feat: use SMTPAuthAutoDiscover in NewSmtpEmailProvider

feat: fix SmtpEmailProvider's send email bug
feat: replace Email sender lib: gomail with wneessen/go-mail (#3888 )
2025-06-21 13:15:23 +08:00 · 2025-06-21 11:30:07 +08:00 · 2025-06-18 20:46:53 +08:00
440 changed files with 33707 additions and 41009 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,5 @@
-*.go linguist-detectable=true
-*.js linguist-detectable=false
-# Declare files that will always have LF line endings on checkout.
-# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
+*.go linguist-detectable=true
+*.js linguist-detectable=false
+# Declare files that will always have LF line endings on checkout.
+# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
 *.sh text eol=lf
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,10 +1,6 @@
 name: Build

-on:
-  push:
-    branches:
-      - master
-  pull_request:
+on: [ push, pull_request ]

 jobs:

@@ -24,7 +20,7 @@ jobs:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: '1.23'
+          go-version: '^1.16.5'
          cache-dependency-path: ./go.mod
      - name: Tests
        run: |
@@ -44,12 +40,6 @@ jobs:
          cache-dependency-path: ./web/yarn.lock
      - run: yarn install && CI=false yarn run build
        working-directory: ./web
-      - name: Upload build artifacts
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
-        uses: actions/upload-artifact@v4
-        with:
-          name: frontend-build-${{ github.run_id }}
-          path: ./web/build

  backend:
    name: Back-end
@@ -59,7 +49,7 @@ jobs:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: '1.23'
+          go-version: '^1.16.5'
          cache-dependency-path: ./go.mod
      - run: go version
      - name: Build
@@ -75,7 +65,7 @@ jobs:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: '1.23'
+          go-version: '^1.16.5'
          cache: false

      # gen a dummy config file
@@ -104,28 +94,11 @@ jobs:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: '1.23'
+          go-version: '^1.16.5'
          cache-dependency-path: ./go.mod
      - name: start backend
-        run: nohup go run ./main.go > /tmp/backend.log 2>&1 &
+        run: nohup go run ./main.go &
        working-directory: ./
-      - name: Wait for backend to be ready
-        run: |
-          echo "Waiting for backend server to start on port 8000..."
-          for i in {1..60}; do
-            if curl -s http://localhost:8000 > /dev/null 2>&1; then
-              echo "Backend is ready!"
-              break
-            fi
-            if [ $i -eq 60 ]; then
-              echo "Backend failed to start within 60 seconds"
-              echo "Backend logs:"
-              cat /tmp/backend.log || echo "No backend logs available"
-              exit 1
-            fi
-            echo "Waiting... ($i/60)"
-            sleep 1
-          done
      - uses: actions/setup-node@v3
        with:
          node-version: 20
@@ -152,95 +125,39 @@ jobs:
          name: cypress-videos
          path: ./web/cypress/videos

-  tag-release:
-    name: Create Tag
+  release-and-push:
+    name: Release And Push
    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      issues: write
    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
    needs: [ frontend, backend, linter, e2e ]
-    outputs:
-      new-release-published: ${{ steps.semantic.outputs.new_release_published }}
-      new-release-version: ${{ steps.semantic.outputs.new_release_version }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Create Tag with Semantic Release
-        id: semantic
-        uses: cycjimmy/semantic-release-action@v4
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  github-release:
-    name: GitHub Release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      issues: write
-    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && needs.tag-release.outputs.new-release-published == 'true'
-    needs: [ tag-release ]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Free disk space
-        uses: jlumbroso/free-disk-space@v1.3.1
-        with:
-          tool-cache: false
-          android: true
-          dotnet: true
-          haskell: true
-          large-packages: true
-          swap-storage: true
-
-      - name: Download frontend build artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: frontend-build-${{ github.run_id }}
-          path: ./web/build
-
-      - name: Prepare Go caches
-        run: |
-          echo "GOMODCACHE=$RUNNER_TEMP/gomod" >> $GITHUB_ENV
-          echo "GOCACHE=$RUNNER_TEMP/gocache" >> $GITHUB_ENV
-          go clean -cache -modcache -testcache -fuzzcache
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
-        with:
-          distribution: goreleaser
-          version: '~> v2'
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  docker-release:
-    name: Docker Release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      issues: write
-    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && needs.tag-release.outputs.new-release-published == 'true'
-    needs: [ tag-release ]
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: -1
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20

      - name: Fetch Previous version
        id: get-previous-tag
        uses: actions-ecosystem/action-get-latest-tag@v1.6.0

+      - name: Release
+        run: yarn global add semantic-release@17.4.4 && semantic-release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Fetch Current version
+        id: get-current-tag
+        uses: actions-ecosystem/action-get-latest-tag@v1.6.0
+
      - name: Decide Should_Push Or Not
        id: should_push
        run: |
          old_version=${{steps.get-previous-tag.outputs.tag}}
-          new_version=${{ needs.tag-release.outputs.new-release-version }}
+          new_version=${{steps.get-current-tag.outputs.tag }}

          old_array=(${old_version//\./ })
          new_array=(${new_version//\./ })
@@ -279,7 +196,7 @@ jobs:
          target: STANDARD
          platforms: linux/amd64,linux/arm64
          push: true
-          tags: casbin/casdoor:${{ needs.tag-release.outputs.new-release-version }},casbin/casdoor:latest
+          tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest

      - name: Push All In One Version to Docker Hub
        uses: docker/build-push-action@v3
@@ -289,7 +206,7 @@ jobs:
          target: ALLINONE
          platforms: linux/amd64,linux/arm64
          push: true
-          tags: casbin/casdoor-all-in-one:${{ needs.tag-release.outputs.new-release-version }},casbin/casdoor-all-in-one:latest
+          tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest

      - uses: actions/checkout@v3
        if: steps.should_push.outputs.push=='true'
@@ -302,8 +219,8 @@ jobs:
        if: steps.should_push.outputs.push=='true'
        run: |
          # Set the appVersion and version of the chart to the current tag
-          sed -i "s/appVersion: .*/appVersion: ${{ needs.tag-release.outputs.new-release-version }}/g" ./charts/casdoor/Chart.yaml
-          sed -i "s/version: .*/version: ${{ needs.tag-release.outputs.new-release-version }}/g" ./charts/casdoor/Chart.yaml
+          sed -i "s/appVersion: .*/appVersion: ${{steps.get-current-tag.outputs.tag }}/g" ./charts/casdoor/Chart.yaml
+          sed -i "s/version: .*/version: ${{steps.get-current-tag.outputs.tag }}/g" ./charts/casdoor/Chart.yaml

          REGISTRY=oci://registry-1.docker.io/casbin
          cd charts/casdoor
@@ -317,6 +234,6 @@ jobs:
          git config --global user.name "casbin-bot"
          git config --global user.email "bot@casbin.org"
          git add Chart.yaml index.yaml
-          git commit -m "chore(helm): bump helm charts appVersion to ${{ needs.tag-release.outputs.new-release-version }}"
-          git tag ${{ needs.tag-release.outputs.new-release-version }}
+          git commit -m "chore(helm): bump helm charts appVersion to ${{steps.get-current-tag.outputs.tag }}"
+          git tag ${{steps.get-current-tag.outputs.tag }}
          git push origin HEAD:master --follow-tags
--- a/.gitignore
+++ b/.gitignore
@@ -5,7 +5,6 @@
 *.so
 *.dylib
 *.swp
-server_*

 # Test binary, built with `go test -c`
 *.test
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,55 +0,0 @@
-# This is an example .goreleaser.yml file with some sensible defaults.
-# Make sure to check the documentation at https://goreleaser.com
-
-# The lines below are called `modelines`. See `:help modeline`
-# Feel free to remove those if you don't want/need to use them.
-# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
-# vim: set ts=2 sw=2 tw=0 fo=cnqoj
-
-version: 2
-
-before:
-  hooks:
-    # You may remove this if you don't use go modules.
-    - go mod tidy
-    # you may remove this if you don't need go generate
-    #- go generate ./...
-    - go test -v -run TestGetVersionInfo ./util/system_test.go ./util/system.go ./util/variable.go
-
-builds:
-  - env:
-      - CGO_ENABLED=0
-    goos:
-      - linux
-      - windows
-      - darwin
-    goarch:
-      - amd64
-      - arm64
-
-archives:
-  - format: tar.gz
-    # this name template makes the OS and Arch compatible with the results of `uname`.
-    name_template: >-
-      {{ .ProjectName }}_
-      {{- title .Os }}_
-      {{- if eq .Arch "amd64" }}x86_64
-      {{- else if eq .Arch "386" }}i386
-      {{- else }}{{ .Arch }}{{ end }}
-      {{- if .Arm }}v{{ .Arm }}{{ end }}
-    # use zip for windows archives
-    format_overrides:
-      - goos: windows
-        format: zip
-    files:
-      - src: 'web/build'
-        dst: './web/build'
-      - src: 'conf/app.conf'
-        dst: './conf/app.conf'
-
-changelog:
-  sort: asc
-  filters:
-    exclude:
-      - "^docs:"
-      - "^test:"
--- a/34
+++ b/34
@@ -1,26 +1,14 @@
 FROM --platform=$BUILDPLATFORM node:18.19.0 AS FRONT
 WORKDIR /web
-
-# Copy only dependency files first for better caching
-COPY ./web/package.json ./web/yarn.lock ./
-RUN yarn install --frozen-lockfile --network-timeout 1000000
-
-# Copy source files and build
 COPY ./web .
-RUN NODE_OPTIONS="--max-old-space-size=4096" yarn run build
+RUN yarn install --frozen-lockfile --network-timeout 1000000 && NODE_OPTIONS="--max-old-space-size=4096" yarn run build

-FROM --platform=$BUILDPLATFORM golang:1.23.12 AS BACK
+
+FROM --platform=$BUILDPLATFORM golang:1.21.13 AS BACK
 WORKDIR /go/src/casdoor
-
-# Copy only go.mod and go.sum first for dependency caching
-COPY go.mod go.sum ./
-RUN go mod download
-
-# Copy source files
 COPY . .
-
-RUN go test -v -run TestGetVersionInfo ./util/system_test.go ./util/system.go ./util/variable.go
 RUN ./build.sh
+RUN go test -v -run TestGetVersionInfo ./util/system_test.go ./util/system.go > version_info.txt

 FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
@@ -46,25 +34,35 @@ WORKDIR /
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build

 ENTRYPOINT ["/server"]


-FROM debian:latest AS ALLINONE
+FROM debian:latest AS db
+RUN apt update \
+    && apt install -y \
+        mariadb-server \
+        mariadb-client \
+    && rm -rf /var/lib/apt/lists/*
+
+
+FROM db AS ALLINONE
 LABEL MAINTAINER="https://casdoor.org/"
 ARG TARGETOS
 ARG TARGETARCH
 ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"

 RUN apt update
-RUN apt install -y ca-certificates lsof && update-ca-certificates
+RUN apt install -y ca-certificates && update-ca-certificates

 WORKDIR /
 COPY --from=BACK /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK /go/src/casdoor/swagger ./swagger
 COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
+COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build

 ENTRYPOINT ["/bin/bash"]
--- a/README.md
+++ b/README.md
@@ -1,88 +1,102 @@
-<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
-<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
-<p align="center">
-  <a href="#badge">
-    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
-    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/releases/latest">
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
-  </a>
-  <a href="https://hub.docker.com/r/casbin/casdoor">
-    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
-  </a>
-</p>
-
-<p align="center">
-  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
-    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
-    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/issues">
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="#">
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://github.com/casdoor/casdoor/network">
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
-  </a>
-  <a href="https://crowdin.com/project/casdoor-site">
-    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
-  </a>
-  <a href="https://discord.gg/5rPsrAzK7S">
-    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
-  </a>
-</p>
-
-## Online demo
-
- Read-only site: https://door.casdoor.com (any modification operation will fail)
- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
-
-## Documentation
-
-https://casdoor.org
-
-## Install
-
- By source code: https://casdoor.org/docs/basic/server-installation
- By Docker: https://casdoor.org/docs/basic/try-with-docker
- By Kubernetes Helm: https://casdoor.org/docs/basic/try-with-helm
-
-## How to connect to Casdoor?
-
-https://casdoor.org/docs/how-to-connect/overview
-
-## Casdoor Public API
-
- Docs: https://casdoor.org/docs/basic/public-api
- Swagger: https://door.casdoor.com/swagger
-
-## Integrations
-
-https://casdoor.org/docs/category/integrations
-
-## How to contact?
-
- Discord: https://discord.gg/5rPsrAzK7S
- Contact: https://casdoor.org/help
-
-## Contribute
-
-For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
-
-### I18n translation
-
-If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
-
-## License
-
-[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
+<h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
+<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
+<p align="center">
+  <a href="#badge">
+    <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
+  </a>
+  <a href="https://hub.docker.com/r/casbin/casdoor">
+    <img alt="docker pull casbin/casdoor" src="https://img.shields.io/docker/pulls/casbin/casdoor.svg">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/actions/workflows/build.yml">
+    <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/releases/latest">
+    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
+  </a>
+  <a href="https://hub.docker.com/r/casbin/casdoor">
+    <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://goreportcard.com/report/github.com/casdoor/casdoor">
+    <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
+    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/issues">
+    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="#">
+    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://github.com/casdoor/casdoor/network">
+    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
+  </a>
+  <a href="https://crowdin.com/project/casdoor-site">
+    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
+  </a>
+  <a href="https://discord.gg/5rPsrAzK7S">
+    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
+  </a>
+</p>
+
+<p align="center">
+  <sup>Sponsored by</sup>
+  <br>
+  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="https://cdn.casbin.org/img/stytch-white.png">
+      <source media="(prefers-color-scheme: light)" srcset="https://cdn.casbin.org/img/stytch-charcoal.png">
+      <img src="https://cdn.casbin.org/img/stytch-charcoal.png" width="275">
+    </picture>
+  </a><br/>
+  <a href="https://stytch.com/docs?utm_source=oss-sponsorship&utm_medium=paid_sponsorship&utm_campaign=casbin"><b>Build auth with fraud prevention, faster.</b><br/> Try Stytch for API-first authentication, user & org management, multi-tenant SSO, MFA, device fingerprinting, and more.</a>
+  <br>
+</p>
+
+## Online demo
+
+- Read-only site: https://door.casdoor.com (any modification operation will fail)
+- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)
+
+## Documentation
+
+https://casdoor.org
+
+## Install
+
+- By source code: https://casdoor.org/docs/basic/server-installation
+- By Docker: https://casdoor.org/docs/basic/try-with-docker
+- By Kubernetes Helm: https://casdoor.org/docs/basic/try-with-helm
+
+## How to connect to Casdoor?
+
+https://casdoor.org/docs/how-to-connect/overview
+
+## Casdoor Public API
+
+- Docs: https://casdoor.org/docs/basic/public-api
+- Swagger: https://door.casdoor.com/swagger
+
+## Integrations
+
+https://casdoor.org/docs/category/integrations
+
+## How to contact?
+
+- Discord: https://discord.gg/5rPsrAzK7S
+- Contact: https://casdoor.org/help
+
+## Contribute
+
+For casdoor, if you have any questions, you can give Issues, or you can also directly start Pull Requests(but we recommend giving issues first to communicate with the community).
+
+### I18n translation
+
+If you are contributing to casdoor, please note that we use [Crowdin](https://crowdin.com/project/casdoor-site) as translating platform and i18next as translating tool. When you add some words using i18next in the `web/` directory, please remember to add what you have added to the `web/src/locales/en/data.json` file.
+
+## License
+
+[Apache-2.0](https://github.com/casdoor/casdoor/blob/master/LICENSE)
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -46,8 +46,6 @@ p, *, *, POST, /api/login, *, *
 p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
-p, *, *, POST, /api/sso-logout, *, *
-p, *, *, GET, /api/sso-logout, *, *
 p, *, *, POST, /api/callback, *, *
 p, *, *, POST, /api/device-auth, *, *
 p, *, *, GET, /api/get-account, *, *
@@ -63,20 +61,14 @@ p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-organization-applications, *, *
 p, *, *, GET, /api/get-user, *, *
 p, *, *, GET, /api/get-user-application, *, *
-p, *, *, POST, /api/upload-users, *, *
 p, *, *, GET, /api/get-resources, *, *
 p, *, *, GET, /api/get-records, *, *
 p, *, *, GET, /api/get-product, *, *
-p, *, *, GET, /api/get-order, *, *
-p, *, *, GET, /api/get-orders, *, *
-p, *, *, GET, /api/get-user-orders, *, *
+p, *, *, POST, /api/buy-product, *, *
 p, *, *, GET, /api/get-payment, *, *
 p, *, *, POST, /api/update-payment, *, *
 p, *, *, POST, /api/invoice-payment, *, *
 p, *, *, POST, /api/notify-payment, *, *
-p, *, *, POST, /api/place-order, *, *
-p, *, *, POST, /api/cancel-order, *, *
-p, *, *, POST, /api/pay-order, *, *
 p, *, *, POST, /api/unlink, *, *
 p, *, *, POST, /api/set-password, *, *
 p, *, *, POST, /api/send-verification-code, *, *
@@ -88,9 +80,6 @@ p, *, *, POST, /api/upload-resource, *, *
 p, *, *, GET, /.well-known/openid-configuration, *, *
 p, *, *, GET, /.well-known/webfinger, *, *
 p, *, *, *, /.well-known/jwks, *, *
-p, *, *, GET, /.well-known/:application/openid-configuration, *, *
-p, *, *, GET, /.well-known/:application/webfinger, *, *
-p, *, *, *, /.well-known/:application/jwks, *, *
 p, *, *, GET, /api/get-saml-login, *, *
 p, *, *, POST, /api/acs, *, *
 p, *, *, GET, /api/saml/metadata, *, *
@@ -105,8 +94,6 @@ p, *, *, *, /api/metrics, *, *
 p, *, *, GET, /api/get-pricing, *, *
 p, *, *, GET, /api/get-plan, *, *
 p, *, *, GET, /api/get-subscription, *, *
-p, *, *, GET, /api/get-transactions, *, *
-p, *, *, GET, /api/get-transaction, *, *
 p, *, *, GET, /api/get-provider, *, *
 p, *, *, GET, /api/get-organization-names, *, *
 p, *, *, GET, /api/get-all-objects, *, *
@@ -135,15 +122,7 @@ p, *, *, GET, /api/faceid-signin-begin, *, *
 	}
 }

-func IsAllowed(subOwner string, subName string, method string, urlPath string, objOwner string, objName string, extraInfo map[string]interface{}) bool {
-	if urlPath == "/api/mcp" {
-		if detailPath, ok := extraInfo["detailPathUrl"].(string); ok {
-			if detailPath == "initialize" || detailPath == "notifications/initialized" || detailPath == "ping" || detailPath == "tools/list" {
-				return true
-			}
-		}
-	}
-
+func IsAllowed(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if conf.IsDemoMode() {
 		if !isAllowedInDemoMode(subOwner, subName, method, urlPath, objOwner, objName) {
 			return false
@@ -164,10 +143,6 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 			return false
 		}

-		if user.IsGlobalAdmin() {
-			return true
-		}
-
 		if user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 			return true
 		}
@@ -178,19 +153,12 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		panic(err)
 	}

-	if !res {
-		res, err = object.CheckApiPermission(util.GetId(subOwner, subName), objOwner, urlPath, method)
-		if err != nil {
-			panic(err)
-		}
-	}
-
 	return res
 }

 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
-		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/sso-logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" || urlPath == "/api/verify-code" || urlPath == "/api/check-user-password" || strings.HasPrefix(urlPath, "/api/mfa/") || urlPath == "/api/webhook" || urlPath == "/api/get-qrcode" || urlPath == "/api/refresh-engines" {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" || urlPath == "/api/verify-code" || urlPath == "/api/check-user-password" || strings.HasPrefix(urlPath, "/api/mfa/") || urlPath == "/api/webhook" || urlPath == "/api/get-qrcode" || urlPath == "/api/refresh-engines" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information
@@ -198,7 +166,7 @@ func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath
 				return true
 			}
 			return false
-		} else if urlPath == "/api/upload-resource" || urlPath == "/api/add-transaction" {
+		} else if urlPath == "/api/upload-resource" {
 			if subOwner == "app" && subName == "app-casibase" {
 				return true
 			}
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -21,7 +21,7 @@ import (
 	"strconv"
 	"strings"

-	"github.com/beego/beego/v2/server/web"
+	"github.com/beego/beego"
 )

 func init() {
@@ -29,7 +29,7 @@ func init() {
 	presetConfigItems := []string{"httpport", "appname"}
 	for _, key := range presetConfigItems {
 		if value, ok := os.LookupEnv(key); ok {
-			err := web.AppConfig.Set(key, value)
+			err := beego.AppConfig.Set(key, value)
 			if err != nil {
 				panic(err)
 			}
@@ -42,13 +42,12 @@ func GetConfigString(key string) string {
 		return value
 	}

-	res, _ := web.AppConfig.String(key)
+	res := beego.AppConfig.String(key)
 	if res == "" {
 		if key == "staticBaseUrl" {
 			res = "https://cdn.casbin.org"
 		} else if key == "logConfig" {
-			appname, _ := web.AppConfig.String("appname")
-			res = fmt.Sprintf("{\"filename\": \"logs/%s.log\", \"maxdays\":99999, \"perm\":\"0770\"}", appname)
+			res = fmt.Sprintf("{\"filename\": \"logs/%s.log\", \"maxdays\":99999, \"perm\":\"0770\"}", beego.AppConfig.String("appname"))
 		}
 	}

@@ -67,11 +66,7 @@ func GetConfigBool(key string) bool {
 func GetConfigInt64(key string) (int64, error) {
 	value := GetConfigString(key)
 	num, err := strconv.ParseInt(value, 10, 64)
-	if err != nil {
-		return 0, fmt.Errorf("GetConfigInt64(%s) error, %s", key, err.Error())
-	}
-
-	return num, nil
+	return num, err
 }

 func GetConfigDataSourceName() string {
--- a/conf/conf_quota.go
+++ b/conf/conf_quota.go
@@ -17,7 +17,7 @@ package conf
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/server/web"
+	"github.com/beego/beego"
 )

 type Quota struct {
@@ -34,7 +34,7 @@ func init() {
 }

 func initQuota() {
-	res, _ := web.AppConfig.String("quota")
+	res := beego.AppConfig.String("quota")
 	if res != "" {
 		err := json.Unmarshal([]byte(res), quota)
 		if err != nil {
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@@ -18,7 +18,7 @@ import (
 	"os"
 	"testing"

-	"github.com/beego/beego/v2/server/web"
+	"github.com/beego/beego"
 	"github.com/stretchr/testify/assert"
 )

@@ -38,7 +38,7 @@ func TestGetConfString(t *testing.T) {
 	os.Setenv("appname", "casbin")
 	os.Setenv("key", "value")

-	err := web.LoadAppConfig("ini", "app.conf")
+	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)

 	for _, scenery := range scenarios {
@@ -62,7 +62,7 @@ func TestGetConfInt(t *testing.T) {
 	// do some set up job
 	os.Setenv("httpport", "8001")

-	err := web.LoadAppConfig("ini", "app.conf")
+	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)

 	for _, scenery := range scenarios {
@@ -83,7 +83,7 @@ func TestGetConfBool(t *testing.T) {
 		{"Should be return false", "copyrequestbody", true},
 	}

-	err := web.LoadAppConfig("ini", "app.conf")
+	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
@@ -102,7 +102,7 @@ func TestGetConfigQuota(t *testing.T) {
 		{"default", &Quota{-1, -1, -1, -1}},
 	}

