: "20px"}} type="primary" size="large" onClick={() => this.submitInvitationEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
-          <Button style={{marginLeft: "20px"}} size="large" onClick={_ => this.copySignupLink()}>
-            {i18next.t("application:Copy signup page URL")}
-          </Button>
          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} size="large" onClick={() => this.deleteInvitation()}>{i18next.t("general:Cancel")}</Button> : null}
        </div>
      </div>
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@@ -1296,6 +1296,9 @@ export function renderSignupLink(application, text) {
  } else {
    if (application.signupUrl === "") {
      url = `/signup/${application.name}`;
+      if (application.isShared) {
+        url = `/signup/${application.name}-org-${application.organization}`;
+      }
    } else {
      url = application.signupUrl;
    }
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -595,6 +595,32 @@ class LoginPage extends React.Component {
    return null;
  }

+  switchLoginOrganization(name) {
+    const searchParams = new URLSearchParams(window.location.search);
+
+    const clientId = searchParams.get("client_id");
+    if (clientId) {
+      const clientIdSplited = clientId.split("-org-");
+      searchParams.set("client_id", `${clientIdSplited[0]}-org-${name}`);
+
+      Setting.goToLink(`/login/oauth/authorize?${searchParams.toString()}`);
+      return;
+    }
+
+    const application = this.getApplicationObj();
+    if (window.location.pathname.startsWith("/login/saml/authorize")) {
+      Setting.goToLink(`/login/saml/authorize/${name}/${application.name}-org-${name}?${searchParams.toString()}`);
+      return;
+    }
+
+    if (window.location.pathname.startsWith("/cas")) {
+      Setting.goToLink(`/cas/${application.name}-org-${name}/${name}/login?${searchParams.toString()}`);
+      return;
+    }
+    searchParams.set("orgChoiceMode", "None");
+    Setting.goToLink(`/login/${name}?${searchParams.toString()}`);
+  }
+
  renderFormItem(application, signinItem) {
    if (!signinItem.visible && signinItem.name !== "Forgot password?") {
      return null;
@@ -648,6 +674,9 @@ class LoginPage extends React.Component {
      )
      ;
    } else if (signinItem.name === "Username") {
+      if (this.state.loginMethod === "wechat") {
+        return (<WeChatLoginPanel application={application} loginMethod={this.state.loginMethod} />);
+      }
      return (
        <div key={resultItemKey}>
          <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
@@ -750,6 +779,9 @@ class LoginPage extends React.Component {
    } else if (signinItem.name === "Agreement") {
      return AgreementModal.isAgreementRequired(application) ? AgreementModal.renderAgreementFormItem(application, true, {}, this) : null;
    } else if (signinItem.name === "Login button") {
+      if (this.state.loginMethod === "wechat") {
+        return null;
+      }
      return (
        <Form.Item key={resultItemKey} className="login-button-box">
          <div dangerouslySetInnerHTML={{__html: ("<style>" + signinItem.customCss?.replaceAll("<style>", "").replaceAll("</style>", "") + "</style>")}} />
@@ -848,6 +880,17 @@ class LoginPage extends React.Component {
          {this.renderFooter(application, signinItem)}
        </div>
      );
+    } else if (signinItem.name === "Select organization") {
+      return (
+        <Form.Item>
+          <div key={resultItemKey} style={{width: "100%"}} className="login-organization-select">
+            <OrganizationSelect style={{width: "100%"}} initValue={application.organization}
+              onSelect={(value) => {
+                this.switchLoginOrganization(value);
+              }} />
+          </div>
+        </Form.Item>
+      );
    }
  }

@@ -896,10 +939,6 @@ class LoginPage extends React.Component {
        loginWidth += 10;
      }

-      if (this.state.loginMethod === "wechat") {
-        return (<WeChatLoginPanel application={application} renderFormItem={this.renderFormItem.bind(this)} loginMethod={this.state.loginMethod} loginWidth={loginWidth} renderMethodChoiceBox={this.renderMethodChoiceBox.bind(this)} />);
-      }
-
      return (
        <Form
          name="normal_login"
@@ -1239,6 +1278,7 @@ class LoginPage extends React.Component {
      [generateItemKey("WebAuthn", "None"), {label: i18next.t("login:WebAuthn"), key: "webAuthn"}],
      [generateItemKey("LDAP", "None"), {label: i18next.t("login:LDAP"), key: "ldap"}],
      [generateItemKey("Face ID", "None"), {label: i18next.t("login:Face ID"), key: "faceId"}],
+      [generateItemKey("WeChat", "Tab"), {label: i18next.t("login:WeChat"), key: "wechat"}],
      [generateItemKey("WeChat", "None"), {label: i18next.t("login:WeChat"), key: "wechat"}],
    ]);