-	err := web.LoadAppConfig("ini", "app.conf")
+	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		quota := GetConfigQuota()
@@ -118,7 +118,7 @@ func TestGetConfigLogs(t *testing.T) {
 		{"Default log config", `{"adapter":"file", "filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
 	}

-	err := web.LoadAppConfig("ini", "app.conf")
+	err := beego.LoadAppConfig("ini", "app.conf")
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		quota := GetConfigString("logConfig")
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -15,7 +15,6 @@
 package controllers

 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -43,7 +42,6 @@ type Response struct {
 	Name   string      `json:"name"`
 	Data   interface{} `json:"data"`
 	Data2  interface{} `json:"data2"`
-	Data3  interface{} `json:"data3"`
 }

 type Captcha struct {
@@ -81,6 +79,11 @@ type LaravelResponse struct {
 // @Success 200 {object} controllers.Response The Response object
 // @router /signup [post]
 func (c *ApiController) Signup() {
+	if c.GetSessionUsername() != "" {
+		c.ResponseError(c.T("account:Please sign out first"), c.GetSessionUsername())
+		return
+	}
+
 	var authForm form.AuthForm
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
 	if err != nil {
@@ -193,7 +196,7 @@ func (c *ApiController) Signup() {

 	userType := "normal-user"
 	if authForm.Plan != "" && authForm.Pricing != "" {
-		err = object.CheckPricingAndPlan(authForm.Organization, authForm.Pricing, authForm.Plan, c.GetAcceptLanguage())
+		err = object.CheckPricingAndPlan(authForm.Organization, authForm.Pricing, authForm.Plan)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -214,7 +217,7 @@ func (c *ApiController) Signup() {
 		Tag:               authForm.Tag,
 		Education:         authForm.Education,
 		Avatar:            organization.DefaultAvatar,
-		Email:             strings.ToLower(authForm.Email),
+		Email:             authForm.Email,
 		Phone:             authForm.Phone,
 		CountryCode:       authForm.CountryCode,
 		Address:           []string{},
@@ -231,8 +234,6 @@ func (c *ApiController) Signup() {
 		Invitation:        invitationName,
 		InvitationCode:    authForm.InvitationCode,
 		EmailVerified:     userEmailVerified,
-		RegisterType:      "Application Signup",
-		RegisterSource:    fmt.Sprintf("%s/%s", authForm.Organization, application.Name),
 	}

 	if len(organization.Tags) > 0 {
@@ -284,10 +285,9 @@ func (c *ApiController) Signup() {
 		}
 	}

-	if user.Type == "normal-user" {
+	if application.HasPromptPage() && user.Type == "normal-user" {
+		// The prompt page needs the user to be signed in
 		c.SetSessionUsername(user.GetId())
-	} else if user.Type == "paid-user" {
-		c.SetSession("paidUsername", user.GetId())
 	}

 	if authForm.Email != "" {
@@ -326,9 +326,9 @@ func (c *ApiController) Signup() {
 // @router /logout [post]
 func (c *ApiController) Logout() {
 	// https://openid.net/specs/openid-connect-rpinitiated-1_0-final.html
-	accessToken := c.GetString("id_token_hint")
-	redirectUri := c.GetString("post_logout_redirect_uri")
-	state := c.GetString("state")
+	accessToken := c.Input().Get("id_token_hint")
+	redirectUri := c.Input().Get("post_logout_redirect_uri")
+	state := c.Input().Get("state")

 	user := c.GetSessionUsername()

@@ -341,12 +341,8 @@ func (c *ApiController) Logout() {

 		c.ClearUserSession()
 		c.ClearTokenSession()
-		owner, username, err := util.GetOwnerAndNameFromIdWithError(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID(context.Background()))
+		owner, username := util.GetOwnerAndNameFromId(user)
+		_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -393,13 +389,9 @@ func (c *ApiController) Logout() {
 		c.ClearUserSession()
 		c.ClearTokenSession()
 		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-		owner, username, err := util.GetOwnerAndNameFromIdWithError(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		owner, username := util.GetOwnerAndNameFromId(user)

-		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID(context.Background()))
+		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -429,108 +421,6 @@ func (c *ApiController) Logout() {
 	}
 }

-// SsoLogout
-// @Title SsoLogout
-// @Tag Login API
-// @Description logout the current user from all applications or current session only
-// @Param   logoutAll   query    string  false     "Whether to logout from all sessions. Accepted values: 'true', '1', or empty (default: true). Any other value means false."
-// @Success 200 {object} controllers.Response The Response object
-// @router /sso-logout [get,post]
-func (c *ApiController) SsoLogout() {
-	user := c.GetSessionUsername()
-
-	if user == "" {
-		c.ResponseOk()
-		return
-	}
-
-	// Check if user wants to logout from all sessions or just current session
-	// Default is true for backward compatibility
-	logoutAll := c.Ctx.Input.Query("logoutAll")
-	logoutAllSessions := logoutAll == "" || logoutAll == "true" || logoutAll == "1"
-
-	c.ClearUserSession()
-	c.ClearTokenSession()
-	owner, username, err := util.GetOwnerAndNameFromIdWithError(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	currentSessionId := c.Ctx.Input.CruSession.SessionID(context.Background())
-	_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), currentSessionId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var tokens []*object.Token
-	var sessionIds []string
-
-	// Get tokens for notification (needed for both session-level and full logout)
-	// This enables subsystems to identify and invalidate corresponding access tokens
-	// Note: Tokens must be retrieved BEFORE expiration to include their hashes in the notification
-	tokens, err = object.GetTokensByUser(owner, username)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if logoutAllSessions {
-		// Logout from all sessions: expire all tokens and delete all sessions
-		_, err = object.ExpireTokenByUser(owner, username)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		sessions, err := object.GetUserSessions(owner, username)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		for _, session := range sessions {
-			sessionIds = append(sessionIds, session.SessionId...)
-		}
-		object.DeleteBeegoSession(sessionIds)
-
-		_, err = object.DeleteAllUserSessions(owner, username)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		util.LogInfo(c.Ctx, "API: [%s] logged out from all applications", user)
-	} else {
-		// Logout from current session only
-		sessionIds = []string{currentSessionId}
-
-		// Only delete the current session's Beego session
-		object.DeleteBeegoSession(sessionIds)
-
-		util.LogInfo(c.Ctx, "API: [%s] logged out from current session", user)
-	}
-
-	// Send SSO logout notifications to all notification providers in the user's signup application
-	// Now includes session-level information for targeted logout
-	userObj, err := object.GetUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if userObj != nil {
-		err = object.SendSsoLogoutNotifications(userObj, sessionIds, tokens)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	c.ResponseOk()
-}
-
 // GetAccount
 // @Title GetAccount
 // @Tag Account API
@@ -544,7 +434,7 @@ func (c *ApiController) GetAccount() {
 		return
 	}

-	managedAccounts := c.Ctx.Input.Query("managedAccounts")
+	managedAccounts := c.Input().Get("managedAccounts")
 	if managedAccounts == "1" {
 		user, err = object.ExtendManagedAccountsWithUser(user)
 		if err != nil {
@@ -662,8 +552,8 @@ func (c *ApiController) GetUserinfo2() {
 // @router /get-captcha [get]
 // @Success 200 {object} object.Userinfo The Response object
 func (c *ApiController) GetCaptcha() {
-	applicationId := c.Ctx.Input.Query("applicationId")
-	isCurrentProvider := c.Ctx.Input.Query("isCurrentProvider")
+	applicationId := c.Input().Get("applicationId")
+	isCurrentProvider := c.Input().Get("isCurrentProvider")

 	captchaProvider, err := object.GetCaptchaProviderByApplication(applicationId, isCurrentProvider, c.GetAcceptLanguage())
 	if err != nil {
--- a/controllers/adapter.go
+++ b/controllers/adapter.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +30,13 @@ import (
 // @Success 200 {array} object.Adapter The Response object
 // @router /get-adapters [get]
 func (c *ApiController) GetAdapters() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		adapters, err := object.GetAdapters(owner)
@@ -54,7 +54,7 @@ func (c *ApiController) GetAdapters() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		adapters, err := object.GetPaginationAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -73,7 +73,7 @@ func (c *ApiController) GetAdapters() {
 // @Success 200 {object} object.Adapter The Response object
 // @router /get-adapter [get]
 func (c *ApiController) GetAdapter() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	adapter, err := object.GetAdapter(id)
 	if err != nil {
@@ -93,7 +93,7 @@ func (c *ApiController) GetAdapter() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-adapter [post]
 func (c *ApiController) UpdateAdapter() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var adapter object.Adapter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
--- a/controllers/application.go
+++ b/controllers/application.go
@@ -18,7 +18,7 @@ import (
 	"encoding/json"
 	"fmt"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -32,14 +32,14 @@ import (
 // @router /get-applications [get]
 func (c *ApiController) GetApplications() {
 	userId := c.GetSessionUsername()
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-	organization := c.Ctx.Input.Query("organization")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	var err error
 	if limit == "" || page == "" {
 		var applications []*object.Application
@@ -61,7 +61,7 @@ func (c *ApiController) GetApplications() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		application, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -82,7 +82,7 @@ func (c *ApiController) GetApplications() {
 // @router /get-application [get]
 func (c *ApiController) GetApplication() {
 	userId := c.GetSessionUsername()
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	application, err := object.GetApplication(id)
 	if err != nil {
@@ -90,7 +90,7 @@ func (c *ApiController) GetApplication() {
 		return
 	}

-	if c.Ctx.Input.Query("withKey") != "" && application != nil && application.Cert != "" {
+	if c.Input().Get("withKey") != "" && application != nil && application.Cert != "" {
 		cert, err := object.GetCert(util.GetId(application.Owner, application.Cert))
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -125,7 +125,7 @@ func (c *ApiController) GetApplication() {
 // @router /get-user-application [get]
 func (c *ApiController) GetUserApplication() {
 	userId := c.GetSessionUsername()
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	user, err := object.GetUser(id)
 	if err != nil {
@@ -159,14 +159,14 @@ func (c *ApiController) GetUserApplication() {
 // @router /get-organization-applications [get]
 func (c *ApiController) GetOrganizationApplications() {
 	userId := c.GetSessionUsername()
-	organization := c.Ctx.Input.Query("organization")
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	organization := c.Input().Get("organization")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if organization == "" {
 		c.ResponseError(c.T("general:Missing parameter") + ": organization")
@@ -196,7 +196,7 @@ func (c *ApiController) GetOrganizationApplications() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		applications, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -223,7 +223,7 @@ func (c *ApiController) GetOrganizationApplications() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-application [post]
 func (c *ApiController) UpdateApplication() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var application object.Application
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &application)
@@ -237,7 +237,7 @@ func (c *ApiController) UpdateApplication() {
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application, c.IsGlobalAdmin(), c.GetAcceptLanguage()))
+	c.Data["json"] = wrapActionResponse(object.UpdateApplication(id, &application))
 	c.ServeJSON()
 }

--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -15,7 +15,6 @@
 package controllers

 import (
-	"context"
 	"encoding/base64"
 	"encoding/json"
 	"encoding/xml"
@@ -28,7 +27,6 @@ import (
 	"strings"
 	"time"

-	"github.com/beego/beego/v2/server/web"
 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/form"
@@ -63,11 +61,6 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		return
 	}

-	if user.IsDeleted {
-		c.ResponseError(c.T("check:The user has been deleted and cannot be used to sign in, please contact the administrator"))
-		return
-	}
-
 	userId := user.GetId()

 	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
@@ -77,16 +70,6 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		return
 	}

-	if application.DisableSignin {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s has disabled users to signin"), application.Name))
-		return
-	}
-
-	if application.OrganizationObj != nil && application.OrganizationObj.DisableSignin {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The organization: %s has disabled users to signin"), application.Organization))
-		return
-	}
-
 	allowed, err := object.CheckLoginPermission(userId, application)
 	if err != nil {
 		c.ResponseError(err.Error(), nil)
@@ -100,8 +83,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	// check user's tag
 	if !user.IsGlobalAdmin() && !user.IsAdmin && len(application.Tags) > 0 {
 		// only users with the tag that is listed in the application tags can login
-		// supports comma-separated tags in user.Tag (e.g., "default-policy,project-admin")
-		if !util.HasTagInSlice(application.Tags, user.Tag) {
+		if !util.InSlice(application.Tags, user.Tag) {
 			c.ResponseError(fmt.Sprintf(c.T("auth:User's tag: %s is not listed in the application's tags"), user.Tag))
 			return
 		}
@@ -139,7 +121,6 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 				c.ResponseError(fmt.Sprintf(c.T("auth:paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"), user.Name, application.Name))
 				return
 			} else {
-				c.SetSession("paidUsername", user.GetId())
 				// let the paid-user select plan
 				c.ResponseOk("SelectPlan", pricing)
 				return
@@ -151,29 +132,29 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	if form.Type == ResponseTypeLogin {
 		c.SetSessionUsername(userId)
 		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
-		resp = &Response{Status: "ok", Msg: "", Data: userId, Data3: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeCode {
-		clientId := c.Ctx.Input.Query("clientId")
-		responseType := c.Ctx.Input.Query("responseType")
-		redirectUri := c.Ctx.Input.Query("redirectUri")
-		scope := c.Ctx.Input.Query("scope")
-		state := c.Ctx.Input.Query("state")
-		nonce := c.Ctx.Input.Query("nonce")
-		challengeMethod := c.Ctx.Input.Query("code_challenge_method")
-		codeChallenge := c.Ctx.Input.Query("code_challenge")
+		clientId := c.Input().Get("clientId")
+		responseType := c.Input().Get("responseType")
+		redirectUri := c.Input().Get("redirectUri")
+		scope := c.Input().Get("scope")
+		state := c.Input().Get("state")
+		nonce := c.Input().Get("nonce")
+		challengeMethod := c.Input().Get("code_challenge_method")
+		codeChallenge := c.Input().Get("code_challenge")

 		if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
 			c.ResponseError(c.T("auth:Challenge method should be S256"))
 			return
 		}
-		code, err := object.GetOAuthCode(userId, clientId, form.Provider, form.SigninMethod, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
+		code, err := object.GetOAuthCode(userId, clientId, form.Provider, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
 			return
 		}

 		resp = codeToResponse(code)
-		resp.Data3 = user.NeedUpdatePassword
+		resp.Data2 = user.NeedUpdatePassword
 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
 			c.SetSessionUsername(userId)
@@ -182,12 +163,12 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		if !object.IsGrantTypeValid(form.Type, application.GrantTypes) {
 			resp = &Response{Status: "error", Msg: fmt.Sprintf("error: grant_type: %s is not supported in this application", form.Type), Data: ""}
 		} else {
-			scope := c.Ctx.Input.Query("scope")
-			nonce := c.Ctx.Input.Query("nonce")
+			scope := c.Input().Get("scope")
+			nonce := c.Input().Get("nonce")
 			token, _ := object.GetTokenByUser(application, user, scope, nonce, c.Ctx.Request.Host)
 			resp = tokenToResponse(token)

-			resp.Data3 = user.NeedUpdatePassword
+			resp.Data2 = user.NeedUpdatePassword
 		}
 	} else if form.Type == ResponseTypeDevice {
 		authCache, ok := object.DeviceAuthMap.LoadAndDelete(form.UserCode)
@@ -214,14 +195,14 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob

 		object.DeviceAuthMap.Store(authCacheCast.UserName, deviceAuthCacheDeviceCodeCast)

-		resp = &Response{Status: "ok", Msg: "", Data: userId, Data3: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: userId, Data2: user.NeedUpdatePassword}
 	} else if form.Type == ResponseTypeSaml { // saml flow
 		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
 			return
 		}
-		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]interface{}{"redirectUrl": redirectUrl, "method": method}, Data3: user.NeedUpdatePassword}
+		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]interface{}{"redirectUrl": redirectUrl, "method": method, "needUpdatePassword": user.NeedUpdatePassword}}

 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
@@ -229,7 +210,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		}
 	} else if form.Type == ResponseTypeCas {
 		// not oauth but CAS SSO protocol
-		service := c.Ctx.Input.Query("service")
+		service := c.Input().Get("service")
 		resp = wrapErrorResponse(nil)
 		if service != "" {
 			st, err := object.GenerateCasToken(userId, service)
@@ -248,36 +229,9 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		resp = wrapErrorResponse(fmt.Errorf("unknown response type: %s", form.Type))
 	}

-	// For all successful logins, set the session expiration; if auto signin is not checked, cap it at 24 hours.
-	if resp.Status == "ok" {
-		expireInHours := application.CookieExpireInHours
-
-		if expireInHours == 0 {
-			expireInHours = 720
-		}
-
-		if !form.AutoSignin && expireInHours > 24 {
-			expireInHours = 24
-		}
-		c.setExpireForSession(expireInHours)
-	}
-
-	if application.EnableExclusiveSignin {
-		sessions, err := object.GetUserAppSessions(user.Owner, user.Name, application.Name)
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
-
-		for _, session := range sessions {
-			for _, sid := range session.SessionId {
-				err := web.GlobalSessions.GetProvider().SessionDestroy(context.Background(), sid)
-				if err != nil {
-					c.ResponseError(err.Error(), nil)
-					return
-				}
-			}
-		}
+	// if user did not check auto signin
+	if resp.Status == "ok" && !form.AutoSignin {
+		c.setExpireForSession()
 	}

 	if resp.Status == "ok" {
@@ -285,9 +239,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			Owner:       user.Owner,
 			Name:        user.Name,
 			Application: application.Name,
-			SessionId:   []string{c.Ctx.Input.CruSession.SessionID(context.Background())},
-
-			ExclusiveSignin: application.EnableExclusiveSignin,
+			SessionId:   []string{c.Ctx.Input.CruSession.SessionID()},
 		})
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
@@ -310,14 +262,14 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-app-login [get]
 func (c *ApiController) GetApplicationLogin() {
-	clientId := c.Ctx.Input.Query("clientId")
-	responseType := c.Ctx.Input.Query("responseType")
-	redirectUri := c.Ctx.Input.Query("redirectUri")
-	scope := c.Ctx.Input.Query("scope")
-	state := c.Ctx.Input.Query("state")
-	id := c.Ctx.Input.Query("id")
-	loginType := c.Ctx.Input.Query("type")
-	userCode := c.Ctx.Input.Query("userCode")
+	clientId := c.Input().Get("clientId")
+	responseType := c.Input().Get("responseType")
+	redirectUri := c.Input().Get("redirectUri")
+	scope := c.Input().Get("scope")
+	state := c.Input().Get("state")
+	id := c.Input().Get("id")
+	loginType := c.Input().Get("type")
+	userCode := c.Input().Get("userCode")

 	var application *object.Application
 	var msg string
@@ -403,32 +355,25 @@ func isProxyProviderType(providerType string) bool {

 func checkMfaEnable(c *ApiController, user *object.User, organization *object.Organization, verificationType string) bool {
 	if object.IsNeedPromptMfa(organization, user) {
-		// The prompt page needs the user to be signed in
+		// The prompt page needs the user to be srigned in
 		c.SetSessionUsername(user.GetId())
 		c.ResponseOk(object.RequiredMfa)
 		return true
 	}

 	if user.IsMfaEnabled() {
-		currentTime := util.String2Time(util.GetCurrentTime())
-		mfaRememberDeadline := util.String2Time(user.MfaRememberDeadline)
-		if user.MfaRememberDeadline != "" && mfaRememberDeadline.After(currentTime) {
-			return false
-		}
 		c.setMfaUserSession(user.GetId())
 		mfaList := object.GetAllMfaProps(user, true)
 		mfaAllowList := []*object.MfaProps{}
-		mfaRememberInHours := organization.MfaRememberInHours
 		for _, prop := range mfaList {
 			if prop.MfaType == verificationType || !prop.Enabled {
 				continue
 			}
-			prop.MfaRememberInHours = mfaRememberInHours
 			mfaAllowList = append(mfaAllowList, prop)
 		}
 		if len(mfaAllowList) >= 1 {
 			c.SetSession("verificationCodeType", verificationType)
-			c.Ctx.Input.CruSession.SessionRelease(context.Background(), c.Ctx.ResponseWriter)
+			c.Ctx.Input.CruSession.SessionRelease(c.Ctx.ResponseWriter)
 			c.ResponseOk(object.NextMfa, mfaAllowList)
 			return true
 		}
@@ -465,6 +410,13 @@ func (c *ApiController) Login() {
 	verificationType := ""

 	if authForm.Username != "" {
+		if authForm.Type == ResponseTypeLogin {
+			if c.GetSessionUsername() != "" {
+				c.ResponseError(c.T("account:Please sign out first"), c.GetSessionUsername())
+				return
+			}
+		}
+
 		var user *object.User
 		if authForm.SigninMethod == "Face ID" {
 			if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
@@ -603,11 +555,8 @@ func (c *ApiController) Login() {
 				c.ResponseError(c.T("auth:The login method: login with LDAP is not enabled for the application"))
 				return
 			}
-
-			clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-
 			var enableCaptcha bool
-			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username, clientIp); err != nil {
+			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); err != nil {
 				c.ResponseError(err.Error())
 				return
 			} else if enableCaptcha {
@@ -719,7 +668,6 @@ func (c *ApiController) Login() {
 		}
 		if provider == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s does not exist"), authForm.Provider))
-			return
 		}

 		providerItem := application.GetProviderItem(provider.Name)
@@ -728,7 +676,6 @@ func (c *ApiController) Login() {
 			return
 		}
 		userInfo := &idp.UserInfo{}
-		var token *oauth2.Token
 		if provider.Category == "SAML" {
 			// SAML
 			userInfo, err = object.ParseSamlResponse(authForm.SamlResponse, provider, c.Ctx.Request.Host)
@@ -739,7 +686,6 @@ func (c *ApiController) Login() {
 		} else if provider.Category == "OAuth" || provider.Category == "Web3" {
 			// OAuth
 			idpInfo := object.FromProviderToIdpInfo(c.Ctx, provider)
-			idpInfo.CodeVerifier = authForm.CodeVerifier
 			var idProvider idp.IdProvider
 			idProvider, err = idp.GetIdProvider(idpInfo, authForm.RedirectUri)
 			if err != nil {
@@ -753,13 +699,13 @@ func (c *ApiController) Login() {

 			setHttpClient(idProvider, provider.Type)

-			stateApplicationName := strings.Split(authForm.State, "-org-")[0]
-			if authForm.State != conf.GetConfigString("authState") && stateApplicationName != application.Name {
+			if authForm.State != conf.GetConfigString("authState") && authForm.State != application.Name {
 				c.ResponseError(fmt.Sprintf(c.T("auth:State expected: %s, but got: %s"), conf.GetConfigString("authState"), authForm.State))
 				return
 			}

 			// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
+			var token *oauth2.Token
 			token, err = idProvider.GetToken(authForm.Code)
 			if err != nil {
 				c.ResponseError(err.Error())
@@ -809,7 +755,7 @@ func (c *ApiController) Login() {
 			if user != nil && !user.IsDeleted {
 				// Sign in via OAuth (want to sign up but already have account)
 				// sync info from 3rd-party if possible
-				_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo, token, provider.UserMapping)
+				_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
 				if err != nil {
 					c.ResponseError(err.Error())
 					return
@@ -822,7 +768,7 @@ func (c *ApiController) Login() {
 				resp = c.HandleLoggedIn(application, user, &authForm)

 				c.Ctx.Input.SetParam("recordUserId", user.GetId())
-			} else if provider.Category == "OAuth" || provider.Category == "Web3" || provider.Category == "SAML" {
+			} else if provider.Category == "OAuth" || provider.Category == "Web3" {
 				// Sign up via OAuth
 				if application.EnableLinkWithEmail {
 					if userInfo.Email != "" {
@@ -844,26 +790,14 @@ func (c *ApiController) Login() {
 					}
 				}

-				// Try to find existing user by username (case-insensitive)
-				// This allows OAuth providers (e.g., Wecom) to automatically associate with
-				// existing users when usernames match, particularly useful for enterprise
-				// scenarios where signup is disabled and users already exist in Casdoor
-				if user == nil && userInfo.Username != "" {
-					user, err = object.GetUserByFields(application.Organization, userInfo.Username)
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-				}
-
-				if user == nil {
+				if user == nil || user.IsDeleted {
 					if !application.EnableSignUp {
 						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support"), provider.Type, userInfo.Username, userInfo.DisplayName))
 						return
 					}

 					if !providerItem.CanSignUp {
-						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
+						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
 						return
 					}

@@ -872,11 +806,6 @@ func (c *ApiController) Login() {
 						return
 					}

-					// Handle UseEmailAsUsername for OAuth and Web3
-					if organization.UseEmailAsUsername && userInfo.Email != "" {
-						userInfo.Username = userInfo.Email
-					}
-
 					// Handle username conflicts
 					var tmpUser *object.User
 					tmpUser, err = object.GetUser(util.GetId(application.Organization, userInfo.Username))
@@ -937,12 +866,6 @@ func (c *ApiController) Login() {
 						IsDeleted:         false,
 						SignupApplication: application.Name,
 						Properties:        properties,
-						RegisterType:      "Application Signup",
-						RegisterSource:    fmt.Sprintf("%s/%s", application.Organization, application.Name),
-					}
-
-					if providerItem.SignupGroup != "" {
-						user.Groups = []string{providerItem.SignupGroup}
 					}

 					var affected bool
@@ -956,10 +879,19 @@ func (c *ApiController) Login() {
 						c.ResponseError(fmt.Sprintf(c.T("auth:Failed to create user, user information is invalid: %s"), util.StructToJson(user)))
 						return
 					}
+
+					if providerItem.SignupGroup != "" {
+						user.Groups = []string{providerItem.SignupGroup}
+						_, err = object.UpdateUser(user.GetId(), user, []string{"groups"}, false)
+						if err != nil {
+							c.ResponseError(err.Error())
+							return
+						}
+					}
 				}

 				// sync info from 3rd-party if possible
-				_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo, token, provider.UserMapping)
+				_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
 				if err != nil {
 					c.ResponseError(err.Error())
 					return
@@ -1007,7 +939,7 @@ func (c *ApiController) Login() {
 			}

 			// sync info from 3rd-party if possible
-			_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo, token, provider.UserMapping)
+			_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -1038,28 +970,6 @@ func (c *ApiController) Login() {
 			return
 		}

-		var application *object.Application
-		if authForm.ClientId == "" {
-			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-		} else {
-			application, err = object.GetApplicationByClientId(authForm.ClientId)
-		}
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-			return
-		}
-
-		var organization *object.Organization
-		organization, err = object.GetOrganization(util.GetId("admin", application.Organization))
-		if err != nil {
-			c.ResponseError(c.T(err.Error()))
-		}
-
 		if authForm.Passcode != "" {
 			if authForm.MfaType == c.GetSession("verificationCodeType") {
 				c.ResponseError("Invalid multi-factor authentication type")
@@ -1086,17 +996,6 @@ func (c *ApiController) Login() {
 				}
 			}

-			if authForm.EnableMfaRemember {
-				mfaRememberInSeconds := organization.MfaRememberInHours * 3600
-				currentTime := util.String2Time(util.GetCurrentTime())
-				duration := time.Duration(mfaRememberInSeconds) * time.Second
-				user.MfaRememberDeadline = util.Time2String(currentTime.Add(duration))
-				_, err = object.UpdateUser(user.GetId(), user, []string{"mfa_remember_deadline"}, user.IsAdmin)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-			}
 			c.SetSession("verificationCodeType", "")
 		} else if authForm.RecoveryCode != "" {
 			err = object.MfaRecover(user, authForm.RecoveryCode)
@@ -1109,6 +1008,22 @@ func (c *ApiController) Login() {
 			return
 		}

+		var application *object.Application
+		if authForm.ClientId == "" {
+			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
+		} else {
+			application, err = object.GetApplicationByClientId(authForm.ClientId)
+		}
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		if application == nil {
+			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
+			return
+		}
+
 		resp = c.HandleLoggedIn(application, user, &authForm)
 		c.setMfaUserSession("")

@@ -1159,8 +1074,8 @@ func (c *ApiController) Login() {
 }

 func (c *ApiController) GetSamlLogin() {
-	providerId := c.Ctx.Input.Query("id")
-	relayState := c.Ctx.Input.Query("relayState")
+	providerId := c.Input().Get("id")
+	relayState := c.Input().Get("relayState")
 	authURL, method, err := object.GenerateSamlRequest(providerId, relayState, c.Ctx.Request.Host, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -1170,8 +1085,8 @@ func (c *ApiController) GetSamlLogin() {
 }

 func (c *ApiController) HandleSamlLogin() {
-	relayState := c.Ctx.Input.Query("RelayState")
-	samlResponse := c.Ctx.Input.Query("SAMLResponse")
+	relayState := c.Input().Get("RelayState")
+	samlResponse := c.Input().Get("SAMLResponse")
 	decode, err := base64.StdEncoding.DecodeString(relayState)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -1203,9 +1118,9 @@ func (c *ApiController) HandleOfficialAccountEvent() {
 		c.ResponseError(err.Error())
 		return
 	}
-	signature := c.Ctx.Input.Query("signature")
-	timestamp := c.Ctx.Input.Query("timestamp")
-	nonce := c.Ctx.Input.Query("nonce")
+	signature := c.Input().Get("signature")
+	timestamp := c.Input().Get("timestamp")
+	nonce := c.Input().Get("nonce")
 	var data struct {
 		MsgType      string `xml:"MsgType"`
 		Event        string `xml:"Event"`
@@ -1223,7 +1138,7 @@ func (c *ApiController) HandleOfficialAccountEvent() {
 		return
 	}
 	if data.Ticket == "" {
-		c.ResponseError("empty ticket")
+		c.ResponseError(err.Error())
 		return
 	}

@@ -1233,11 +1148,10 @@ func (c *ApiController) HandleOfficialAccountEvent() {
 		c.ResponseError(err.Error())
 		return
 	}
-	if provider == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s does not exist"), providerId))
+	if data.Ticket == "" {
+		c.ResponseError("empty ticket")
 		return
 	}
-
 	if !idp.VerifyWechatSignature(provider.Content, nonce, timestamp, signature) {
 		c.ResponseError("invalid signature")
 		return
@@ -1263,7 +1177,7 @@ func (c *ApiController) HandleOfficialAccountEvent() {
 // @Param   ticket     query    string  true        "The eventId of QRCode"
 // @Success 200 {object} controllers.Response The Response object
 func (c *ApiController) GetWebhookEventType() {
-	ticket := c.Ctx.Input.Query("ticket")
+	ticket := c.Input().Get("ticket")

 	idp.Lock.RLock()
 	_, ok := idp.WechatCacheMap[ticket]
@@ -1283,17 +1197,12 @@ func (c *ApiController) GetWebhookEventType() {
 // @Param   id     query    string  true        "The id ( owner/name ) of provider"
 // @Success 200 {object} controllers.Response The Response object
 func (c *ApiController) GetQRCode() {
-	providerId := c.Ctx.Input.Query("id")
+	providerId := c.Input().Get("id")
 	provider, err := object.GetProvider(providerId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if provider == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s does not exist"), providerId))
-		return
-	}
-
 	code, ticket, err := idp.GetWechatOfficialAccountQRCode(provider.ClientId2, provider.ClientSecret2, providerId)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -1311,28 +1220,29 @@ func (c *ApiController) GetQRCode() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-captcha-status [get]
 func (c *ApiController) GetCaptchaStatus() {
-	organization := c.Ctx.Input.Query("organization")
-	userId := c.Ctx.Input.Query("userId")
-	applicationName := c.Ctx.Input.Query("application")
-
-	application, err := object.GetApplication(fmt.Sprintf("admin/%s", applicationName))
+	organization := c.Input().Get("organization")
+	userId := c.Input().Get("userId")
+	user, err := object.GetUserByFields(organization, userId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if application == nil {
-		c.ResponseError("application not found")
-		return
+
+	captchaEnabled := false
+	if user != nil {
+		var failedSigninLimit int
+		failedSigninLimit, _, err = object.GetFailedSigninConfigByUser(user)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		if user.SigninWrongTimes >= failedSigninLimit {
+			captchaEnabled = true
+		}
 	}

-	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
-	captchaEnabled, err := object.CheckToEnableCaptcha(application, organization, userId, clientIp)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 	c.ResponseOk(captchaEnabled)
-	return
 }

 // Callback
@@ -1356,8 +1266,8 @@ func (c *ApiController) Callback() {
 // @router /device-auth [post]
 // @Success 200 {object} object.DeviceAuthResponse The Response object
 func (c *ApiController) DeviceAuth() {
-	clientId := c.Ctx.Input.Query("client_id")
-	scope := c.Ctx.Input.Query("scope")
+	clientId := c.Input().Get("client_id")
+	scope := c.Input().Get("scope")
 	application, err := object.GetApplicationByClientId(clientId)
 	if err != nil {
 		c.Data["json"] = object.TokenError{
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -15,12 +15,11 @@
 package controllers

 import (
-	"context"
 	"strings"
 	"time"

-	"github.com/beego/beego/v2/core/logs"
-	"github.com/beego/beego/v2/server/web"
+	"github.com/beego/beego"
+	"github.com/beego/beego/logs"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -28,7 +27,7 @@ import (
 // ApiController
 // controller for handlers under /api uri
 type ApiController struct {
-	web.Controller
+	beego.Controller
 }

 // RootController
@@ -105,13 +104,6 @@ func (c *ApiController) getCurrentUser() *object.User {

 // GetSessionUsername ...
 func (c *ApiController) GetSessionUsername() string {
-	// prefer username stored in Beego context by ApiFilter
-	if ctxUser := c.Ctx.Input.GetData("currentUserId"); ctxUser != nil {
-		if username, ok := ctxUser.(string); ok {
-			return username
-		}
-	}
-
 	// check if user session expired
 	sessionData := c.GetSessionData()

@@ -130,26 +122,6 @@ func (c *ApiController) GetSessionUsername() string {
 	return user.(string)
 }

-// GetPaidUsername ...
-func (c *ApiController) GetPaidUsername() string {
-	// check if user session expired
-	sessionData := c.GetSessionData()
-
-	if sessionData != nil &&
-		sessionData.ExpireTime != 0 &&
-		sessionData.ExpireTime < time.Now().Unix() {
-		c.ClearUserSession()
-		return ""
-	}
-
-	user := c.GetSession("paidUsername")
-	if user == nil {
-		return ""
-	}
-
-	return user.(string)
-}
-
 func (c *ApiController) GetSessionToken() string {
 	accessToken := c.GetSession("accessToken")
 	if accessToken == nil {
@@ -176,7 +148,6 @@ func (c *ApiController) GetSessionApplication() *object.Application {
 func (c *ApiController) ClearUserSession() {
 	c.SetSessionUsername("")
 	c.SetSessionData(nil)
-	_ = c.SessionRegenerateID()
 }

 func (c *ApiController) ClearTokenSession() {
@@ -245,19 +216,16 @@ func (c *ApiController) setMfaUserSession(userId string) {
 }

 func (c *ApiController) getMfaUserSession() string {
-	userId := c.Ctx.Input.CruSession.Get(context.Background(), object.MfaSessionUserId)
+	userId := c.Ctx.Input.CruSession.Get(object.MfaSessionUserId)
 	if userId == nil {
 		return ""
 	}
 	return userId.(string)
 }

-func (c *ApiController) setExpireForSession(cookieExpireInHours int64) {
+func (c *ApiController) setExpireForSession() {
 	timestamp := time.Now().Unix()
-	if cookieExpireInHours == 0 {
-		cookieExpireInHours = 720
-	}
-	timestamp += 3600 * cookieExpireInHours
+	timestamp += 3600 * 24
 	c.SetSessionData(&SessionData{
 		ExpireTime: timestamp,
 	})
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -41,8 +41,8 @@ func queryUnescape(service string) string {
 }

 func (c *RootController) CasValidate() {
-	ticket := c.Ctx.Input.Query("ticket")
-	service := c.Ctx.Input.Query("service")
+	ticket := c.Input().Get("ticket")
+	service := c.Input().Get("service")
 	c.Ctx.Output.Header("Content-Type", "text/html; charset=utf-8")
 	if service == "" || ticket == "" {
 		c.Ctx.Output.Body([]byte("no\n"))
@@ -60,8 +60,8 @@ func (c *RootController) CasValidate() {
 }

 func (c *RootController) CasServiceValidate() {
-	ticket := c.Ctx.Input.Query("ticket")
-	format := c.Ctx.Input.Query("format")
+	ticket := c.Input().Get("ticket")
+	format := c.Input().Get("format")
 	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
@@ -75,8 +75,8 @@ func (c *RootController) CasProxyValidate() {
 }

 func (c *RootController) CasP3ServiceValidate() {
-	ticket := c.Ctx.Input.Query("ticket")
-	format := c.Ctx.Input.Query("format")
+	ticket := c.Input().Get("ticket")
+	format := c.Input().Get("format")
 	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
@@ -84,10 +84,10 @@ func (c *RootController) CasP3ServiceValidate() {
 }

 func (c *RootController) CasP3ProxyValidate() {
-	ticket := c.Ctx.Input.Query("ticket")
-	format := c.Ctx.Input.Query("format")
-	service := c.Ctx.Input.Query("service")
-	pgtUrl := c.Ctx.Input.Query("pgtUrl")
+	ticket := c.Input().Get("ticket")
+	format := c.Input().Get("format")
+	service := c.Input().Get("service")
+	pgtUrl := c.Input().Get("pgtUrl")

 	serviceResponse := object.CasServiceResponse{
 		Xmlns: "http://www.yale.edu/tp/cas",
@@ -161,9 +161,9 @@ func (c *RootController) CasP3ProxyValidate() {
 }

 func (c *RootController) CasProxy() {
-	pgt := c.Ctx.Input.Query("pgt")
-	targetService := c.Ctx.Input.Query("targetService")
-	format := c.Ctx.Input.Query("format")
+	pgt := c.Input().Get("pgt")
+	targetService := c.Input().Get("targetService")
+	format := c.Input().Get("format")
 	if pgt == "" || targetService == "" {
 		c.sendCasProxyResponseErr(InvalidRequest, "pgt and targetService must exist", format)
 		return
@@ -200,7 +200,7 @@ func (c *RootController) CasProxy() {

 func (c *RootController) SamlValidate() {
 	c.Ctx.Output.Header("Content-Type", "text/xml; charset=utf-8")
-	target := c.Ctx.Input.Query("TARGET")
+	target := c.Input().Get("TARGET")
 	body := c.Ctx.Input.RequestBody
 	envelopRequest := struct {
 		XMLName xml.Name `xml:"Envelope"`
--- a/controllers/casbin_api.go
+++ b/controllers/casbin_api.go
@@ -34,23 +34,11 @@ import (
 // @Success 200 {object} controllers.Response The Response object
 // @router /enforce [post]
 func (c *ApiController) Enforce() {
-	permissionId := c.Ctx.Input.Query("permissionId")
-	modelId := c.Ctx.Input.Query("modelId")
-	resourceId := c.Ctx.Input.Query("resourceId")
-	enforcerId := c.Ctx.Input.Query("enforcerId")
-	owner := c.Ctx.Input.Query("owner")
-
-	params := []string{permissionId, modelId, resourceId, enforcerId, owner}
-	nonEmpty := 0
-	for _, param := range params {
-		if param != "" {
-			nonEmpty++
-		}
-	}
-	if nonEmpty > 1 {
-		c.ResponseError("Only one of the parameters (permissionId, modelId, resourceId, enforcerId, owner) should be provided")
-		return
-	}
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+	resourceId := c.Input().Get("resourceId")
+	enforcerId := c.Input().Get("enforcerId")
+	owner := c.Input().Get("owner")

 	if len(c.Ctx.Input.RequestBody) == 0 {
 		c.ResponseError("The request body should not be empty")
@@ -119,11 +107,7 @@ func (c *ApiController) Enforce() {

 	permissions := []*object.Permission{}
 	if modelId != "" {
-		owner, modelName, err := util.GetOwnerAndNameFromIdWithError(modelId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
 		permissions, err = object.GetPermissionsByModel(owner, modelName)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -180,22 +164,10 @@ func (c *ApiController) Enforce() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /batch-enforce [post]
 func (c *ApiController) BatchEnforce() {
-	permissionId := c.Ctx.Input.Query("permissionId")
-	modelId := c.Ctx.Input.Query("modelId")
-	enforcerId := c.Ctx.Input.Query("enforcerId")
-	owner := c.Ctx.Input.Query("owner")
-
-	params := []string{permissionId, modelId, enforcerId, owner}
-	nonEmpty := 0
-	for _, param := range params {
-		if param != "" {
-			nonEmpty++
-		}
-	}
-	if nonEmpty > 1 {
-		c.ResponseError("Only one of the parameters (permissionId, modelId, enforcerId, owner) should be provided")
-		return
-	}
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+	enforcerId := c.Input().Get("enforcerId")
+	owner := c.Input().Get("owner")

 	var requests [][]string
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
@@ -259,11 +231,7 @@ func (c *ApiController) BatchEnforce() {

 	permissions := []*object.Permission{}
 	if modelId != "" {
-		owner, modelName, err := util.GetOwnerAndNameFromIdWithError(modelId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
 		permissions, err = object.GetPermissionsByModel(owner, modelName)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -304,7 +272,7 @@ func (c *ApiController) BatchEnforce() {
 }

 func (c *ApiController) GetAllObjects() {
-	userId := c.Ctx.Input.Query("userId")
+	userId := c.Input().Get("userId")
 	if userId == "" {
 		userId = c.GetSessionUsername()
 		if userId == "" {
@@ -323,7 +291,7 @@ func (c *ApiController) GetAllObjects() {
 }

 func (c *ApiController) GetAllActions() {
-	userId := c.Ctx.Input.Query("userId")
+	userId := c.Input().Get("userId")
 	if userId == "" {
 		userId = c.GetSessionUsername()
 		if userId == "" {
@@ -342,7 +310,7 @@ func (c *ApiController) GetAllActions() {
 }

 func (c *ApiController) GetAllRoles() {
-	userId := c.Ctx.Input.Query("userId")
+	userId := c.Input().Get("userId")
 	if userId == "" {
 		userId = c.GetSessionUsername()
 		if userId == "" {
--- a/controllers/casbin_cli_api.go
+++ b/controllers/casbin_cli_api.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"sort"
 	"strings"
 	"sync"
@@ -39,46 +38,6 @@ var (
 	cliVersionMutex sync.RWMutex
 )

-// cleanOldMEIFolders cleans up old _MEIXXX folders from the Casdoor temp directory
-// that are older than 24 hours. These folders are created by PyInstaller when
-// executing casbin-python-cli and can accumulate over time.
-func cleanOldMEIFolders() {
-	tempDir := "temp"
-	cutoffTime := time.Now().Add(-24 * time.Hour)
-
-	entries, err := os.ReadDir(tempDir)
-	if err != nil {
-		// Log error but don't fail - cleanup is best-effort
-		// This is expected if temp directory doesn't exist yet
-		return
-	}
-
-	for _, entry := range entries {
-		// Check if the entry is a directory and matches the _MEI pattern
-		if !entry.IsDir() || !strings.HasPrefix(entry.Name(), "_MEI") {
-			continue
-		}
-
-		dirPath := filepath.Join(tempDir, entry.Name())
-		info, err := entry.Info()
-		if err != nil {
-			continue
-		}
-
-		// Check if the folder is older than 24 hours
-		if info.ModTime().Before(cutoffTime) {
-			// Try to remove the directory
-			err = os.RemoveAll(dirPath)
-			if err != nil {
-				// Log but continue with other folders
-				fmt.Printf("failed to remove old MEI folder %s: %v\n", dirPath, err)
-			} else {
-				fmt.Printf("removed old MEI folder: %s\n", dirPath)
-			}
-		}
-	}
-}
-
 // getCLIVersion
 // @Title getCLIVersion
 // @Description Get CLI version with cache mechanism
@@ -107,9 +66,6 @@ func getCLIVersion(language string) (string, error) {
 	}
 	cliVersionMutex.RUnlock()

-	// Clean up old _MEI folders before running the command
-	cleanOldMEIFolders()
-
 	cmd := exec.Command(binaryName, "--version")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -169,8 +125,8 @@ func (c *ApiController) RunCasbinCommand() {
 		return
 	}

-	language := c.Ctx.Input.Query("language")
-	argString := c.Ctx.Input.Query("args")
+	language := c.Input().Get("language")
+	argString := c.Input().Get("args")

 	if language == "" {
 		language = "go"
@@ -196,19 +152,6 @@ func (c *ApiController) RunCasbinCommand() {
 		return
 	}

-	// Generate cache key for this command
-	cacheKey, err := generateCacheKey(language, args)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	// Check if result is cached
-	if cachedOutput, found := getCachedCommandResult(cacheKey); found {
-		c.ResponseOk(cachedOutput)
-		return
-	}
-
 	if len(args) > 0 && args[0] == "--version" {
 		version, err := getCLIVersion(language)
 		if err != nil {
@@ -230,10 +173,6 @@ func (c *ApiController) RunCasbinCommand() {
 		return
 	}

-	// Clean up old _MEI folders before running the command
-	// This is especially important for Python CLI which creates these folders
-	cleanOldMEIFolders()
-
 	command := exec.Command(binaryName, processedArgs...)
 	outputBytes, err := command.CombinedOutput()
 	if err != nil {
@@ -249,10 +188,6 @@ func (c *ApiController) RunCasbinCommand() {

 	output := string(outputBytes)
 	output = strings.TrimSuffix(output, "\n")
-
-	// Store result in cache
-	setCachedCommandResult(cacheKey, output)
-
 	c.ResponseOk(output)
 }