@@ -1403,6 +1443,8 @@ class LoginPage extends React.Component {
      );
    }

+    const wechatSigninMethods = application.signinMethods?.filter(method => method.name === "WeChat" && method.rule === "Login page");
+
    return (
      <React.Fragment>
        <CustomGithubCorner />
@@ -1420,6 +1462,15 @@ class LoginPage extends React.Component {
                }
              </div>
            </div>
+            {
+              wechatSigninMethods?.length > 0 ? (<div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
+                <div>
+                  <h3 style={{textAlign: "center", width: 320}}>{i18next.t("provider:Please use WeChat to scan the QR code and follow the official account for sign in")}</h3>
+                  <WeChatLoginPanel application={application} loginMethod={this.state.loginMethod} />
+                </div>
+              </div>
+              ) : null
+            }
          </div>
        </div>
      </React.Fragment>
--- a/web/src/auth/WeChatLoginPanel.js
+++ b/web/src/auth/WeChatLoginPanel.js
@@ -78,13 +78,10 @@ class WeChatLoginPanel extends React.Component {
  }

  render() {
-    const {application, loginWidth = 320} = this.props;
+    const {loginWidth = 320} = this.props;
    const {status, qrCode} = this.state;
    return (
      <div style={{width: loginWidth, margin: "0 auto", textAlign: "center", marginTop: 16}}>
-        {application.signinItems?.filter(item => item.name === "Logo").map(signinItem => this.props.renderFormItem(application, signinItem))}
-        {this.props.renderMethodChoiceBox()}
-        {application.signinItems?.filter(item => item.name === "Languages").map(signinItem => this.props.renderFormItem(application, signinItem))}
        <div style={{marginTop: 2}}>
          <QRCode style={{margin: "auto", marginTop: "20px", marginBottom: "20px"}} bordered={false} status={status} value={qrCode ?? " "} size={230} />
          <div style={{marginTop: 8}}>
--- a/web/src/table/SigninMethodTable.js
+++ b/web/src/table/SigninMethodTable.js
@@ -96,6 +96,8 @@ class SigninMethodTable extends React.Component {
                this.updateField(table, index, "displayName", value);
                if (value === "Verification code" || value === "Password") {
                  this.updateField(table, index, "rule", "All");
+                } else if (value === "WeChat") {
+                  this.updateField(table, index, "rule", "Tab");
                } else {
                  this.updateField(table, index, "rule", "None");
                }
@@ -139,6 +141,11 @@ class SigninMethodTable extends React.Component {
              {id: "Non-LDAP", name: i18next.t("general:Non-LDAP")},
              {id: "Hide password", name: i18next.t("general:Hide password")},
            ];
+          } else if (record.name === "WeChat") {
+            options = [
+              {id: "Tab", name: i18next.t("general:Tab")},
+              {id: "Login page", name: i18next.t("general:Login page")},
+            ];
          }

          if (options.length === 0) {
--- a/web/src/table/SigninTable.js
+++ b/web/src/table/SigninTable.js
@@ -119,6 +119,7 @@ class SigninTable extends React.Component {
            {name: "Signup link", displayName: i18next.t("general:Signup link")},
            {name: "Captcha", displayName: i18next.t("general:Captcha")},
            {name: "Auto sign in", displayName: i18next.t("login:Auto sign in")},
+            {name: "Select organization", displayName: i18next.t("login:Select organization")},
          ];

          const getItemDisplayName = (text) => {
Author	SHA1	Message	Date
hamidreza abedi	3bb7cc6b81	feat: increase LDAP's "basedn" field to 500 chars (#4062 )	2025-08-11 16:46:15 +08:00
Robin Ye	1fb3249bfd	fix: improve "Copy signup page URL" button UI in invitation edit page (#4038 )	2025-08-10 23:03:13 +08:00
DacongDA	ff8f61a84c	feat: fix missing search params bug in switchLoginOrganization() (#4058 )	2025-08-10 22:11:06 +08:00
DacongDA	a118879dc0	feat: allow user to select organization in login page when using shared app (#4053 )	2025-08-10 20:40:30 +08:00
DacongDA	386b673446	feat: support scanning code to login in the login page (#4052 )	2025-08-10 00:09:43 +08:00
DacongDA	6abd46fe81	feat: fix issue that signing up with shared application will create user in wrong org (#4051 )	2025-08-09 22:25:01 +08:00
IsAurora6	49d734d249	feat: standardize Resource APIs by handling path prefix internally and returning clean paths (#4047 )	2025-08-08 23:31:22 +08:00
iderr	f5b4cd7fab	feat: Fix GetFilteredPoliciesMulti when filtering only by ptype (#4039 )	2025-08-05 22:51:40 +08:00