@@ -262,10 +197,10 @@ func (c *ApiController) RunCasbinCommand() {
 // @Param hash string The SHA-256 hash string
 // @Return error Returns error if validation fails, nil if successful
 func validateIdentifier(c *ApiController) error {
-	language := c.Ctx.Input.Query("language")
-	args := c.Ctx.Input.Query("args")
-	hash := c.Ctx.Input.Query("m")
-	timestamp := c.Ctx.Input.Query("t")
+	language := c.Input().Get("language")
+	args := c.Input().Get("args")
+	hash := c.Input().Get("m")
+	timestamp := c.Input().Get("t")

 	if hash == "" || timestamp == "" || language == "" || args == "" {
 		return fmt.Errorf("invalid identifier")
--- a/controllers/casbin_cli_api_cache.go
+++ b/controllers/casbin_cli_api_cache.go
@@ -1,100 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
-	"fmt"
-	"sync"
-	"time"
-)
-
-type CommandCacheEntry struct {
-	Output     string
-	CachedTime time.Time
-}
-
-var (
-	commandCache      = make(map[string]*CommandCacheEntry)
-	commandCacheMutex sync.RWMutex
-	cacheTTL          = 5 * time.Minute
-	cleanupInProgress = false
-	cleanupMutex      sync.Mutex
-)
-
-// generateCacheKey creates a unique cache key based on language and arguments
-func generateCacheKey(language string, args []string) (string, error) {
-	argsJSON, err := json.Marshal(args)
-	if err != nil {
-		return "", fmt.Errorf("failed to marshal args: %v", err)
-	}
-	data := fmt.Sprintf("%s:%s", language, string(argsJSON))
-	hash := sha256.Sum256([]byte(data))
-	return hex.EncodeToString(hash[:]), nil
-}
-
-// cleanExpiredCacheEntries removes expired entries from the cache
-func cleanExpiredCacheEntries() {
-	commandCacheMutex.Lock()
-	defer commandCacheMutex.Unlock()
-
-	for key, entry := range commandCache {
-		if time.Since(entry.CachedTime) >= cacheTTL {
-			delete(commandCache, key)
-		}
-	}
-
-	cleanupMutex.Lock()
-	cleanupInProgress = false
-	cleanupMutex.Unlock()
-}
-
-// getCachedCommandResult retrieves cached command result if available and not expired
-func getCachedCommandResult(cacheKey string) (string, bool) {
-	commandCacheMutex.RLock()
-	defer commandCacheMutex.RUnlock()
-
-	if entry, exists := commandCache[cacheKey]; exists {
-		if time.Since(entry.CachedTime) < cacheTTL {
-			return entry.Output, true
-		}
-	}
-	return "", false
-}
-
-// setCachedCommandResult stores command result in cache and performs periodic cleanup
-func setCachedCommandResult(cacheKey string, output string) {
-	commandCacheMutex.Lock()
-	commandCache[cacheKey] = &CommandCacheEntry{
-		Output:     output,
-		CachedTime: time.Now(),
-	}
-	shouldCleanup := len(commandCache)%100 == 0
-	commandCacheMutex.Unlock()
-
-	// Periodically clean expired entries (every 100 cache sets)
-	if shouldCleanup {
-		cleanupMutex.Lock()
-		if !cleanupInProgress {
-			cleanupInProgress = true
-			cleanupMutex.Unlock()
-			go cleanExpiredCacheEntries()
-		} else {
-			cleanupMutex.Unlock()
-		}
-	}
-}
--- a/controllers/cert.go
+++ b/controllers/cert.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +30,13 @@ import (
 // @Success 200 {array} object.Cert The Response object
 // @router /get-certs [get]
 func (c *ApiController) GetCerts() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		certs, err := object.GetMaskedCerts(object.GetCerts(owner))
@@ -54,7 +54,7 @@ func (c *ApiController) GetCerts() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		certs, err := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -72,12 +72,12 @@ func (c *ApiController) GetCerts() {
 // @Success 200 {array} object.Cert The Response object
 // @router /get-global-certs [get]
 func (c *ApiController) GetGlobalCerts() {
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		certs, err := object.GetMaskedCerts(object.GetGlobalCerts())
@@ -95,7 +95,7 @@ func (c *ApiController) GetGlobalCerts() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		certs, err := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -114,7 +114,7 @@ func (c *ApiController) GetGlobalCerts() {
 // @Success 200 {object} object.Cert The Response object
 // @router /get-cert [get]
 func (c *ApiController) GetCert() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")
 	cert, err := object.GetCert(id)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -133,7 +133,7 @@ func (c *ApiController) GetCert() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-cert [post]
 func (c *ApiController) UpdateCert() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var cert object.Cert
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &cert)
--- a/controllers/cli_downloader.go
+++ b/controllers/cli_downloader.go
@@ -15,7 +15,7 @@ import (
 	"strings"
 	"time"

-	"github.com/beego/beego/v2/server/web"
+	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/util"
 )
@@ -24,8 +24,6 @@ const (
 	javaCliRepo    = "https://api.github.com/repos/jcasbin/casbin-java-cli/releases/latest"
 	goCliRepo      = "https://api.github.com/repos/casbin/casbin-go-cli/releases/latest"
 	rustCliRepo    = "https://api.github.com/repos/casbin-rs/casbin-rust-cli/releases/latest"
-	pythonCliRepo  = "https://api.github.com/repos/casbin/casbin-python-cli/releases/latest"
-	dotnetCliRepo  = "https://api.github.com/repos/casbin-net/casbin-dotnet-cli/releases/latest"
 	downloadFolder = "bin"
 )

@@ -45,8 +43,6 @@ func getBinaryNames() map[string]string {
 		golang = "go"
 		java   = "java"
 		rust   = "rust"
-		python = "python"
-		dotnet = "dotnet"
 	)

 	arch := runtime.GOARCH
@@ -66,24 +62,18 @@ func getBinaryNames() map[string]string {
 			golang: fmt.Sprintf("casbin-go-cli_Windows_%s.zip", archNames.goArch),
 			java:   "casbin-java-cli.jar",
 			rust:   fmt.Sprintf("casbin-rust-cli-%s-pc-windows-gnu", archNames.rustArch),
-			python: fmt.Sprintf("casbin-python-cli-windows-%s.exe", archNames.goArch),
-			dotnet: fmt.Sprintf("casbin-dotnet-cli-windows-%s.exe", archNames.goArch),
 		}
 	case "darwin":
 		return map[string]string{
 			golang: fmt.Sprintf("casbin-go-cli_Darwin_%s.tar.gz", archNames.goArch),
 			java:   "casbin-java-cli.jar",
 			rust:   fmt.Sprintf("casbin-rust-cli-%s-apple-darwin", archNames.rustArch),
-			python: fmt.Sprintf("casbin-python-cli-darwin-%s", archNames.goArch),
-			dotnet: fmt.Sprintf("casbin-dotnet-cli-darwin-%s", archNames.goArch),
 		}
 	case "linux":
 		return map[string]string{
 			golang: fmt.Sprintf("casbin-go-cli_Linux_%s.tar.gz", archNames.goArch),
 			java:   "casbin-java-cli.jar",
 			rust:   fmt.Sprintf("casbin-rust-cli-%s-unknown-linux-gnu", archNames.rustArch),
-			python: fmt.Sprintf("casbin-python-cli-linux-%s", archNames.goArch),
-			dotnet: fmt.Sprintf("casbin-dotnet-cli-linux-%s", archNames.goArch),
 		}
 	default:
 		return nil
@@ -108,16 +98,6 @@ func getFinalBinaryName(lang string) string {
 			return "casbin-rust-cli.exe"
 		}
 		return "casbin-rust-cli"
-	case "python":
-		if runtime.GOOS == "windows" {
-			return "casbin-python-cli.exe"
-		}
-		return "casbin-python-cli"
-	case "dotnet":
-		if runtime.GOOS == "windows" {
-			return "casbin-dotnet-cli.exe"
-		}
-		return "casbin-dotnet-cli"
 	default:
 		return ""
 	}
@@ -353,11 +333,9 @@ func downloadCLI() error {
 	}

 	repos := map[string]string{
-		"java":   javaCliRepo,
-		"go":     goCliRepo,
-		"rust":   rustCliRepo,
-		"python": pythonCliRepo,
-		"dotnet": dotnetCliRepo,
+		"java": javaCliRepo,
+		"go":   goCliRepo,
+		"rust": rustCliRepo,
 	}

 	for lang, repo := range repos {
@@ -446,13 +424,13 @@ func downloadCLI() error {
 // @Success 200 {object} controllers.Response The Response object
 // @router /refresh-engines [post]
 func (c *ApiController) RefreshEngines() {
-	if !web.AppConfig.DefaultBool("isDemoMode", false) {
+	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
 		c.ResponseError("refresh engines is only available in demo mode")
 		return
 	}

-	hash := c.Ctx.Input.Query("m")
-	timestamp := c.Ctx.Input.Query("t")
+	hash := c.Input().Get("m")
+	timestamp := c.Input().Get("t")

 	if hash == "" || timestamp == "" {
 		c.ResponseError("invalid identifier")
@@ -498,7 +476,7 @@ func (c *ApiController) RefreshEngines() {
 // @Title ScheduleCLIUpdater
 // @Description Start periodic CLI update scheduler
 func ScheduleCLIUpdater() {
-	if !web.AppConfig.DefaultBool("isDemoMode", false) {
+	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
 		return
 	}

@@ -526,7 +504,7 @@ func DownloadCLI() error {
 // @Title InitCLIDownloader
 // @Description Initialize CLI downloader and start update scheduler
 func InitCLIDownloader() {
-	if !web.AppConfig.DefaultBool("isDemoMode", false) {
+	if !beego.AppConfig.DefaultBool("isDemoMode", false) {
 		return
 	}

--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -18,7 +18,7 @@ import (
 	"encoding/json"
 	"fmt"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
@@ -32,13 +32,13 @@ import (
 // @Success 200 {array} object.Enforcer
 // @router /get-enforcers [get]
 func (c *ApiController) GetEnforcers() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		enforcers, err := object.GetEnforcers(owner)
@@ -56,7 +56,7 @@ func (c *ApiController) GetEnforcers() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		enforcers, err := object.GetPaginationEnforcers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -75,8 +75,8 @@ func (c *ApiController) GetEnforcers() {
 // @Success 200 {object} object.Enforcer
 // @router /get-enforcer [get]
 func (c *ApiController) GetEnforcer() {
-	id := c.Ctx.Input.Query("id")
-	loadModelCfg := c.Ctx.Input.Query("loadModelCfg")
+	id := c.Input().Get("id")
+	loadModelCfg := c.Input().Get("loadModelCfg")

 	enforcer, err := object.GetEnforcer(id)
 	if err != nil {
@@ -84,12 +84,10 @@ func (c *ApiController) GetEnforcer() {
 		return
 	}

-	if enforcer != nil {
-		if loadModelCfg == "true" && enforcer.Model != "" {
-			err = enforcer.LoadModelCfg()
-			if err != nil {
-				return
-			}
+	if loadModelCfg == "true" && enforcer.Model != "" {
+		err := enforcer.LoadModelCfg()
+		if err != nil {
+			return
 		}
 	}

@@ -105,7 +103,7 @@ func (c *ApiController) GetEnforcer() {
 // @Success 200 {object} object.Enforcer
 // @router /update-enforcer [post]
 func (c *ApiController) UpdateEnforcer() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	enforcer := object.Enforcer{}
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
@@ -156,17 +154,9 @@ func (c *ApiController) DeleteEnforcer() {
 	c.ServeJSON()
 }

-// GetPolicies
-// @Title GetPolicies
-// @Tag Enforcer API
-// @Description get policies
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   adapterId     query    string  false        "The adapter id"
-// @Success 200 {array} xormadapter.CasbinRule
-// @router /get-policies [get]
 func (c *ApiController) GetPolicies() {
-	id := c.Ctx.Input.Query("id")
-	adapterId := c.Ctx.Input.Query("adapterId")
+	id := c.Input().Get("id")
+	adapterId := c.Input().Get("adapterId")

 	if adapterId != "" {
 		adapter, err := object.GetAdapter(adapterId)
@@ -198,43 +188,8 @@ func (c *ApiController) GetPolicies() {
 	c.ResponseOk(policies)
 }

-// GetFilteredPolicies
-// @Title GetFilteredPolicies
-// @Tag Enforcer API
-// @Description get filtered policies with support for multiple filters via POST body
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   body   body    []object.Filter  true        "Array of filter objects for multiple filters"
-// @Success 200 {array} xormadapter.CasbinRule
-// @router /get-filtered-policies [post]
-func (c *ApiController) GetFilteredPolicies() {
-	id := c.Ctx.Input.Query("id")
-
-	var filters []object.Filter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &filters)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	filteredPolicies, err := object.GetFilteredPoliciesMulti(id, filters)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(filteredPolicies)
-}
-
-// UpdatePolicy
-// @Title UpdatePolicy
-// @Tag Enforcer API
-// @Description update policy
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   body     body    []xormadapter.CasbinRule  true        "Array containing old and new policy"
-// @Success 200 {object} Response
-// @router /update-policy [post]
 func (c *ApiController) UpdatePolicy() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var policies []xormadapter.CasbinRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
@@ -252,16 +207,8 @@ func (c *ApiController) UpdatePolicy() {
 	c.ServeJSON()
 }

-// AddPolicy
-// @Title AddPolicy
-// @Tag Enforcer API
-// @Description add policy
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   body     body    xormadapter.CasbinRule  true        "The policy to add"
-// @Success 200 {object} Response
-// @router /add-policy [post]
 func (c *ApiController) AddPolicy() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var policy xormadapter.CasbinRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
@@ -279,16 +226,8 @@ func (c *ApiController) AddPolicy() {
 	c.ServeJSON()
 }

-// RemovePolicy
-// @Title RemovePolicy
-// @Tag Enforcer API
-// @Description remove policy
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   body     body    xormadapter.CasbinRule  true        "The policy to remove"
-// @Success 200 {object} Response
-// @router /remove-policy [post]
 func (c *ApiController) RemovePolicy() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var policy xormadapter.CasbinRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
--- a/controllers/face.go
+++ b/controllers/face.go
@@ -33,8 +33,8 @@ import (
 // @Success 200 {object} controllers.Response The Response object
 // @router /faceid-signin-begin [get]
 func (c *ApiController) FaceIDSigninBegin() {
-	userOwner := c.Ctx.Input.Query("owner")
-	userName := c.Ctx.Input.Query("name")
+	userOwner := c.Input().Get("owner")
+	userName := c.Input().Get("name")

 	user, err := object.GetUserByFields(userOwner, userName)
 	if err != nil {
--- a/controllers/form.go
+++ b/controllers/form.go
@@ -1,175 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/v2/core/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetGlobalForms
-// @Title GetGlobalForms
-// @Tag Form API
-// @Description get global forms
-// @Success 200 {array} object.Form The Response object
-// @router /get-global-forms [get]
-func (c *ApiController) GetGlobalForms() {
-	forms, err := object.GetGlobalForms()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedForms(forms, true))
-}
-
-// GetForms
-// @Title GetForms
-// @Tag Form API
-// @Description get forms
-// @Param owner query string true "The owner of form"
-// @Success 200 {array} object.Form The Response object
-// @router /get-forms [get]
-func (c *ApiController) GetForms() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-
-	if limit == "" || page == "" {
-		forms, err := object.GetForms(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedForms(forms, true))
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetFormCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
-		forms, err := object.GetPaginationForms(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk(forms, paginator.Nums())
-	}
-}
-
-// GetForm
-// @Title GetForm
-// @Tag Form API
-// @Description get form
-// @Param id query string true "The id (owner/name) of form"
-// @Success 200 {object} object.Form The Response object
-// @router /get-form [get]
-func (c *ApiController) GetForm() {
-	id := c.Ctx.Input.Query("id")
-
-	form, err := object.GetForm(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedForm(form, true))
-}
-
-// UpdateForm
-// @Title UpdateForm
-// @Tag Form API
-// @Description update form
-// @Param id query string true "The id (owner/name) of the form"
-// @Param body body object.Form true "The details of the form"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-form [post]
-func (c *ApiController) UpdateForm() {
-	id := c.Ctx.Input.Query("id")
-
-	var form object.Form
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	success, err := object.UpdateForm(id, &form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(success)
-}
-
-// AddForm
-// @Title AddForm
-// @Tag Form API
-// @Description add form
-// @Param body body object.Form true "The details of the form"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-form [post]
-func (c *ApiController) AddForm() {
-	var form object.Form
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	success, err := object.AddForm(&form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(success)
-}
-
-// DeleteForm
-// @Title DeleteForm
-// @Tag Form API
-// @Description delete form
-// @Param body body object.Form true "The details of the form"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-form [post]
-func (c *ApiController) DeleteForm() {
-	var form object.Form
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	success, err := object.DeleteForm(&form)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(success)
-}
--- a/controllers/get-dashboard.go
+++ b/controllers/get-dashboard.go
@@ -23,7 +23,7 @@ import "github.com/casdoor/casdoor/object"
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-dashboard [get]
 func (c *ApiController) GetDashboard() {
-	owner := c.Ctx.Input.Query("owner")
+	owner := c.Input().Get("owner")

 	data, err := object.GetDashboard(owner)
 	if err != nil {
--- a/controllers/group.go
+++ b/controllers/group.go
@@ -17,7 +17,7 @@ import (
 	"encoding/json"
 	"fmt"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,14 +30,14 @@ import (
 // @Success 200 {array} object.Group The Response object
 // @router /get-groups [get]
 func (c *ApiController) GetGroups() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-	withTree := c.Ctx.Input.Query("withTree")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	withTree := c.Input().Get("withTree")

 	if limit == "" || page == "" {
 		groups, err := object.GetGroups(owner)
@@ -66,7 +66,7 @@ func (c *ApiController) GetGroups() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		groups, err := object.GetPaginationGroups(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -109,7 +109,7 @@ func (c *ApiController) GetGroups() {
 // @Success 200 {object} object.Group The Response object
 // @router /get-group [get]
 func (c *ApiController) GetGroup() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	group, err := object.GetGroup(id)
 	if err != nil {
@@ -135,7 +135,7 @@ func (c *ApiController) GetGroup() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-group [post]
 func (c *ApiController) UpdateGroup() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var group object.Group
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
--- a/controllers/group_upload.go
+++ b/controllers/group_upload.go
@@ -24,11 +24,7 @@ import (

 func (c *ApiController) UploadGroups() {
 	userId := c.GetSessionUsername()
-	owner, user, err := util.GetOwnerAndNameFromIdWithError(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	owner, user := util.GetOwnerAndNameFromId(userId)

 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
@@ -55,6 +51,6 @@ func (c *ApiController) UploadGroups() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("general:Failed to import groups"))
+		c.ResponseError(c.T("group_upload:Failed to import groups"))
 	}
 }
--- a/controllers/invitation.go
+++ b/controllers/invitation.go
@@ -16,10 +16,8 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"
-	"strings"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -32,13 +30,13 @@ import (
 // @Success 200 {array} object.Invitation The Response object
 // @router /get-invitations [get]
 func (c *ApiController) GetInvitations() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		invitations, err := object.GetInvitations(owner)
@@ -56,7 +54,7 @@ func (c *ApiController) GetInvitations() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		invitations, err := object.GetPaginationInvitations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -75,7 +73,7 @@ func (c *ApiController) GetInvitations() {
 // @Success 200 {object} object.Invitation The Response object
 // @router /get-invitation [get]
 func (c *ApiController) GetInvitation() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	invitation, err := object.GetInvitation(id)
 	if err != nil {
@@ -94,18 +92,14 @@ func (c *ApiController) GetInvitation() {
 // @Success 200 {object} object.Invitation The Response object
 // @router /get-invitation-info [get]
 func (c *ApiController) GetInvitationCodeInfo() {
-	code := c.Ctx.Input.Query("code")
-	applicationId := c.Ctx.Input.Query("applicationId")
+	code := c.Input().Get("code")
+	applicationId := c.Input().Get("applicationId")

 	application, err := object.GetApplication(applicationId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The application: %s does not exist"), applicationId))
-		return
-	}

 	invitation, msg := object.GetInvitationByCode(code, application.Organization, c.GetAcceptLanguage())
 	if msg != "" {
@@ -125,7 +119,7 @@ func (c *ApiController) GetInvitationCodeInfo() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-invitation [post]
 func (c *ApiController) UpdateInvitation() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var invitation object.Invitation
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &invitation)
@@ -184,7 +178,7 @@ func (c *ApiController) DeleteInvitation() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /verify-invitation [get]
 func (c *ApiController) VerifyInvitation() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	payment, attachInfo, err := object.VerifyInvitation(id)
 	if err != nil {
@@ -194,90 +188,3 @@ func (c *ApiController) VerifyInvitation() {

 	c.ResponseOk(payment, attachInfo)
 }
-
-// SendInvitation
-// @Title VerifyInvitation
-// @Tag Invitation API
-// @Description verify invitation
-// @Param   id     query    string	true        "The id ( owner/name ) of the invitation"
-// @Param   body    body	[]string  true        "The details of the invitation"
-// @Success 200 {object} controllers.Response The Response object
-// @router /send-invitation [post]
-func (c *ApiController) SendInvitation() {
-	id := c.Ctx.Input.Query("id")
-
-	var destinations []string
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &destinations)
-
-	if !c.IsAdmin() {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	invitation, err := object.GetInvitation(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if invitation == nil {
-		c.ResponseError(fmt.Sprintf(c.T("invitation:Invitation %s does not exist"), id))
-		return
-	}
-
-	organization, err := object.GetOrganization(fmt.Sprintf("admin/%s", invitation.Owner))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if organization == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The organization: %s does not exist"), invitation.Owner))
-		return
-	}
-
-	var application *object.Application
-	if invitation.Application != "" {
-		application, err = object.GetApplication(fmt.Sprintf("admin/%s-org-%s", invitation.Application, invitation.Owner))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		application, err = object.GetApplicationByOrganizationName(invitation.Owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The organization: %s should have one application at least"), invitation.Owner))
-		return
-	}
-
-	if application.IsShared {
-		application.Name = fmt.Sprintf("%s-org-%s", application.Name, invitation.Owner)
-	}
-
-	provider, err := application.GetEmailProvider("Invitation")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if provider == nil {
-		c.ResponseError(fmt.Sprintf(c.T("verification:please add an Email provider to the \"Providers\" list for the application: %s"), invitation.Owner))
-		return
-	}
-
-	content := provider.Metadata
-
-	content = strings.ReplaceAll(content, "%code", invitation.Code)
-	content = strings.ReplaceAll(content, "%link", invitation.GetInvitationLink(c.Ctx.Request.Host, application.Name))
-
-	err = object.SendEmail(provider, provider.Title, content, destinations, organization.DisplayName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"

 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -46,22 +45,14 @@ type LdapSyncResp struct {
 // @Success 200 {object} controllers.LdapResp The Response object
 // @router /get-ldap-users [get]
 func (c *ApiController) GetLdapUsers() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

-	_, ldapId, err := util.GetOwnerAndNameFromIdWithError(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	_, ldapId := util.GetOwnerAndNameFromId(id)
 	ldapServer, err := object.GetLdap(ldapId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if ldapServer == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The LDAP: %s does not exist"), ldapId))
-		return
-	}

 	conn, err := ldapServer.GetLdapConn()
 	if err != nil {
@@ -114,7 +105,7 @@ func (c *ApiController) GetLdapUsers() {
 // @Success 200 {array} object.Ldap The Response object
 // @router /get-ldaps [get]
 func (c *ApiController) GetLdaps() {
-	owner := c.Ctx.Input.Query("owner")
+	owner := c.Input().Get("owner")

 	c.ResponseOk(object.GetMaskedLdaps(object.GetLdaps(owner)))
 }
@@ -127,18 +118,14 @@ func (c *ApiController) GetLdaps() {
 // @Success 200 {object} object.Ldap The Response object
 // @router /get-ldap [get]
 func (c *ApiController) GetLdap() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	if util.IsStringsEmpty(id) {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}

-	_, name, err := util.GetOwnerAndNameFromIdWithError(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	_, name := util.GetOwnerAndNameFromId(id)
 	ldap, err := object.GetLdap(name)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -266,15 +253,11 @@ func (c *ApiController) DeleteLdap() {
 // @Success 200 {object} controllers.LdapSyncResp The Response object
 // @router /sync-ldap-users [post]
 func (c *ApiController) SyncLdapUsers() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

-	owner, ldapId, err := util.GetOwnerAndNameFromIdWithError(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	owner, ldapId := util.GetOwnerAndNameFromId(id)
 	var users []object.LdapUser
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &users)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@@ -58,20 +58,7 @@ func (c *ApiController) MfaSetupInitiate() {
 		return
 	}

-	organization, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	issuer := ""
-	if organization != nil && organization.DisplayName != "" {
-		issuer = organization.DisplayName
-	} else if organization != nil {
-		issuer = organization.Name
-	}
-
-	mfaProps, err := MfaUtil.Initiate(user.GetId(), issuer)
+	mfaProps, err := MfaUtil.Initiate(user.GetId())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -79,7 +66,6 @@ func (c *ApiController) MfaSetupInitiate() {

 	recoveryCode := uuid.NewString()
 	mfaProps.RecoveryCodes = []string{recoveryCode}
-	mfaProps.MfaRememberInHours = organization.MfaRememberInHours

 	resp := mfaProps
 	c.ResponseOk(resp)
@@ -131,28 +117,6 @@ func (c *ApiController) MfaSetupVerify() {
 			return
 		}
 		config.Secret = dest
-	} else if mfaType == object.RadiusType {
-		if dest == "" {
-			c.ResponseError("RADIUS username is missing")
-			return
-		}
-		config.Secret = dest
-		if secret == "" {
-			c.ResponseError("RADIUS provider is missing")
-			return
-		}
-		config.URL = secret
-	} else if mfaType == object.PushType {
-		if dest == "" {
-			c.ResponseError("push notification receiver is missing")
-			return
-		}
-		config.Secret = dest
-		if secret == "" {
-			c.ResponseError("push notification provider is missing")
-			return
-		}
-		config.URL = secret
 	}

 	mfaUtil := object.GetMfaUtil(mfaType, config)
@@ -229,28 +193,6 @@ func (c *ApiController) MfaSetupEnable() {
 			}
 			user.CountryCode = countryCode
 		}
-	} else if mfaType == object.RadiusType {
-		if dest == "" {
-			c.ResponseError("RADIUS username is missing")
-			return
-		}
-		config.Secret = dest
-		if secret == "" {
-			c.ResponseError("RADIUS provider is missing")
-			return
-		}
-		config.URL = secret
-	} else if mfaType == object.PushType {
-		if dest == "" {
-			c.ResponseError("push notification receiver is missing")
-			return
-		}
-		config.Secret = dest
-		if secret == "" {
-			c.ResponseError("push notification provider is missing")
-			return
-		}
-		config.URL = secret
 	}

 	if recoveryCodes == "" {
--- a/controllers/model.go
+++ b/controllers/model.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +30,13 @@ import (
 // @Success 200 {array} object.Model The Response object
 // @router /get-models [get]
 func (c *ApiController) GetModels() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		models, err := object.GetModels(owner)
@@ -54,7 +54,7 @@ func (c *ApiController) GetModels() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		models, err := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -73,7 +73,7 @@ func (c *ApiController) GetModels() {
 // @Success 200 {object} object.Model The Response object
 // @router /get-model [get]
 func (c *ApiController) GetModel() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	model, err := object.GetModel(id)
 	if err != nil {
@@ -93,7 +93,7 @@ func (c *ApiController) GetModel() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-model [post]
 func (c *ApiController) UpdateModel() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var model object.Model
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &model)
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@@ -28,21 +28,7 @@ import (
 // @router /.well-known/openid-configuration [get]
 func (c *RootController) GetOidcDiscovery() {
 	host := c.Ctx.Request.Host
-	c.Data["json"] = object.GetOidcDiscovery(host, "")
-	c.ServeJSON()
-}
-
-// GetOidcDiscoveryByApplication
-// @Title GetOidcDiscoveryByApplication
-// @Tag OIDC API
-// @Description Get Oidc Discovery for specific application
-// @Param application path string true "application name"
-// @Success 200 {object} object.OidcDiscovery
-// @router /.well-known/:application/openid-configuration [get]
-func (c *RootController) GetOidcDiscoveryByApplication() {
-	application := c.Ctx.Input.Param(":application")
-	host := c.Ctx.Request.Host
-	c.Data["json"] = object.GetOidcDiscovery(host, application)
+	c.Data["json"] = object.GetOidcDiscovery(host)
 	c.ServeJSON()
 }

@@ -52,24 +38,7 @@ func (c *RootController) GetOidcDiscoveryByApplication() {
 // @Success 200 {object} jose.JSONWebKey
 // @router /.well-known/jwks [get]
 func (c *RootController) GetJwks() {
-	jwks, err := object.GetJsonWebKeySet("")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = jwks
-	c.ServeJSON()
-}
-
-// GetJwksByApplication
-// @Title GetJwksByApplication
-// @Tag OIDC API
-// @Param application path string true "application name"
-// @Success 200 {object} jose.JSONWebKey
-// @router /.well-known/:application/jwks [get]
-func (c *RootController) GetJwksByApplication() {
-	application := c.Ctx.Input.Param(":application")
-	jwks, err := object.GetJsonWebKeySet(application)
+	jwks, err := object.GetJsonWebKeySet()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -85,49 +54,17 @@ func (c *RootController) GetJwksByApplication() {
 // @Success 200 {object} object.WebFinger
 // @router /.well-known/webfinger [get]
 func (c *RootController) GetWebFinger() {
-	resource := c.Ctx.Input.Query("resource")
+	resource := c.Input().Get("resource")
 	rels := []string{}
 	host := c.Ctx.Request.Host

-	inputs, _ := c.Input()
-	for key, value := range inputs {
+	for key, value := range c.Input() {
 		if strings.HasPrefix(key, "rel") {
 			rels = append(rels, value...)
 		}
 	}

-	webfinger, err := object.GetWebFinger(resource, rels, host, "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = webfinger
-	c.Ctx.Output.ContentType("application/jrd+json")
-	c.ServeJSON()
-}
-
-// GetWebFingerByApplication
-// @Title GetWebFingerByApplication
-// @Tag OIDC API
-// @Param application path string true "application name"
-// @Param resource query string true "resource"
-// @Success 200 {object} object.WebFinger
-// @router /.well-known/:application/webfinger [get]
-func (c *RootController) GetWebFingerByApplication() {
-	application := c.Ctx.Input.Param(":application")
-	resource := c.Ctx.Input.Query("resource")
-	rels := []string{}
-	host := c.Ctx.Request.Host
-
-	inputs, _ := c.Input()
-	for key, value := range inputs {
-		if strings.HasPrefix(key, "rel") {
-			rels = append(rels, value...)
-		}
-	}
-
-	webfinger, err := object.GetWebFinger(resource, rels, host, application)
+	webfinger, err := object.GetWebFinger(resource, rels, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/order.go
+++ b/controllers/order.go
@@ -1,195 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/v2/core/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetOrders
-// @Title GetOrders
-// @Tag Order API
-// @Description get orders
-// @Param   owner     query    string  true        "The owner of orders"
-// @Success 200 {array} object.Order The Response object
-// @router /get-orders [get]
-func (c *ApiController) GetOrders() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-
-	if limit == "" || page == "" {
-		var orders []*object.Order
-		var err error
-
-		if c.IsAdmin() {
-			// If field is "user", filter by that user even for admins
-			if field == "user" && value != "" {
-				orders, err = object.GetUserOrders(owner, value)
-			} else {
-				orders, err = object.GetOrders(owner)
-			}
-		} else {
-			user := c.GetSessionUsername()
-			_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-			if userErr != nil {
-				c.ResponseError(userErr.Error())
-				return
-			}
-			orders, err = object.GetUserOrders(owner, userName)
-		}
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(orders)
-	} else {
-		limit := util.ParseInt(limit)
-		if !c.IsAdmin() {
-			user := c.GetSessionUsername()
-			_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-			if userErr != nil {
-				c.ResponseError(userErr.Error())
-				return
-			}
-			field = "user"
-			value = userName
-		}
-		count, err := object.GetOrderCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
-		orders, err := object.GetPaginationOrders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(orders, paginator.Nums())
-	}
-}
-
-// GetUserOrders
-// @Title GetUserOrders
-// @Tag Order API
-// @Description get orders for a user
-// @Param   owner     query    string  true        "The owner of orders"
-// @Param   user    query   string  true           "The username of the user"
-// @Success 200 {array} object.Order The Response object
-// @router /get-user-orders [get]
-func (c *ApiController) GetUserOrders() {
-	owner := c.Ctx.Input.Query("owner")
-	user := c.Ctx.Input.Query("user")
-
-	orders, err := object.GetUserOrders(owner, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(orders)
-}
-
-// GetOrder
-// @Title GetOrder
-// @Tag Order API
-// @Description get order
-// @Param   id     query    string  true        "The id ( owner/name ) of the order"
-// @Success 200 {object} object.Order The Response object
-// @router /get-order [get]
-func (c *ApiController) GetOrder() {
-	id := c.Ctx.Input.Query("id")
-
-	order, err := object.GetOrder(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(order)
-}
-
-// UpdateOrder
-// @Title UpdateOrder
-// @Tag Order API
-// @Description update order
-// @Param   id     query    string  true        "The id ( owner/name ) of the order"
-// @Param   body    body   object.Order  true        "The details of the order"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-order [post]
-func (c *ApiController) UpdateOrder() {
-	id := c.Ctx.Input.Query("id")
-
-	var order object.Order
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &order)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateOrder(id, &order))
-	c.ServeJSON()
-}
-
-// AddOrder
-// @Title AddOrder
-// @Tag Order API
-// @Description add order
-// @Param   body    body   object.Order  true        "The details of the order"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-order [post]
-func (c *ApiController) AddOrder() {
-	var order object.Order
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &order)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddOrder(&order))
-	c.ServeJSON()
-}
-
-// DeleteOrder
-// @Title DeleteOrder
-// @Tag Order API
-// @Description delete order
-// @Param   body    body   object.Order  true        "The details of the order"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-order [post]
-func (c *ApiController) DeleteOrder() {
-	var order object.Order
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &order)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteOrder(&order))
-	c.ServeJSON()
-}
--- a/controllers/order_pay.go
+++ b/controllers/order_pay.go
@@ -1,160 +0,0 @@
-// Copyright 2025 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// PlaceOrder
-// @Title PlaceOrder
-// @Tag Order API
-// @Description place an order for a product
-// @Param   productId     query    string  true        "The id ( owner/name ) of the product"
-// @Param   pricingName   query    string  false       "The name of the pricing (for subscription)"
-// @Param   planName      query    string  false       "The name of the plan (for subscription)"
-// @Param   customPrice   query    number  false       "Custom price for recharge products"
-// @Param   userName      query    string  false       "The username to place order for (admin only)"
-// @Success 200 {object} object.Order The Response object
-// @router /place-order [post]
-func (c *ApiController) PlaceOrder() {
-	owner := c.Ctx.Input.Query("owner")
-	paidUserName := c.Ctx.Input.Query("userName")
-
-	var req struct {
-		ProductInfos []object.ProductInfo `json:"productInfos"`
-	}
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &req)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	productInfos := req.ProductInfos
-	if len(productInfos) == 0 {
-		c.ResponseError(c.T("product:Product list cannot be empty"))
-		return
-	}
-
-	var userId string
-	if paidUserName != "" {
-		userId = util.GetId(owner, paidUserName)
-		if userId != c.GetSessionUsername() && !c.IsAdmin() && userId != c.GetPaidUsername() {
-			c.ResponseError(c.T("general:Only admin user can specify user"))
-			return
-		}
-
-		c.SetSession("paidUsername", "")
-	} else {
-		userId = c.GetSessionUsername()
-	}
-
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return
-	}
-
-	order, err := object.PlaceOrder(owner, productInfos, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(order)
-}
-
-// PayOrder
-// @Title PayOrder
-// @Tag Order API
-// @Description pay an existing order
-// @Param   id     query    string  true        "The id ( owner/name ) of the order"
-// @Param   providerName    query    string  true  "The name of the provider"
-// @Success 200 {object} controllers.Response The Response object
-// @router /pay-order [post]
-func (c *ApiController) PayOrder() {
-	id := c.Ctx.Input.Query("id")
-	host := c.Ctx.Request.Host
-	providerName := c.Ctx.Input.Query("providerName")
-	paymentEnv := c.Ctx.Input.Query("paymentEnv")
-
-	order, err := object.GetOrder(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if order == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The order: %s does not exist"), id))
-		return
-	}
-
-	userId := c.GetSessionUsername()
-	orderUserId := util.GetId(order.Owner, order.User)
-	if userId != orderUserId && !c.IsAdmin() {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	payment, attachInfo, err := object.PayOrder(providerName, host, paymentEnv, order, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment, attachInfo)
-}
-
-// CancelOrder
-// @Title CancelOrder
-// @Tag Order API
-// @Description cancel an order
-// @Param   id     query    string  true        "The id ( owner/name ) of the order"
-// @Success 200 {object} controllers.Response The Response object
-// @router /cancel-order [post]
-func (c *ApiController) CancelOrder() {
-	id := c.Ctx.Input.Query("id")
-	order, err := object.GetOrder(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if order == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:The order: %s does not exist"), id))
-		return
-	}
-
-	userId := c.GetSessionUsername()
-	orderUserId := util.GetId(order.Owner, order.User)
-	if userId != orderUserId && !c.IsAdmin() {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.CancelOrder(order))
-	c.ServeJSON()
-}
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,14 +30,14 @@ import (
 // @Success 200 {array} object.Organization The Response object
 // @router /get-organizations [get]
 func (c *ApiController) GetOrganizations() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-	organizationName := c.Ctx.Input.Query("organizationName")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	organizationName := c.Input().Get("organizationName")

 	isGlobalAdmin := c.IsGlobalAdmin()
 	if limit == "" || page == "" {
@@ -71,7 +71,7 @@ func (c *ApiController) GetOrganizations() {
 				return
 			}

-			paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+			paginator := pagination.SetPaginator(c.Ctx, limit, count)
 			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, organizationName, paginator.Offset(), limit, field, value, sortField, sortOrder))
 			if err != nil {
 				c.ResponseError(err.Error())
@@ -91,17 +91,13 @@ func (c *ApiController) GetOrganizations() {
 // @Success 200 {object} object.Organization The Response object
 // @router /get-organization [get]
 func (c *ApiController) GetOrganization() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")
 	organization, err := object.GetMaskedOrganization(object.GetOrganization(id))
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	if organization != nil && organization.MfaRememberInHours == 0 {
-		organization.MfaRememberInHours = 12
-	}
-
 	c.ResponseOk(organization)
 }

@@ -114,7 +110,7 @@ func (c *ApiController) GetOrganization() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-organization [post]
 func (c *ApiController) UpdateOrganization() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var organization object.Organization
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &organization)
@@ -130,10 +126,6 @@ func (c *ApiController) UpdateOrganization() {

 	isGlobalAdmin, _ := c.isGlobalAdmin()

-	if organization.BalanceCurrency == "" {
-		organization.BalanceCurrency = "USD"
-	}
-
 	c.Data["json"] = wrapActionResponse(object.UpdateOrganization(id, &organization, isGlobalAdmin))
 	c.ServeJSON()
 }
@@ -169,10 +161,6 @@ func (c *ApiController) AddOrganization() {
 		return
 	}

-	if organization.BalanceCurrency == "" {
-		organization.BalanceCurrency = "USD"
-	}
-
 	c.Data["json"] = wrapActionResponse(object.AddOrganization(&organization))
 	c.ServeJSON()
 }
@@ -205,7 +193,7 @@ func (c *ApiController) DeleteOrganization() {
 // @router /get-default-application [get]
 func (c *ApiController) GetDefaultApplication() {
 	userId := c.GetSessionUsername()
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	application, err := object.GetDefaultApplication(id)
 	if err != nil {
@@ -225,7 +213,7 @@ func (c *ApiController) GetDefaultApplication() {
 // @Success 200 {array} object.Organization The Response object
 // @router /get-organization-names [get]
 func (c *ApiController) GetOrganizationNames() {
-	owner := c.Ctx.Input.Query("owner")
+	owner := c.Input().Get("owner")
 	organizationNames, err := object.GetOrganizationsByFields(owner, []string{"name", "display_name"}...)
 	if err != nil {
 		c.ResponseError(err.Error())
--- a/controllers/payment.go
+++ b/controllers/payment.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,35 +30,16 @@ import (
 // @Success 200 {array} object.Payment The Response object
 // @router /get-payments [get]
 func (c *ApiController) GetPayments() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
-		var payments []*object.Payment
-		var err error
-
-		if c.IsAdmin() {
-			// If field is "user", filter by that user even for admins
-			if field == "user" && value != "" {
-				payments, err = object.GetUserPayments(owner, value)
-			} else {
-				payments, err = object.GetPayments(owner)
-			}
-		} else {
-			user := c.GetSessionUsername()
-			_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-			if userErr != nil {
-				c.ResponseError(userErr.Error())
-				return
-			}
-			payments, err = object.GetUserPayments(owner, userName)
-		}
-
+		payments, err := object.GetPayments(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -67,23 +48,13 @@ func (c *ApiController) GetPayments() {
 		c.ResponseOk(payments)
 	} else {
 		limit := util.ParseInt(limit)
-		if !c.IsAdmin() {
-			user := c.GetSessionUsername()
-			_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-			if userErr != nil {
-				c.ResponseError(userErr.Error())
-				return
-			}
-			field = "user"
-			value = userName
-		}
 		count, err := object.GetPaymentCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		payments, err := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -104,8 +75,8 @@ func (c *ApiController) GetPayments() {
 // @Success 200 {array} object.Payment The Response object
 // @router /get-user-payments [get]
 func (c *ApiController) GetUserPayments() {
-	owner := c.Ctx.Input.Query("owner")
-	user := c.Ctx.Input.Query("user")
+	owner := c.Input().Get("owner")
+	user := c.Input().Get("user")

 	payments, err := object.GetUserPayments(owner, user)
 	if err != nil {
@@ -124,7 +95,7 @@ func (c *ApiController) GetUserPayments() {
 // @Success 200 {object} object.Payment The Response object
 // @router /get-payment [get]
 func (c *ApiController) GetPayment() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	payment, err := object.GetPayment(id)
 	if err != nil {
@@ -144,7 +115,7 @@ func (c *ApiController) GetPayment() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-payment [post]
 func (c *ApiController) UpdatePayment() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var payment object.Payment
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
@@ -208,7 +179,7 @@ func (c *ApiController) NotifyPayment() {

 	body := c.Ctx.Input.RequestBody

-	payment, err := object.NotifyPayment(body, owner, paymentName, c.GetAcceptLanguage())
+	payment, err := object.NotifyPayment(body, owner, paymentName)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -225,7 +196,7 @@ func (c *ApiController) NotifyPayment() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /invoice-payment [post]
 func (c *ApiController) InvoicePayment() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	payment, err := object.GetPayment(id)
 	if err != nil {
--- a/controllers/permission.go
+++ b/controllers/permission.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +30,13 @@ import (
 // @Success 200 {array} object.Permission The Response object
 // @router /get-permissions [get]
 func (c *ApiController) GetPermissions() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		permissions, err := object.GetPermissions(owner)
@@ -54,7 +54,7 @@ func (c *ApiController) GetPermissions() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		permissions, err := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -94,7 +94,7 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 // @Success 200 {array} object.Permission The Response object
 // @router /get-permissions-by-role [get]
 func (c *ApiController) GetPermissionsByRole() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")
 	permissions, err := object.GetPermissionsByRole(id)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -112,7 +112,7 @@ func (c *ApiController) GetPermissionsByRole() {
 // @Success 200 {object} object.Permission The Response object
 // @router /get-permission [get]
 func (c *ApiController) GetPermission() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	permission, err := object.GetPermission(id)
 	if err != nil {
@@ -132,7 +132,7 @@ func (c *ApiController) GetPermission() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-permission [post]
 func (c *ApiController) UpdatePermission() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var permission object.Permission
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permission)
--- a/controllers/permission_upload.go
+++ b/controllers/permission_upload.go
@@ -24,11 +24,7 @@ import (

 func (c *ApiController) UploadPermissions() {
 	userId := c.GetSessionUsername()
-	owner, user, err := util.GetOwnerAndNameFromIdWithError(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	owner, user := util.GetOwnerAndNameFromId(userId)

 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
@@ -53,6 +49,6 @@ func (c *ApiController) UploadPermissions() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
+		c.ResponseError(c.T("user_upload:Failed to import users"))
 	}
 }
--- a/controllers/plan.go
+++ b/controllers/plan.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +30,13 @@ import (
 // @Success 200 {array} object.Plan The Response object
 // @router /get-plans [get]
 func (c *ApiController) GetPlans() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		plans, err := object.GetPlans(owner)
@@ -54,7 +54,7 @@ func (c *ApiController) GetPlans() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		plan, err := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -74,8 +74,8 @@ func (c *ApiController) GetPlans() {
 // @Success 200 {object} object.Plan The Response object
 // @router /get-plan [get]
 func (c *ApiController) GetPlan() {
-	id := c.Ctx.Input.Query("id")
-	includeOption := c.Ctx.Input.Query("includeOption") == "true"
+	id := c.Input().Get("id")
+	includeOption := c.Input().Get("includeOption") == "true"

 	plan, err := object.GetPlan(id)
 	if err != nil {
@@ -107,7 +107,7 @@ func (c *ApiController) GetPlan() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-plan [post]
 func (c *ApiController) UpdatePlan() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")
 	owner := util.GetOwnerFromId(id)
 	var plan object.Plan
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
--- a/controllers/pricing.go
+++ b/controllers/pricing.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +30,13 @@ import (
 // @Success 200 {array} object.Pricing The Response object
 // @router /get-pricings [get]
 func (c *ApiController) GetPricings() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		pricings, err := object.GetPricings(owner)
@@ -54,7 +54,7 @@ func (c *ApiController) GetPricings() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		pricing, err := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -73,7 +73,7 @@ func (c *ApiController) GetPricings() {
 // @Success 200 {object} object.Pricing The Response object
 // @router /get-pricing [get]
 func (c *ApiController) GetPricing() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	pricing, err := object.GetPricing(id)
 	if err != nil {
@@ -93,7 +93,7 @@ func (c *ApiController) GetPricing() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-pricing [post]
 func (c *ApiController) UpdatePricing() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var pricing object.Pricing
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -16,8 +16,10 @@ package controllers

 import (
 	"encoding/json"
+	"fmt"
+	"strconv"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +32,13 @@ import (
 // @Success 200 {array} object.Product The Response object
 // @router /get-products [get]
 func (c *ApiController) GetProducts() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		products, err := object.GetProducts(owner)
@@ -54,7 +56,7 @@ func (c *ApiController) GetProducts() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		products, err := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -73,7 +75,7 @@ func (c *ApiController) GetProducts() {
 // @Success 200 {object} object.Product The Response object
 // @router /get-product [get]
 func (c *ApiController) GetProduct() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	product, err := object.GetProduct(id)
 	if err != nil {
@@ -99,7 +101,7 @@ func (c *ApiController) GetProduct() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-product [post]
 func (c *ApiController) UpdateProduct() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var product object.Product
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &product)
@@ -149,3 +151,64 @@ func (c *ApiController) DeleteProduct() {
 	c.Data["json"] = wrapActionResponse(object.DeleteProduct(&product))
 	c.ServeJSON()
 }
+
+// BuyProduct
+// @Title BuyProduct
+// @Tag Product API
+// @Description buy product
+// @Param   id     query    string  true        "The id ( owner/name ) of the product"
+// @Param   providerName    query    string  true  "The name of the provider"
+// @Success 200 {object} controllers.Response The Response object
+// @router /buy-product [post]
+func (c *ApiController) BuyProduct() {
+	id := c.Input().Get("id")
+	host := c.Ctx.Request.Host
+	providerName := c.Input().Get("providerName")
+	paymentEnv := c.Input().Get("paymentEnv")
+	customPriceStr := c.Input().Get("customPrice")
+	if customPriceStr == "" {
+		customPriceStr = "0"
+	}
+
+	customPrice, err := strconv.ParseFloat(customPriceStr, 64)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	// buy `pricingName/planName` for `paidUserName`
+	pricingName := c.Input().Get("pricingName")
+	planName := c.Input().Get("planName")
+	paidUserName := c.Input().Get("userName")
+	owner, _ := util.GetOwnerAndNameFromId(id)
+	userId := util.GetId(owner, paidUserName)
+	if paidUserName != "" && !c.IsAdmin() {
+		c.ResponseError(c.T("general:Only admin user can specify user"))
+		return
+	}
+	if paidUserName == "" {
+		userId = c.GetSessionUsername()
+	}
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
+		return
+	}
+
+	user, err := object.GetUser(userId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	if user == nil {
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
+		return
+	}
+
+	payment, attachInfo, err := object.BuyProduct(id, user, providerName, pricingName, planName, host, paymentEnv, customPrice)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(payment, attachInfo)
+}
--- a/controllers/prometheus.go
+++ b/controllers/prometheus.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"github.com/casdoor/casdoor/object"
-	"github.com/prometheus/client_golang/prometheus/promhttp"
 )

 // GetPrometheusInfo
@@ -38,17 +37,3 @@ func (c *ApiController) GetPrometheusInfo() {

 	c.ResponseOk(prometheusInfo)
 }
-
-// GetMetrics
-// @Title GetMetrics
-// @Tag System API
-// @Description get Prometheus metrics
-// @Success 200 {string} Prometheus metrics in text format
-// @router /metrics [get]
-func (c *ApiController) GetMetrics() {
-	_, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-	promhttp.Handler().ServeHTTP(c.Ctx.ResponseWriter, c.Ctx.Request)
-}
--- a/controllers/provider.go
+++ b/controllers/provider.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +30,13 @@ import (
 // @Success 200 {array} object.Provider The Response object
 // @router /get-providers [get]
 func (c *ApiController) GetProviders() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	ok, isMaskEnabled := c.IsMaskedEnabled()
 	if !ok {
@@ -59,7 +59,7 @@ func (c *ApiController) GetProviders() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		paginationProviders, err := object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -78,12 +78,12 @@ func (c *ApiController) GetProviders() {
 // @Success 200 {array} object.Provider The Response object
 // @router /get-global-providers [get]
 func (c *ApiController) GetGlobalProviders() {
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	ok, isMaskEnabled := c.IsMaskedEnabled()
 	if !ok {
@@ -106,7 +106,7 @@ func (c *ApiController) GetGlobalProviders() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		paginationGlobalProviders, err := object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -126,7 +126,7 @@ func (c *ApiController) GetGlobalProviders() {
 // @Success 200 {object} object.Provider The Response object
 // @router /get-provider [get]
 func (c *ApiController) GetProvider() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	ok, isMaskEnabled := c.IsMaskedEnabled()
 	if !ok {
@@ -164,7 +164,7 @@ func (c *ApiController) requireProviderPermission(provider *object.Provider) boo
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-provider [post]
 func (c *ApiController) UpdateProvider() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var provider object.Provider
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &provider)
--- a/controllers/record.go
+++ b/controllers/record.go
@@ -19,7 +19,7 @@ import (

 	"github.com/casvisor/casvisor-go-sdk/casvisorsdk"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -38,13 +38,13 @@ func (c *ApiController) GetRecords() {
 		return
 	}

-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-	organizationName := c.Ctx.Input.Query("organizationName")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	organizationName := c.Input().Get("organizationName")

 	if limit == "" || page == "" {
 		records, err := object.GetRecords()
@@ -66,7 +66,7 @@ func (c *ApiController) GetRecords() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		records, err := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
 		if err != nil {
 			c.ResponseError(err.Error())
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -20,11 +20,10 @@ import (
 	"fmt"
 	"io"
 	"mime"
-	"path"
 	"path/filepath"
 	"strings"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -44,14 +43,14 @@ import (
 // @Success		200 		{array} 	object.Resource 	The Response object
 // @router /get-resources [get]
 func (c *ApiController) GetResources() {
-	owner := c.Ctx.Input.Query("owner")
-	user := c.Ctx.Input.Query("user")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	user := c.Input().Get("user")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	isOrgAdmin, ok := c.IsOrgAdmin()
 	if !ok {
@@ -93,7 +92,7 @@ func (c *ApiController) GetResources() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		resources, err := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -112,7 +111,7 @@ func (c *ApiController) GetResources() {
 // @Success 	200			{object}	object.Resource		The Response object
 // @router /get-resource [get]
 func (c *ApiController) GetResource() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	resource, err := object.GetResource(id)
 	if err != nil {
@@ -132,7 +131,7 @@ func (c *ApiController) GetResource() {
 // @Success 	200			{object}	controllers.Response					Success or error
 // @router /update-resource [post]
 func (c *ApiController) UpdateResource() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var resource object.Resource
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &resource)
@@ -178,11 +177,9 @@ func (c *ApiController) DeleteResource() {
 	}

 	if resource.Provider != "" {
-		inputs, _ := c.Input()
-		inputs.Set("provider", resource.Provider)
+		c.Input().Set("provider", resource.Provider)
 	}
-	inputs, _ := c.Input()
-	inputs.Set("fullFilePath", resource.Name)
+	c.Input().Set("fullFilePath", resource.Name)
 	provider, err := c.GetProviderFromContext("Storage")
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -190,11 +187,6 @@ func (c *ApiController) DeleteResource() {
 	}
 	_, resource.Name = refineFullFilePath(resource.Name)

-	tag := c.Ctx.Input.Query("tag")
-	if tag == "Direct" {
-		resource.Name = path.Join(provider.PathPrefix, resource.Name)
-	}
-
 	err = object.DeleteFile(provider, resource.Name, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -220,14 +212,14 @@ func (c *ApiController) DeleteResource() {
 // @Success   200             {object}  object.Resource  	FileUrl, objectKey
 // @router /upload-resource [post]
 func (c *ApiController) UploadResource() {
-	owner := c.Ctx.Input.Query("owner")
-	username := c.Ctx.Input.Query("user")
-	application := c.Ctx.Input.Query("application")
-	tag := c.Ctx.Input.Query("tag")
-	parent := c.Ctx.Input.Query("parent")
-	fullFilePath := c.Ctx.Input.Query("fullFilePath")
-	createdTime := c.Ctx.Input.Query("createdTime")
-	description := c.Ctx.Input.Query("description")
+	owner := c.Input().Get("owner")
+	username := c.Input().Get("user")
+	application := c.Input().Get("application")
+	tag := c.Input().Get("tag")
+	parent := c.Input().Get("parent")
+	fullFilePath := c.Input().Get("fullFilePath")
+	createdTime := c.Input().Get("createdTime")
+	description := c.Input().Get("description")

 	file, header, err := c.GetFile("file")
 	if err != nil {
@@ -366,7 +358,7 @@ func (c *ApiController) UploadResource() {
 		}

 		applicationObj.TermsOfUse = fileUrl
-		_, err = object.UpdateApplication(applicationId, applicationObj, true, c.GetAcceptLanguage())
+		_, err = object.UpdateApplication(applicationId, applicationObj)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
--- a/controllers/role.go
+++ b/controllers/role.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,13 +30,13 @@ import (
 // @Success 200 {array} object.Role The Response object
 // @router /get-roles [get]
 func (c *ApiController) GetRoles() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		roles, err := object.GetRoles(owner)
@@ -54,7 +54,7 @@ func (c *ApiController) GetRoles() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		roles, err := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -73,7 +73,7 @@ func (c *ApiController) GetRoles() {
 // @Success 200 {object} object.Role The Response object
 // @router /get-role [get]
 func (c *ApiController) GetRole() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	role, err := object.GetRole(id)
 	if err != nil {
@@ -93,7 +93,7 @@ func (c *ApiController) GetRole() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-role [post]
 func (c *ApiController) UpdateRole() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var role object.Role
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &role)
--- a/controllers/role_upload.go
+++ b/controllers/role_upload.go
@@ -24,11 +24,7 @@ import (

 func (c *ApiController) UploadRoles() {
 	userId := c.GetSessionUsername()
-	owner, user, err := util.GetOwnerAndNameFromIdWithError(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	owner, user := util.GetOwnerAndNameFromId(userId)

 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
@@ -53,6 +49,6 @@ func (c *ApiController) UploadRoles() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
+		c.ResponseError(c.T("user_upload:Failed to import users"))
 	}
 }
--- a/controllers/saml.go
+++ b/controllers/saml.go
@@ -17,14 +17,13 @@ package controllers
 import (
 	"fmt"
 	"net/http"
-	"net/url"

 	"github.com/casdoor/casdoor/object"
 )

 func (c *ApiController) GetSamlMeta() {
 	host := c.Ctx.Request.Host
-	paramApp := c.Ctx.Input.Query("application")
+	paramApp := c.Input().Get("application")
 	application, err := object.GetApplication(paramApp)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -58,13 +57,10 @@ func (c *ApiController) HandleSamlRedirect() {
 	owner := c.Ctx.Input.Param(":owner")
 	application := c.Ctx.Input.Param(":application")

-	relayState := c.Ctx.Input.Query("RelayState")
-	samlRequest := c.Ctx.Input.Query("SAMLRequest")
-	username := c.Ctx.Input.Query("username")
-	loginHint := c.Ctx.Input.Query("login_hint")
+	relayState := c.Input().Get("RelayState")
+	samlRequest := c.Input().Get("SAMLRequest")

-	relayState = url.QueryEscape(relayState)
-	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host, username, loginHint)
+	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host)

 	c.Redirect(targetURL, http.StatusSeeOther)
 }
--- a/controllers/service.go
+++ b/controllers/service.go
@@ -140,11 +140,8 @@ func (c *ApiController) SendEmail() {
 	}
 	content = strings.Replace(content, "%{user.friendlyName}", userString, 1)

-	matchContent := object.ResetLinkReg.Find([]byte(content))
-	content = strings.Replace(content, string(matchContent), "", -1)
-
 	for _, receiver := range emailForm.Receivers {
-		err = object.SendEmail(provider, emailForm.Title, content, []string{receiver}, emailForm.Sender)
+		err = object.SendEmail(provider, emailForm.Title, content, receiver, emailForm.Sender)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
--- a/controllers/session.go
+++ b/controllers/session.go
@@ -15,11 +15,9 @@
 package controllers

 import (
-	"context"
 	"encoding/json"
-	"fmt"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -32,13 +30,13 @@ import (
 // @Success 200 {array} string The Response object
 // @router /get-sessions [get]
 func (c *ApiController) GetSessions() {
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-	owner := c.Ctx.Input.Query("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	owner := c.Input().Get("owner")

 	if limit == "" || page == "" {
 		sessions, err := object.GetSessions(owner)
@@ -55,7 +53,7 @@ func (c *ApiController) GetSessions() {
 			c.ResponseError(err.Error())
 			return
 		}
-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		sessions, err := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -70,11 +68,11 @@ func (c *ApiController) GetSessions() {
 // @Title GetSingleSession
 // @Tag Session API
 // @Description Get session for one user in one application.
-// @Param   sessionPkId     query    string  true        "The session ID in format: organization/user/application (e.g., built-in/admin/app-built-in)"
+// @Param   id     query    string  true        "The id(organization/application/user) of session"
 // @Success 200 {array} string The Response object
 // @router /get-session [get]
 func (c *ApiController) GetSingleSession() {
-	id := c.Ctx.Input.Query("sessionPkId")
+	id := c.Input().Get("sessionPkId")

 	session, err := object.GetSingleSession(id)
 	if err != nil {
@@ -89,8 +87,8 @@ func (c *ApiController) GetSingleSession() {
 // @Title UpdateSession
 // @Tag Session API
 // @Description Update session for one user in one application.
-// @Param   body     body    object.Session  true        "The session object to update"
-// @Success 200 {object} controllers.Response The Response object
+// @Param   id     query    string  true        "The id(organization/application/user) of session"
+// @Success 200 {array} string The Response object
 // @router /update-session [post]
 func (c *ApiController) UpdateSession() {
 	var session object.Session
@@ -108,8 +106,9 @@ func (c *ApiController) UpdateSession() {
 // @Title AddSession
 // @Tag Session API
 // @Description Add session for one user in one application. If there are other existing sessions, join the session into the list.
-// @Param   body     body    object.Session  true        "The session object to add"
-// @Success 200 {object} controllers.Response The Response object
+// @Param   id     query    string  true        "The id(organization/application/user) of session"
+// @Param   sessionId     query    string  true        "sessionId to be added"
+// @Success 200 {array} string The Response object
 // @router /add-session [post]
 func (c *ApiController) AddSession() {
 	var session object.Session
@@ -127,8 +126,8 @@ func (c *ApiController) AddSession() {
 // @Title DeleteSession
 // @Tag Session API
 // @Description Delete session for one user in one application.
-// @Param   body     body    object.Session  true        "The session object to delete"
-// @Success 200 {object} controllers.Response The Response object
+// @Param   id     query    string  true        "The id(organization/application/user) of session"
+// @Success 200 {array} string The Response object
 // @router /delete-session [post]
 func (c *ApiController) DeleteSession() {
 	var session object.Session
@@ -138,21 +137,7 @@ func (c *ApiController) DeleteSession() {
 		return
 	}

-	curSessionId := c.Ctx.Input.CruSession.SessionID(context.Background())
-
-	sessionId := c.Ctx.Input.Query("sessionId")
-	if curSessionId == sessionId && sessionId != "" {
-		c.ResponseError(fmt.Sprintf(c.T("session:session id %s is the current session and cannot be deleted"), curSessionId))
-		return
-	}
-
-	if sessionId != "" {
-		c.Data["json"] = wrapActionResponse(object.DeleteSessionId(util.GetSessionId(session.Owner, session.Name, session.Application), sessionId))
-		c.ServeJSON()
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteSession(util.GetSessionId(session.Owner, session.Name, session.Application), curSessionId))
+	c.Data["json"] = wrapActionResponse(object.DeleteSession(util.GetSessionId(session.Owner, session.Name, session.Application)))
 	c.ServeJSON()
 }

@@ -160,13 +145,13 @@ func (c *ApiController) DeleteSession() {
 // @Title IsSessionDuplicated
 // @Tag Session API
 // @Description Check if there are other different sessions for one user in one application.
-// @Param   sessionPkId     query    string  true        "The session ID in format: organization/user/application (e.g., built-in/admin/app-built-in)"
-// @Param   sessionId     query    string  true        "The specific session ID to check"
+// @Param   id     query    string  true        "The id(organization/application/user) of session"
+// @Param   sessionId     query    string  true        "sessionId to be checked"
 // @Success 200 {array} string The Response object
 // @router /is-session-duplicated [get]
 func (c *ApiController) IsSessionDuplicated() {
-	id := c.Ctx.Input.Query("sessionPkId")
-	sessionId := c.Ctx.Input.Query("sessionId")
+	id := c.Input().Get("sessionPkId")
+	sessionId := c.Input().Get("sessionId")

 	isUserSessionDuplicated, err := object.IsSessionDuplicated(id, sessionId)
 	if err != nil {
--- a/controllers/subscription.go
+++ b/controllers/subscription.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,35 +30,16 @@ import (
 // @Success 200 {array} object.Subscription The Response object
 // @router /get-subscriptions [get]
 func (c *ApiController) GetSubscriptions() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
-		var subscriptions []*object.Subscription
-		var err error
-
-		if c.IsAdmin() {
-			// If field is "user", filter by that user even for admins
-			if field == "user" && value != "" {
-				subscriptions, err = object.GetSubscriptionsByUser(owner, value)
-			} else {
-				subscriptions, err = object.GetSubscriptions(owner)
-			}
-		} else {
-			user := c.GetSessionUsername()
-			_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-			if userErr != nil {
-				c.ResponseError(userErr.Error())
-				return
-			}
-			subscriptions, err = object.GetSubscriptionsByUser(owner, userName)
-		}
-
+		subscriptions, err := object.GetSubscriptions(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -67,23 +48,13 @@ func (c *ApiController) GetSubscriptions() {
 		c.ResponseOk(subscriptions)
 	} else {
 		limit := util.ParseInt(limit)
-		if !c.IsAdmin() {
-			user := c.GetSessionUsername()
-			_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-			if userErr != nil {
-				c.ResponseError(userErr.Error())
-				return
-			}
-			field = "user"
-			value = userName
-		}
 		count, err := object.GetSubscriptionCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		subscription, err := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -102,7 +73,7 @@ func (c *ApiController) GetSubscriptions() {
 // @Success 200 {object} object.Subscription The Response object
 // @router /get-subscription [get]
 func (c *ApiController) GetSubscription() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	subscription, err := object.GetSubscription(id)
 	if err != nil {
@@ -122,7 +93,7 @@ func (c *ApiController) GetSubscription() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-subscription [post]
 func (c *ApiController) UpdateSubscription() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var subscription object.Subscription
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@@ -16,9 +16,8 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -31,14 +30,14 @@ import (
 // @Success 200 {array} object.Syncer The Response object
 // @router /get-syncers [get]
 func (c *ApiController) GetSyncers() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-	organization := c.Ctx.Input.Query("organization")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")

 	if limit == "" || page == "" {
 		syncers, err := object.GetMaskedSyncers(object.GetOrganizationSyncers(owner, organization))
@@ -56,7 +55,7 @@ func (c *ApiController) GetSyncers() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		syncers, err := object.GetMaskedSyncers(object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -75,7 +74,7 @@ func (c *ApiController) GetSyncers() {
 // @Success 200 {object} object.Syncer The Response object
 // @router /get-syncer [get]
 func (c *ApiController) GetSyncer() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	syncer, err := object.GetMaskedSyncer(object.GetSyncer(id))
 	if err != nil {
@@ -95,7 +94,7 @@ func (c *ApiController) GetSyncer() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-syncer [post]
 func (c *ApiController) UpdateSyncer() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var syncer object.Syncer
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &syncer)
@@ -104,7 +103,7 @@ func (c *ApiController) UpdateSyncer() {
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.UpdateSyncer(id, &syncer, c.IsGlobalAdmin(), c.GetAcceptLanguage()))
+	c.Data["json"] = wrapActionResponse(object.UpdateSyncer(id, &syncer))
 	c.ServeJSON()
 }

@@ -154,16 +153,12 @@ func (c *ApiController) DeleteSyncer() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /run-syncer [get]
 func (c *ApiController) RunSyncer() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")
 	syncer, err := object.GetSyncer(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if syncer == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The syncer: %s does not exist"), id))
-		return
-	}

 	err = object.RunSyncer(syncer)
 	if err != nil {
@@ -182,7 +177,7 @@ func (c *ApiController) TestSyncerDb() {
 		return
 	}

-	err = object.TestSyncer(syncer)
+	err = object.TestSyncerDb(syncer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@@ -15,10 +15,7 @@
 package controllers

 import (
-	"errors"
-
 	"github.com/casdoor/casdoor/util"
-	"github.com/go-git/go-git/v5"
 )

 // GetSystemInfo
@@ -49,10 +46,10 @@ func (c *ApiController) GetSystemInfo() {
 // @Success 200 {object} util.VersionInfo The Response object
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
+	errInfo := ""
 	versionInfo, err := util.GetVersionInfo()
-	if err != nil && !errors.Is(err, git.ErrRepositoryNotExists) {
-		c.ResponseError(err.Error())
-		return
+	if err != nil {
+		errInfo = "Git error: " + err.Error()
 	}

 	if versionInfo.Version != "" {
@@ -60,7 +57,14 @@ func (c *ApiController) GetVersionInfo() {
 		return
 	}

-	c.ResponseOk(util.GetBuiltInVersionInfo())
+	versionInfo, err = util.GetVersionInfoFromFile()
+	if err != nil {
+		errInfo = errInfo + ", File error: " + err.Error()
+		c.ResponseError(errInfo)
+		return
+	}
+
+	c.ResponseOk(versionInfo)
 }

 // Health
--- a/controllers/ticket.go
+++ b/controllers/ticket.go
@@ -1,271 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/v2/core/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetTickets
-// @Title GetTickets
-// @Tag Ticket API
-// @Description get tickets
-// @Param   owner     query    string  true        "The owner of tickets"
-// @Success 200 {array} object.Ticket The Response object
-// @router /get-tickets [get]
-func (c *ApiController) GetTickets() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-
-	user := c.getCurrentUser()
-	isAdmin := c.IsAdmin()
-
-	var tickets []*object.Ticket
-	var err error
-
-	if limit == "" || page == "" {
-		if isAdmin {
-			tickets, err = object.GetTickets(owner)
-		} else {
-			tickets, err = object.GetUserTickets(owner, user.GetId())
-		}
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(tickets)
-	} else {
-		limit := util.ParseInt(limit)
-		var count int64
-
-		if isAdmin {
-			count, err = object.GetTicketCount(owner, field, value)
-		} else {
-			// For non-admin users, only show their own tickets
-			tickets, err = object.GetUserTickets(owner, user.GetId())
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			count = int64(len(tickets))
-		}
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
-
-		if isAdmin {
-			tickets, err = object.GetPaginationTickets(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		}
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(tickets, paginator.Nums())
-	}
-}
-
-// GetTicket
-// @Title GetTicket
-// @Tag Ticket API
-// @Description get ticket
-// @Param   id     query    string  true        "The id ( owner/name ) of the ticket"
-// @Success 200 {object} object.Ticket The Response object
-// @router /get-ticket [get]
-func (c *ApiController) GetTicket() {
-	id := c.Ctx.Input.Query("id")
-
-	ticket, err := object.GetTicket(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	// Check permission: user can only view their own tickets unless they are admin
-	user := c.getCurrentUser()
-	isAdmin := c.IsAdmin()
-
-	if ticket != nil && !isAdmin && ticket.User != user.GetId() {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	c.ResponseOk(ticket)
-}
-
-// UpdateTicket
-// @Title UpdateTicket
-// @Tag Ticket API
-// @Description update ticket
-// @Param   id     query    string  true        "The id ( owner/name ) of the ticket"
-// @Param   body    body   object.Ticket  true        "The details of the ticket"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-ticket [post]
-func (c *ApiController) UpdateTicket() {
-	id := c.Ctx.Input.Query("id")
-
-	var ticket object.Ticket
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ticket)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	// Check permission
-	user := c.getCurrentUser()
-	isAdmin := c.IsAdmin()
-
-	existingTicket, err := object.GetTicket(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if existingTicket == nil {
-		c.ResponseError(c.T("ticket:Ticket not found"))
-		return
-	}
-
-	// Normal users can only close their own tickets
-	if !isAdmin {
-		if existingTicket.User != user.GetId() {
-			c.ResponseError(c.T("auth:Unauthorized operation"))
-			return
-		}
-		// Normal users can only change state to "Closed"
-		if ticket.State != "Closed" && ticket.State != existingTicket.State {
-			c.ResponseError(c.T("auth:Unauthorized operation"))
-			return
-		}
-		// Preserve original fields that users shouldn't modify
-		ticket.Owner = existingTicket.Owner
-		ticket.Name = existingTicket.Name
-		ticket.User = existingTicket.User
-		ticket.CreatedTime = existingTicket.CreatedTime
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateTicket(id, &ticket))
-	c.ServeJSON()
-}
-
-// AddTicket
-// @Title AddTicket
-// @Tag Ticket API
-// @Description add ticket
-// @Param   body    body   object.Ticket  true        "The details of the ticket"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-ticket [post]
-func (c *ApiController) AddTicket() {
-	var ticket object.Ticket
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ticket)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	// Set the user field to the current user
-	user := c.getCurrentUser()
-	ticket.User = user.GetId()
-
-	c.Data["json"] = wrapActionResponse(object.AddTicket(&ticket))
-	c.ServeJSON()
-}
-
-// DeleteTicket
-// @Title DeleteTicket
-// @Tag Ticket API
-// @Description delete ticket
-// @Param   body    body   object.Ticket  true        "The details of the ticket"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-ticket [post]
-func (c *ApiController) DeleteTicket() {
-	var ticket object.Ticket
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ticket)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	// Only admins can delete tickets
-	if !c.IsAdmin() {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteTicket(&ticket))
-	c.ServeJSON()
-}
-
-// AddTicketMessage
-// @Title AddTicketMessage
-// @Tag Ticket API
-// @Description add a message to a ticket
-// @Param   id     query    string  true        "The id ( owner/name ) of the ticket"
-// @Param   body    body   object.TicketMessage  true        "The message to add"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-ticket-message [post]
-func (c *ApiController) AddTicketMessage() {
-	id := c.Ctx.Input.Query("id")
-
-	var message object.TicketMessage
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	// Check permission
-	user := c.getCurrentUser()
-	isAdmin := c.IsAdmin()
-
-	ticket, err := object.GetTicket(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if ticket == nil {
-		c.ResponseError(c.T("ticket:Ticket not found"))
-		return
-	}
-
-	// Users can only add messages to their own tickets, admins can add to any ticket
-	if !isAdmin && ticket.User != user.GetId() {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	// Set the author and admin flag
-	message.Author = user.GetId()
-	message.IsAdmin = isAdmin
-
-	c.Data["json"] = wrapActionResponse(object.AddTicketMessage(id, &message))
-	c.ServeJSON()
-}
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -16,10 +16,9 @@ package controllers

 import (
 	"encoding/json"
-	"fmt"
 	"time"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -28,20 +27,20 @@ import (
 // @Title GetTokens
 // @Tag Token API
 // @Description get tokens
-// @Param   owner     query    string  true        "The organization name (e.g., built-in)"
+// @Param   owner     query    string  true        "The owner of tokens"
 // @Param   pageSize     query    string  true        "The size of each page"
 // @Param   p     query    string  true        "The number of the page"
 // @Success 200 {array} object.Token The Response object
 // @router /get-tokens [get]
 func (c *ApiController) GetTokens() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-	organization := c.Ctx.Input.Query("organization")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
 		token, err := object.GetTokens(owner, organization)
 		if err != nil {
@@ -58,7 +57,7 @@ func (c *ApiController) GetTokens() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		tokens, err := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -73,11 +72,11 @@ func (c *ApiController) GetTokens() {
 // @Title GetToken
 // @Tag Token API
 // @Description get token
-// @Param   id     query    string  true        "The token ID in format: organization/token-name (e.g., built-in/token-123456)"
+// @Param   id     query    string  true        "The id ( owner/name ) of token"
 // @Success 200 {object} object.Token The Response object
 // @router /get-token [get]
 func (c *ApiController) GetToken() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")
 	token, err := object.GetToken(id)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -91,12 +90,12 @@ func (c *ApiController) GetToken() {
 // @Title UpdateToken
 // @Tag Token API
 // @Description update token
-// @Param   id     query    string  true        "The token ID in format: organization/token-name (e.g., built-in/token-123456)"
+// @Param   id     query    string  true        "The id ( owner/name ) of token"
 // @Param   body    body   object.Token  true        "Details of the token"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-token [post]
 func (c *ApiController) UpdateToken() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var token object.Token
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &token)
@@ -105,7 +104,7 @@ func (c *ApiController) UpdateToken() {
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.UpdateToken(id, &token, c.IsGlobalAdmin()))
+	c.Data["json"] = wrapActionResponse(object.UpdateToken(id, &token))
 	c.ServeJSON()
 }

@@ -160,19 +159,19 @@ func (c *ApiController) DeleteToken() {
 // @Success 401 {object} object.TokenError The Response object
 // @router /login/oauth/access_token [post]
 func (c *ApiController) GetOAuthToken() {
-	clientId := c.Ctx.Input.Query("client_id")
-	clientSecret := c.Ctx.Input.Query("client_secret")
-	grantType := c.Ctx.Input.Query("grant_type")
-	code := c.Ctx.Input.Query("code")
-	verifier := c.Ctx.Input.Query("code_verifier")
-	scope := c.Ctx.Input.Query("scope")
-	nonce := c.Ctx.Input.Query("nonce")
-	username := c.Ctx.Input.Query("username")
-	password := c.Ctx.Input.Query("password")
-	tag := c.Ctx.Input.Query("tag")
-	avatar := c.Ctx.Input.Query("avatar")
-	refreshToken := c.Ctx.Input.Query("refresh_token")
-	deviceCode := c.Ctx.Input.Query("device_code")
+	clientId := c.Input().Get("client_id")
+	clientSecret := c.Input().Get("client_secret")
+	grantType := c.Input().Get("grant_type")
+	code := c.Input().Get("code")
+	verifier := c.Input().Get("code_verifier")
+	scope := c.Input().Get("scope")
+	nonce := c.Input().Get("nonce")
+	username := c.Input().Get("username")
+	password := c.Input().Get("password")
+	tag := c.Input().Get("tag")
+	avatar := c.Input().Get("avatar")
+	refreshToken := c.Input().Get("refresh_token")
+	deviceCode := c.Input().Get("device_code")

 	if clientId == "" && clientSecret == "" {
 		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
@@ -288,11 +287,11 @@ func (c *ApiController) GetOAuthToken() {
 // @Success 401 {object} object.TokenError The Response object
 // @router /login/oauth/refresh_token [post]
 func (c *ApiController) RefreshToken() {
-	grantType := c.Ctx.Input.Query("grant_type")
-	refreshToken := c.Ctx.Input.Query("refresh_token")
-	scope := c.Ctx.Input.Query("scope")
-	clientId := c.Ctx.Input.Query("client_id")
-	clientSecret := c.Ctx.Input.Query("client_secret")
+	grantType := c.Input().Get("grant_type")
+	refreshToken := c.Input().Get("refresh_token")
+	scope := c.Input().Get("scope")
+	clientId := c.Input().Get("client_id")
+	clientSecret := c.Input().Get("client_secret")
 	host := c.Ctx.Request.Host

 	if clientId == "" {
@@ -342,11 +341,11 @@ func (c *ApiController) ResponseTokenError(errorMsg string) {
 // @Success 401 {object} object.TokenError The Response object
 // @router /login/oauth/introspect [post]
 func (c *ApiController) IntrospectToken() {
-	tokenValue := c.Ctx.Input.Query("token")
+	tokenValue := c.Input().Get("token")
 	clientId, clientSecret, ok := c.Ctx.Request.BasicAuth()
 	if !ok {
-		clientId = c.Ctx.Input.Query("client_id")
-		clientSecret = c.Ctx.Input.Query("client_secret")
+		clientId = c.Input().Get("client_id")
+		clientSecret = c.Input().Get("client_secret")
 		if clientId == "" || clientSecret == "" {
 			c.ResponseTokenError(object.InvalidRequest)
 			return
@@ -369,7 +368,7 @@ func (c *ApiController) IntrospectToken() {
 		c.ServeJSON()
 	}

-	tokenTypeHint := c.Ctx.Input.Query("token_type_hint")
+	tokenTypeHint := c.Input().Get("token_type_hint")
 	var token *object.Token
 	if tokenTypeHint != "" {
 		token, err = object.GetTokenByTokenValue(tokenValue, tokenTypeHint)
@@ -461,18 +460,7 @@ func (c *ApiController) IntrospectToken() {
 	}

 	if token != nil {
-		application, err = object.GetApplication(fmt.Sprintf("%s/%s", token.Owner, token.Application))
-		if err != nil {
-			c.ResponseTokenError(err.Error())
-			return
-		}
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), token.Application))
-			return
-		}
-
 		introspectionResponse.TokenType = token.TokenType
-		introspectionResponse.ClientId = application.ClientId
 	}

 	c.Data["json"] = introspectionResponse
--- a/controllers/transaction.go
+++ b/controllers/transaction.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -30,35 +30,16 @@ import (
 // @Success 200 {array} object.Transaction The Response object
 // @router /get-transactions [get]
 func (c *ApiController) GetTransactions() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
-		var transactions []*object.Transaction
-		var err error
-
-		if c.IsAdmin() {
-			// If field is "user", filter by that user even for admins
-			if field == "user" && value != "" {
-				transactions, err = object.GetUserTransactions(owner, value)
-			} else {
-				transactions, err = object.GetTransactions(owner)
-			}
-		} else {
-			user := c.GetSessionUsername()
-			_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-			if userErr != nil {
-				c.ResponseError(userErr.Error())
-				return
-			}
-			transactions, err = object.GetUserTransactions(owner, userName)
-		}
-
+		transactions, err := object.GetTransactions(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -67,26 +48,13 @@ func (c *ApiController) GetTransactions() {
 		c.ResponseOk(transactions)
 	} else {
 		limit := util.ParseInt(limit)
-
-		// Apply user filter for non-admin users
-		if !c.IsAdmin() {
-			user := c.GetSessionUsername()
-			_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-			if userErr != nil {
-				c.ResponseError(userErr.Error())
-				return
-			}
-			field = "user"
-			value = userName
-		}
-
 		count, err := object.GetTransactionCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		transactions, err := object.GetPaginationTransactions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -97,6 +65,28 @@ func (c *ApiController) GetTransactions() {
 	}
 }

+// GetUserTransactions
+// @Title GetUserTransaction
+// @Tag Transaction API
+// @Description get transactions for a user
+// @Param   owner     query    string  true        "The owner of transactions"
+// @Param   organization    query   string  true   "The organization of the user"
+// @Param   user    query   string  true           "The username of the user"
+// @Success 200 {array} object.Transaction The Response object
+// @router /get-user-transactions [get]
+func (c *ApiController) GetUserTransactions() {
+	owner := c.Input().Get("owner")
+	user := c.Input().Get("user")
+
+	transactions, err := object.GetUserTransactions(owner, user)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(transactions)
+}
+
 // GetTransaction
 // @Title GetTransaction
 // @Tag Transaction API
@@ -105,7 +95,7 @@ func (c *ApiController) GetTransactions() {
 // @Success 200 {object} object.Transaction The Response object
 // @router /get-transaction [get]
 func (c *ApiController) GetTransaction() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	transaction, err := object.GetTransaction(id)
 	if err != nil {
@@ -113,27 +103,6 @@ func (c *ApiController) GetTransaction() {
 		return
 	}

-	if transaction == nil {
-		c.ResponseOk(nil)
-		return
-	}
-
-	// Check if non-admin user is trying to access someone else's transaction
-	if !c.IsAdmin() {
-		user := c.GetSessionUsername()
-		_, userName, userErr := util.GetOwnerAndNameFromIdWithError(user)
-		if userErr != nil {
-			c.ResponseError(userErr.Error())
-			return
-		}
-
-		// Only allow users to view their own transactions
-		if transaction.User != userName {
-			c.ResponseError(c.T("auth:Unauthorized operation"))
-			return
-		}
-	}
-
 	c.ResponseOk(transaction)
 }

@@ -146,7 +115,7 @@ func (c *ApiController) GetTransaction() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-transaction [post]
 func (c *ApiController) UpdateTransaction() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var transaction object.Transaction
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &transaction)
@@ -155,7 +124,7 @@ func (c *ApiController) UpdateTransaction() {
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.UpdateTransaction(id, &transaction, c.GetAcceptLanguage()))
+	c.Data["json"] = wrapActionResponse(object.UpdateTransaction(id, &transaction))
 	c.ServeJSON()
 }

@@ -164,7 +133,6 @@ func (c *ApiController) UpdateTransaction() {
 // @Tag Transaction API
 // @Description add transaction
 // @Param   body    body   object.Transaction  true        "The details of the transaction"
-// @Param   dryRun  query  string  false       "Dry run mode: set to 'true' or '1' to validate without committing"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-transaction [post]
 func (c *ApiController) AddTransaction() {
@@ -175,22 +143,8 @@ func (c *ApiController) AddTransaction() {
 		return
 	}

-	dryRunParam := c.Ctx.Input.Query("dryRun")
-	dryRun := dryRunParam != ""
-
-	affected, transactionId, err := object.AddTransaction(&transaction, c.GetAcceptLanguage(), dryRun)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if !affected {
-		c.Data["json"] = wrapActionResponse(false)
-		c.ServeJSON()
-		return
-	}
-
-	c.ResponseOk(transactionId)
+	c.Data["json"] = wrapActionResponse(object.AddTransaction(&transaction))
+	c.ServeJSON()
 }

 // DeleteTransaction
@@ -208,6 +162,6 @@ func (c *ApiController) DeleteTransaction() {
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.DeleteTransaction(&transaction, c.GetAcceptLanguage()))
+	c.Data["json"] = wrapActionResponse(object.DeleteTransaction(&transaction))
 	c.ServeJSON()
 }
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -19,7 +19,7 @@ import (
 	"fmt"
 	"strings"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -32,12 +32,12 @@ import (
 // @Success 200 {array} object.User The Response object
 // @router /get-global-users [get]
 func (c *ApiController) GetGlobalUsers() {
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		users, err := object.GetMaskedUsers(object.GetGlobalUsers())
@@ -55,7 +55,7 @@ func (c *ApiController) GetGlobalUsers() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		users, err := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -80,14 +80,14 @@ func (c *ApiController) GetGlobalUsers() {
 // @Success 200 {array} object.User The Response object
 // @router /get-users [get]
 func (c *ApiController) GetUsers() {
-	owner := c.Ctx.Input.Query("owner")
-	groupName := c.Ctx.Input.Query("groupName")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
+	owner := c.Input().Get("owner")
+	groupName := c.Input().Get("groupName")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
 		if groupName != "" {
@@ -115,7 +115,7 @@ func (c *ApiController) GetUsers() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		users, err := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder, groupName)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -144,11 +144,11 @@ func (c *ApiController) GetUsers() {
 // @Success 200 {object} object.User The Response object
 // @router /get-user [get]
 func (c *ApiController) GetUser() {
-	id := c.Ctx.Input.Query("id")
-	email := c.Ctx.Input.Query("email")
-	phone := c.Ctx.Input.Query("phone")
-	userId := c.Ctx.Input.Query("userId")
-	owner := c.Ctx.Input.Query("owner")
+	id := c.Input().Get("id")
+	email := c.Input().Get("email")
+	phone := c.Input().Get("phone")
+	userId := c.Input().Get("userId")
+	owner := c.Input().Get("owner")
 	var err error
 	var userFromUserId *object.User
 	if userId != "" && owner != "" {
@@ -252,17 +252,13 @@ func (c *ApiController) GetUser() {
 // @Title UpdateUser
 // @Tag User API
 // @Description update user
-// @Param   id     query    string  false        "The id ( owner/name ) of the user"
-// @Param   userId query    string  false        "The userId (UUID) of the user"
-// @Param   owner  query    string  false        "The owner of the user (required when using userId)"
+// @Param   id     query    string  true        "The id ( owner/name ) of the user"
 // @Param   body    body   object.User  true        "The details of the user"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-user [post]
 func (c *ApiController) UpdateUser() {
-	id := c.Ctx.Input.Query("id")
-	userId := c.Ctx.Input.Query("userId")
-	owner := c.Ctx.Input.Query("owner")
-	columnsStr := c.Ctx.Input.Query("columns")
+	id := c.Input().Get("id")
+	columnsStr := c.Input().Get("columns")

 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
@@ -271,38 +267,17 @@ func (c *ApiController) UpdateUser() {
 		return
 	}

-	if id == "" && userId == "" {
+	if id == "" {
 		id = c.GetSessionUsername()
 		if id == "" {
 			c.ResponseError(c.T("general:Missing parameter"))
 			return
 		}
 	}
-
-	var userFromUserId *object.User
-	if userId != "" && owner != "" {
-		userFromUserId, err = object.GetUserByUserId(owner, userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if userFromUserId == nil {
-			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-			return
-		}
-
-		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
-	}
-
-	var oldUser *object.User
-	if userId != "" {
-		oldUser = userFromUserId
-	} else {
-		oldUser, err = object.GetUser(id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	oldUser, err := object.GetUser(id)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
 	}

 	if oldUser == nil {
@@ -336,7 +311,7 @@ func (c *ApiController) UpdateUser() {
 	}

 	isAdmin := c.IsAdmin()
-	allowDisplayNameEmpty := c.Ctx.Input.Query("allowEmpty") != ""
+	allowDisplayNameEmpty := c.Input().Get("allowEmpty") != ""
 	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, allowDisplayNameEmpty, c.GetAcceptLanguage()); !pass {
 		c.ResponseError(err)
 		return
@@ -392,17 +367,6 @@ func (c *ApiController) AddUser() {
 		return
 	}

-	// Set RegisterSource based on the current user if not already set
-	if user.RegisterType == "" {
-		user.RegisterType = "Add User"
-	}
-	if user.RegisterSource == "" {
-		currentUser := c.getCurrentUser()
-		if currentUser != nil {
-			user.RegisterSource = currentUser.GetId()
-		}
-	}
-
 	c.Data["json"] = wrapActionResponse(object.AddUser(&user, c.GetAcceptLanguage()))
 	c.ServeJSON()
 }
@@ -500,6 +464,11 @@ func (c *ApiController) SetPassword() {
 	//	return
 	// }

+	if strings.Contains(newPassword, " ") {
+		c.ResponseError(c.T("user:New password cannot contain blank space."))
+		return
+	}
+
 	userId := util.GetId(userOwner, userName)

 	user, err := object.GetUser(userId)
@@ -512,41 +481,6 @@ func (c *ApiController) SetPassword() {
 		return
 	}

-	// Get organization to check for password obfuscation settings
-	organization, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if organization == nil {
-		c.ResponseError(fmt.Sprintf(c.T("auth:the organization: %s is not found"), user.Owner))
-		return
-	}
-
-	// Deobfuscate passwords if organization has password obfuscator configured
-	// Note: Deobfuscation is optional - if it fails, we treat the password as plain text
-	// This allows SDKs and raw HTTP API calls to work without obfuscation support
-	if organization.PasswordObfuscatorType != "" && organization.PasswordObfuscatorType != "Plain" {
-		if oldPassword != "" {
-			deobfuscatedOldPassword, deobfuscateErr := util.GetUnobfuscatedPassword(organization.PasswordObfuscatorType, organization.PasswordObfuscatorKey, oldPassword)
-			if deobfuscateErr == nil {
-				oldPassword = deobfuscatedOldPassword
-			}
-		}
-
-		if newPassword != "" {
-			deobfuscatedNewPassword, deobfuscateErr := util.GetUnobfuscatedPassword(organization.PasswordObfuscatorType, organization.PasswordObfuscatorKey, newPassword)
-			if deobfuscateErr == nil {
-				newPassword = deobfuscatedNewPassword
-			}
-		}
-	}
-
-	if strings.Contains(newPassword, " ") {
-		c.ResponseError(c.T("user:New password cannot contain blank space."))
-		return
-	}
-
 	requestUserId := c.GetSessionUsername()
 	if requestUserId == "" && code == "" {
 		c.ResponseError(c.T("general:Please login first"), "Please login first")
@@ -590,28 +524,30 @@ func (c *ApiController) SetPassword() {
 			}
 		}
 	} else if code == "" {
-		if targetUser.Password != "" || user.Ldap != "" {
-			if user.Ldap == "" {
-				err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-			} else {
-				err = object.CheckLdapUserPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-			}
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
+		if user.Ldap == "" {
+			err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
+		} else {
+			err = object.CheckLdapUserPassword(targetUser, oldPassword, c.GetAcceptLanguage())
+		}
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
 		}
 	}

-	msg := object.CheckPasswordComplexity(targetUser, newPassword, c.GetAcceptLanguage())
+	msg := object.CheckPasswordComplexity(targetUser, newPassword)
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}

-	// Check if the new password is the same as the current password
-	if !object.CheckPasswordNotSameAsCurrent(targetUser, newPassword, organization) {
-		c.ResponseError(c.T("user:The new password must be different from your current password"))
+	organization, err := object.GetOrganizationByUser(targetUser)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	if organization == nil {
+		c.ResponseError(fmt.Sprintf(c.T("auth:the organization: %s is not found"), targetUser.Owner))
 		return
 	}

@@ -638,7 +574,7 @@ func (c *ApiController) SetPassword() {
 	targetUser.LastChangePasswordTime = util.GetCurrentTime()

 	if user.Ldap == "" {
-		_, err = object.UpdateUser(userId, targetUser, []string{"password", "password_salt", "need_update_password", "password_type", "last_change_password_time"}, false)
+		_, err = object.UpdateUser(userId, targetUser, []string{"password", "need_update_password", "password_type", "last_change_password_time"}, false)
 	} else {
 		if isAdmin {
 			err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage())
@@ -690,9 +626,9 @@ func (c *ApiController) CheckUserPassword() {
 // @Success 200 {array} object.User The Response object
 // @router /get-sorted-users [get]
 func (c *ApiController) GetSortedUsers() {
-	owner := c.Ctx.Input.Query("owner")
-	sorter := c.Ctx.Input.Query("sorter")
-	limit := util.ParseInt(c.Ctx.Input.Query("limit"))
+	owner := c.Input().Get("owner")
+	sorter := c.Input().Get("sorter")
+	limit := util.ParseInt(c.Input().Get("limit"))

 	users, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
 	if err != nil {
@@ -712,8 +648,8 @@ func (c *ApiController) GetSortedUsers() {
 // @Success 200 {int} int The count of filtered users for an organization
 // @router /get-user-count [get]
 func (c *ApiController) GetUserCount() {
-	owner := c.Ctx.Input.Query("owner")
-	isOnline := c.Ctx.Input.Query("isOnline")
+	owner := c.Input().Get("owner")
+	isOnline := c.Input().Get("isOnline")

 	var count int64
 	var err error
@@ -777,205 +713,3 @@ func (c *ApiController) RemoveUserFromGroup() {

 	c.ResponseOk(affected)
 }
-
-// ImpersonateUser
-// @Title ImpersonateUser
-// @Tag User API
-// @Description set impersonation user for current admin session
-// @Param   username    formData   string  true        "The username to impersonate (owner/name)"
-// @Success 200 {object} controllers.Response The Response object
-// @router /impersonation-user [post]
-func (c *ApiController) ImpersonateUser() {
-	org, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
-	username := c.Ctx.Request.Form.Get("username")
-	if username == "" {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	owner, _, err := util.GetOwnerAndNameFromIdWithError(username)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if !(owner == org || org == "") {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	targetUser, err := object.GetUser(username)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if targetUser == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), username))
-		return
-	}
-
-	err = c.SetSession("impersonateUser", username)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Ctx.SetCookie("impersonateUser", username, 0, "/")
-	c.ResponseOk()
-}
-
-// ExitImpersonateUser
-// @Title ExitImpersonateUser
-// @Tag User API
-// @Description clear impersonation info for current session
-// @Success 200 {object} controllers.Response The Response object
-// @router /exit-impersonation-user [post]
-func (c *ApiController) ExitImpersonateUser() {
-	_, ok := c.Ctx.Input.GetData("impersonating").(bool)
-	if !ok {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	err := c.SetSession("impersonateUser", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Ctx.SetCookie("impersonateUser", "", -1, "/")
-	c.ResponseOk()
-}
-
-// VerifyIdentification
-// @Title VerifyIdentification
-// @Tag User API
-// @Description verify user's real identity using ID Verification provider
-// @Param   owner     query    string  false  "The owner of the user (optional, defaults to logged-in user)"
-// @Param   name      query    string  false  "The name of the user (optional, defaults to logged-in user)"
-// @Param   provider  query    string  false  "The name of the ID Verification provider (optional, auto-selected if not provided)"
-// @Success 200 {object} controllers.Response The Response object
-// @router /verify-identification [post]
-func (c *ApiController) VerifyIdentification() {
-	owner := c.Ctx.Input.Query("owner")
-	name := c.Ctx.Input.Query("name")
-	providerName := c.Ctx.Input.Query("provider")
-
-	// If user not specified, use logged-in user
-	if owner == "" || name == "" {
-		loggedInUser := c.GetSessionUsername()
-		if loggedInUser == "" {
-			c.ResponseError(c.T("general:Please login first"))
-			return
-		}
-		var err error
-		owner, name, err = util.GetOwnerAndNameFromIdWithError(loggedInUser)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		// If user is specified, check if current user has permission to verify other users
-		// Only admins can verify other users
-		loggedInUser := c.GetSessionUsername()
-		if loggedInUser != util.GetId(owner, name) && !c.IsAdmin() {
-			c.ResponseError(c.T("auth:Unauthorized operation"))
-			return
-		}
-	}
-
-	user, err := object.GetUser(util.GetId(owner, name))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(owner, name)))
-		return
-	}
-
-	if user.IdCard == "" || user.IdCardType == "" || user.RealName == "" {
-		c.ResponseError(c.T("user:ID card information and real name are required"))
-		return
-	}
-
-	if user.IsVerified {
-		c.ResponseError(c.T("user:User is already verified"))
-		return
-	}
-
-	var provider *object.Provider
-	// If provider not specified, find suitable IDV provider from user's application
-	if providerName == "" {
-		application, err := object.GetApplicationByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if application == nil {
-			c.ResponseError(c.T("user:No application found for user"))
-			return
-		}
-
-		// Find IDV provider from application
-		idvProvider, err := object.GetIdvProviderByApplication(util.GetId(application.Owner, application.Name), "false", c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if idvProvider == nil {
-			c.ResponseError(c.T("provider:No ID Verification provider configured"))
-			return
-		}
-		provider = idvProvider
-	} else {
-		provider, err = object.GetProvider(providerName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if provider == nil {
-			c.ResponseError(fmt.Sprintf(c.T("provider:The provider: %s does not exist"), providerName))
-			return
-		}
-
-		if provider.Category != "ID Verification" {
-			c.ResponseError(c.T("provider:Provider is not an ID Verification provider"))
-			return
-		}
-	}
-
-	idvProvider := object.GetIdvProviderFromProvider(provider)
-	if idvProvider == nil {
-		c.ResponseError(c.T("provider:Failed to initialize ID Verification provider"))
-		return
-	}
-
-	verified, err := idvProvider.VerifyIdentity(user.IdCardType, user.IdCard, user.RealName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if !verified {
-		c.ResponseError(c.T("user:Identity verification failed"))
-		return
-	}
-
-	// Set IsVerified to true upon successful verification
-	user.IsVerified = true
-	_, err = object.UpdateUser(user.GetId(), user, []string{"is_verified"}, false)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(user.RealName)
-}
--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@@ -40,23 +40,8 @@ func saveFile(path string, file *multipart.File) (err error) {
 }

 func (c *ApiController) UploadUsers() {
-	if !c.IsAdmin() {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	userObj := c.getCurrentUser()
-	if userObj == nil {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
 	userId := c.GetSessionUsername()
-	owner, user, err := util.GetOwnerAndNameFromIdWithError(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	owner, user := util.GetOwnerAndNameFromId(userId)

 	file, header, err := c.Ctx.Request.FormFile("file")
 	if err != nil {
@@ -73,7 +58,7 @@ func (c *ApiController) UploadUsers() {
 		return
 	}

-	affected, err := object.UploadUsers(owner, path, userObj, c.GetAcceptLanguage())
+	affected, err := object.UploadUsers(owner, path)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -82,6 +67,6 @@ func (c *ApiController) UploadUsers() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("general:Failed to import users"))
+		c.ResponseError(c.T("user_upload:Failed to import users"))
 	}
 }
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -54,6 +54,13 @@ func (c *ApiController) ResponseError(error string, data ...interface{}) {
 		return
 	}

+	enableErrorMask := conf.GetConfigBool("enableErrorMask")
+	if enableErrorMask {
+		if strings.HasPrefix(error, "The user: ") && strings.HasSuffix(error, " doesn't exist") || strings.HasPrefix(error, "用户: ") && strings.HasSuffix(error, "不存在") {
+			error = c.T("check:password or code is incorrect")
+		}
+	}
+
 	resp := &Response{Status: "error", Msg: error}
 	c.ResponseJsonData(resp, data...)
 }
@@ -106,7 +113,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 	}

 	if object.IsAppUser(userId) {
-		tmpUserId := c.Ctx.Input.Query("userId")
+		tmpUserId := c.Input().Get("userId")
 		if tmpUserId != "" {
 			userId = tmpUserId
 		}
@@ -172,7 +179,7 @@ func (c *ApiController) IsOrgAdmin() (bool, bool) {
 // IsMaskedEnabled ...
 func (c *ApiController) IsMaskedEnabled() (bool, bool) {
 	isMaskEnabled := true
-	withSecret := c.Ctx.Input.Query("withSecret")
+	withSecret := c.Input().Get("withSecret")
 	if withSecret == "1" {
 		isMaskEnabled = false

@@ -202,14 +209,14 @@ func refineFullFilePath(fullFilePath string) (string, string) {
 }

 func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, error) {
-	providerName := c.Ctx.Input.Query("provider")
+	providerName := c.Input().Get("provider")
 	if providerName == "" {
-		field := c.Ctx.Input.Query("field")
-		value := c.Ctx.Input.Query("value")
+		field := c.Input().Get("field")
+		value := c.Input().Get("value")
 		if field == "provider" && value != "" {
 			providerName = value
 		} else {
-			fullFilePath := c.Ctx.Input.Query("fullFilePath")
+			fullFilePath := c.Input().Get("fullFilePath")
 			providerName, _ = refineFullFilePath(fullFilePath)
 		}
 	}
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"strings"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
@@ -44,27 +44,16 @@ const (
 // @Success 200 {array} object.Verification The Response object
 // @router /get-payments [get]
 func (c *ApiController) GetVerifications() {
-	organization, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-
-	owner := c.Ctx.Input.Query("owner")
-	// For global admin with organizationName parameter, use it to filter
-	// For org admin, use their organization
-	if c.IsGlobalAdmin() && owner != "" {
-		organization = owner
-	}
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
-		payments, err := object.GetVerifications(organization)
+		payments, err := object.GetVerifications(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -73,14 +62,14 @@ func (c *ApiController) GetVerifications() {
 		c.ResponseOk(payments)
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetVerificationCount(organization, field, value)
+		count, err := object.GetVerificationCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
-		payments, err := object.GetPaginationVerifications(organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
+		payments, err := object.GetPaginationVerifications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -100,8 +89,8 @@ func (c *ApiController) GetVerifications() {
 // @Success 200 {array} object.Verification The Response object
 // @router /get-user-payments [get]
 func (c *ApiController) GetUserVerifications() {
-	owner := c.Ctx.Input.Query("owner")
-	user := c.Ctx.Input.Query("user")
+	owner := c.Input().Get("owner")
+	user := c.Input().Get("user")

 	payments, err := object.GetUserVerifications(owner, user)
 	if err != nil {
@@ -120,7 +109,7 @@ func (c *ApiController) GetUserVerifications() {
 // @Success 200 {object} object.Verification The Response object
 // @router /get-payment [get]
 func (c *ApiController) GetVerification() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	payment, err := object.GetVerification(id)
 	if err != nil {
@@ -269,7 +258,7 @@ func (c *ApiController) SendVerificationCode() {
 			return
 		}

-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest, vform.Method, c.Ctx.Request.Host, application.Name, application)
+		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, clientIp, vform.Dest)
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
@@ -315,7 +304,7 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
 			return
 		} else {
-			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone, application)
+			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, clientIp, phone)
 		}
 	}

@@ -446,15 +435,9 @@ func (c *ApiController) ResetEmailOrPhone() {

 	switch destType {
 	case object.VerifyTypeEmail:
-		id := user.GetId()
 		user.Email = dest
 		user.EmailVerified = true
-		columns := []string{"email", "email_verified"}
-		if organization.UseEmailAsUsername {
-			user.Name = user.Email
-			columns = append(columns, "name")
-		}
-		_, err = object.UpdateUser(id, user, columns, false)
+		_, err = object.UpdateUser(user.GetId(), user, []string{"email", "email_verified"}, false)
 	case object.VerifyTypePhone:
 		user.Phone = dest
 		_, err = object.SetUserField(user, "phone", user.Phone)
@@ -466,9 +449,6 @@ func (c *ApiController) ResetEmailOrPhone() {
 		c.ResponseError(err.Error())
 		return
 	}
-	if organization.UseEmailAsUsername {
-		c.SetSessionUsername(user.GetId())
-	}

 	err = object.DisableVerificationCode(checkDest)
 	if err != nil {
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@@ -17,7 +17,6 @@ package controllers
 import (
 	"bytes"
 	"encoding/base64"
-	"fmt"
 	"io"

 	"github.com/casdoor/casdoor/form"
@@ -48,13 +47,6 @@ func (c *ApiController) WebAuthnSignupBegin() {

 	registerOptions := func(credCreationOpts *protocol.PublicKeyCredentialCreationOptions) {
 		credCreationOpts.CredentialExcludeList = user.CredentialExcludeList()
-		credCreationOpts.AuthenticatorSelection.ResidentKey = "preferred"
-		credCreationOpts.Attestation = "none"
-
-		ext := map[string]interface{}{
-			"credProps": true,
-		}
-		credCreationOpts.Extensions = ext
 	}
 	options, sessionData, err := webauthnObj.BeginRegistration(
 		user,
@@ -126,34 +118,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 		return
 	}

-	userOwner := c.Ctx.Input.Query("owner")
-	userName := c.Ctx.Input.Query("name")
-
-	var options *protocol.CredentialAssertion
-	var sessionData *webauthn.SessionData
-
-	if userName == "" {
-		options, sessionData, err = webauthnObj.BeginDiscoverableLogin()
-	} else {
-		var user *object.User
-		user, err = object.GetUserByFields(userOwner, userName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
-			return
-		}
-		if len(user.WebauthnCredentials) == 0 {
-			c.ResponseError(c.T("webauthn:Found no credentials for this user"))
-			return
-		}
-
-		options, sessionData, err = webauthnObj.BeginLogin(user)
-	}
-
+	options, sessionData, err := webauthnObj.BeginDiscoverableLogin()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -171,8 +136,8 @@ func (c *ApiController) WebAuthnSigninBegin() {
 // @Success 200 {object} controllers.Response "The Response object"
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
-	responseType := c.Ctx.Input.Query("responseType")
-	clientId := c.Ctx.Input.Query("clientId")
+	responseType := c.Input().Get("responseType")
+	clientId := c.Input().Get("clientId")
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -188,27 +153,15 @@ func (c *ApiController) WebAuthnSigninFinish() {
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))

 	var user *object.User
-	if sessionData.UserID != nil {
-		userId := string(sessionData.UserID)
-		user, err = object.GetUser(userId)
+	handler := func(rawID, userHandle []byte) (webauthn.User, error) {
+		user, err = object.GetUserByWebauthID(base64.StdEncoding.EncodeToString(rawID))
 		if err != nil {
-			c.ResponseError(err.Error())
-			return
+			return nil, err
 		}
-
-		_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
-	} else {
-		handler := func(rawID, userHandle []byte) (webauthn.User, error) {
-			user, err = object.GetUserByWebauthID(base64.StdEncoding.EncodeToString(rawID))
-			if err != nil {
-				return nil, err
-			}
-			return user, nil
-		}
-
-		_, err = webauthnObj.FinishDiscoverableLogin(handler, sessionData, c.Ctx.Request)
+		return user, nil
 	}

+	_, err = webauthnObj.FinishDiscoverableLogin(handler, sessionData, c.Ctx.Request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@@ -17,7 +17,7 @@ package controllers
 import (
 	"encoding/json"

-	"github.com/beego/beego/v2/core/utils/pagination"
+	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -31,14 +31,14 @@ import (
 // @router /get-webhooks [get]
 // @Security test_apiKey
 func (c *ApiController) GetWebhooks() {
-	owner := c.Ctx.Input.Query("owner")
-	limit := c.Ctx.Input.Query("pageSize")
-	page := c.Ctx.Input.Query("p")
-	field := c.Ctx.Input.Query("field")
-	value := c.Ctx.Input.Query("value")
-	sortField := c.Ctx.Input.Query("sortField")
-	sortOrder := c.Ctx.Input.Query("sortOrder")
-	organization := c.Ctx.Input.Query("organization")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")

 	if limit == "" || page == "" {
 		webhooks, err := object.GetWebhooks(owner, organization)
@@ -56,7 +56,7 @@ func (c *ApiController) GetWebhooks() {
 			return
 		}

-		paginator := pagination.NewPaginator(c.Ctx.Request, limit, count)
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)

 		webhooks, err := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
@@ -76,7 +76,7 @@ func (c *ApiController) GetWebhooks() {
 // @Success 200 {object} object.Webhook The Response object
 // @router /get-webhook [get]
 func (c *ApiController) GetWebhook() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	webhook, err := object.GetWebhook(id)
 	if err != nil {
@@ -96,7 +96,7 @@ func (c *ApiController) GetWebhook() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-webhook [post]
 func (c *ApiController) UpdateWebhook() {
-	id := c.Ctx.Input.Query("id")
+	id := c.Input().Get("id")

 	var webhook object.Webhook
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &webhook)
@@ -105,7 +105,7 @@ func (c *ApiController) UpdateWebhook() {
 		return
 	}

-	c.Data["json"] = wrapActionResponse(object.UpdateWebhook(id, &webhook, c.IsGlobalAdmin(), c.GetAcceptLanguage()))
+	c.Data["json"] = wrapActionResponse(object.UpdateWebhook(id, &webhook))
 	c.ServeJSON()
 }

--- a/cred/argon2id.go
+++ b/cred/argon2id.go
@@ -23,7 +23,7 @@ func NewArgon2idCredManager() *Argon2idCredManager {
 	return cm
 }

-func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
 	if err != nil {
 		return ""
@@ -31,7 +31,7 @@ func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) s
 	return hash
 }

-func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *Argon2idCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	match, _ := argon2id.ComparePasswordAndHash(plainPwd, hashedPwd)
 	return match
 }
--- a/cred/bcrypt.go
+++ b/cred/bcrypt.go
@@ -9,7 +9,7 @@ func NewBcryptCredManager() *BcryptCredManager {
 	return cm
 }

-func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
 		return ""
@@ -17,7 +17,7 @@ func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) str
 	return string(bytes)
 }

-func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
 	return err == nil
 }
--- a/cred/manager.go
+++ b/cred/manager.go
@@ -15,8 +15,8 @@
 package cred

 type CredManager interface {
-	GetHashedPassword(password string, salt string) string
-	IsPasswordCorrect(password string, passwordHash string, salt string) bool
+	GetHashedPassword(password string, userSalt string, organizationSalt string) string
+	IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
 }

 func GetCredManager(passwordType string) CredManager {
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@@ -37,21 +37,14 @@ func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
 	return cm
 }

-func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getMd5HexDigest(password)
+func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	res := getMd5HexDigest(password)
+	if userSalt != "" {
+		res = getMd5HexDigest(res + userSalt)
 	}
-
-	return getMd5HexDigest(getMd5HexDigest(password) + salt)
+	return res
 }

-func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getMd5HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/pbkdf2-salt.go
+++ b/cred/pbkdf2-salt.go
@@ -28,13 +28,13 @@ func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
 	return cm
 }

-func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
-	decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
+	decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
 	res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
 	return base64.StdEncoding.EncodeToString(res)
 }

-func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/pbkdf2_django.go
+++ b/cred/pbkdf2_django.go
@@ -32,8 +32,12 @@ func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
 	return cm
 }

-func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
+func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	iterations := 260000
+	salt := userSalt
+	if salt == "" {
+		salt = organizationSalt
+	}

 	saltBytes := []byte(salt)
 	passwordBytes := []byte(password)
@@ -42,7 +46,7 @@ func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string
 	return "pbkdf2_sha256$" + strconv.Itoa(iterations) + "$" + salt + "$" + hashBase64
 }

-func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, _salt string) bool {
+func (m *Pbkdf2DjangoCredManager) IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool {
 	parts := strings.Split(passwordHash, "$")
 	if len(parts) != 4 {
 		return false
--- a/cred/plain.go
+++ b/cred/plain.go
@@ -21,10 +21,10 @@ func NewPlainCredManager() *PlainCredManager {
 	return cm
 }

-func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
+func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
 	return password
 }

-func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
+func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
 	return hashedPwd == plainPwd
 }
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@@ -37,21 +37,14 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
 	return cm
 }

-func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getSha256HexDigest(password)
+func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	res := getSha256HexDigest(password)
+	if organizationSalt != "" {
+		res = getSha256HexDigest(res + organizationSalt)
 	}
-
-	return getSha256HexDigest(getSha256HexDigest(password) + salt)
+	return res
 }

-func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getSha256HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@@ -23,12 +23,12 @@ func TestGetSaltedPassword(t *testing.T) {
 	password := "123456"
 	salt := "123"
 	cm := NewSha256SaltCredManager()
-	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
+	fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
 }

 func TestGetPassword(t *testing.T) {
 	password := "123456"
 	cm := NewSha256SaltCredManager()
 	// https://passwordsgenerator.net/sha256-hash-generator/
-	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
+	fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
 }
--- a/cred/sha512-salt.go
+++ b/cred/sha512-salt.go
@@ -37,21 +37,14 @@ func NewSha512SaltCredManager() *Sha512SaltCredManager {
 	return cm
 }

-func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
-	if salt == "" {
-		return getSha512HexDigest(password)
+func (cm *Sha512SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+	res := getSha512HexDigest(password)
+	if organizationSalt != "" {
+		res = getSha512HexDigest(res + organizationSalt)
 	}
-
-	return getSha512HexDigest(getSha512HexDigest(password) + salt)
+	return res
 }

-func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, salt string) bool {
-	// For backward-compatibility
-	if salt == "" {
-		if hashedPwd == cm.GetHashedPassword(getSha512HexDigest(plainPwd), salt) {
-			return true
-		}
-	}
-
-	return hashedPwd == cm.GetHashedPassword(plainPwd, salt)
+func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+	return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
 }
--- a/deployment/deploy_test.go
+++ b/deployment/deploy_test.go
@@ -13,6 +13,7 @@
 // limitations under the License.

 //go:build !skipCi
+// +build !skipCi

 package deployment

--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -1,10 +1,8 @@
 #!/bin/bash
+if [ "${MYSQL_ROOT_PASSWORD}" = "" ] ;then MYSQL_ROOT_PASSWORD=123456 ;fi

-if [ -z "${driverName:-}" ]; then
-  export driverName=sqlite
-fi
-if [ -z "${dataSourceName:-}" ]; then
-  export dataSourceName="file:casdoor.db?cache=shared"
-fi
+service mariadb start

-exec /server
+mysqladmin -u root password ${MYSQL_ROOT_PASSWORD}
+
+exec /server --createDatabase=true
--- a/email/azure_acs.go
+++ b/email/azure_acs.go
@@ -96,17 +96,15 @@ func NewAzureACSEmailProvider(accessKey string, endpoint string) *AzureACSEmailP
 	}
 }

-func newEmail(fromAddress string, toAddress []string, subject string, content string) *Email {
-	var to []EmailAddress
-	for _, addr := range toAddress {
-		to = append(to, EmailAddress{
-			DisplayName: addr,
-			Address:     addr,
-		})
-	}
+func newEmail(fromAddress string, toAddress string, subject string, content string) *Email {
 	return &Email{
 		Recipients: Recipients{
-			To: to,
+			To: []EmailAddress{
+				{
+					DisplayName: toAddress,
+					Address:     toAddress,
+				},
+			},
 		},
 		SenderAddress: fromAddress,
 		Content: Content{
@@ -118,7 +116,7 @@ func newEmail(fromAddress string, toAddress []string, subject string, content st
 	}
 }

-func (a *AzureACSEmailProvider) Send(fromAddress string, fromName string, toAddress []string, subject string, content string) error {
+func (a *AzureACSEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
 	email := newEmail(fromAddress, toAddress, subject, content)

 	postBody, err := json.Marshal(email)
--- a/email/custom_http.go
+++ b/email/custom_http.go
@@ -48,26 +48,21 @@ func NewHttpEmailProvider(endpoint string, method string, httpHeaders map[string
 	return client
 }

-func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress []string, subject string, content string) error {
+func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
 	var req *http.Request
 	var err error

-	fromAddressField := "fromAddress"
 	fromNameField := "fromName"
 	toAddressField := "toAddress"
-	toAddressesField := "toAddresses"
 	subjectField := "subject"
 	contentField := "content"
+
 	for k, v := range c.bodyMapping {
 		switch k {
-		case "fromAddress":
-			fromAddressField = v
 		case "fromName":
 			fromNameField = v
 		case "toAddress":
 			toAddressField = v
-		case "toAddresses":
-			toAddressesField = v
 		case "subject":
 			subjectField = v
 		case "content":
@@ -77,8 +72,8 @@ func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress

 	if c.method == "POST" || c.method == "PUT" || c.method == "DELETE" {
 		bodyMap := make(map[string]string)
-		bodyMap[fromAddressField] = fromAddress
 		bodyMap[fromNameField] = fromName
+		bodyMap[toAddressField] = toAddress
 		bodyMap[subjectField] = subject
 		bodyMap[contentField] = content

@@ -94,13 +89,6 @@ func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress
 			for k, v := range bodyMap {
 				formValues.Add(k, v)
 			}
-			if len(toAddress) == 1 {
-				formValues.Add(toAddressField, toAddress[0])
-			} else {
-				for _, addr := range toAddress {
-					formValues.Add(toAddressesField, addr)
-				}
-			}
 			req, err = http.NewRequest(c.method, c.endpoint, strings.NewReader(formValues.Encode()))
 		}

@@ -116,15 +104,8 @@ func (c *HttpEmailProvider) Send(fromAddress string, fromName string, toAddress
 		}

 		q := req.URL.Query()
-		q.Add(fromAddressField, fromAddress)
 		q.Add(fromNameField, fromName)
-		if len(toAddress) == 1 {
-			q.Add(toAddressField, toAddress[0])
-		} else {
-			for _, addr := range toAddress {
-				q.Add(toAddressesField, addr)
-			}
-		}
+		q.Add(toAddressField, toAddress)
 		q.Add(subjectField, subject)
 		q.Add(contentField, content)
 		req.URL.RawQuery = q.Encode()
--- a/email/provider.go
+++ b/email/provider.go
@@ -15,17 +15,17 @@
 package email

 type EmailProvider interface {
-	Send(fromAddress string, fromName string, toAddress []string, subject string, content string) error
+	Send(fromAddress string, fromName, toAddress string, subject string, content string) error
 }

-func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, disableSsl bool, endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string, enableProxy bool) EmailProvider {
+func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, disableSsl bool, endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string) (EmailProvider, error) {
 	if typ == "Azure ACS" {
-		return NewAzureACSEmailProvider(clientSecret, host)
+		return NewAzureACSEmailProvider(clientSecret, host), nil
 	} else if typ == "Custom HTTP Email" {
-		return NewHttpEmailProvider(endpoint, method, httpHeaders, bodyMapping, contentType)
+		return NewHttpEmailProvider(endpoint, method, httpHeaders, bodyMapping, contentType), nil
 	} else if typ == "SendGrid" {
-		return NewSendgridEmailProvider(clientSecret, host, endpoint)
+		return NewSendgridEmailProvider(clientSecret, host, endpoint), nil
 	} else {
-		return NewSmtpEmailProvider(clientId, clientSecret, host, port, typ, disableSsl, enableProxy)
+		return NewSmtpEmailProvider(clientId, clientSecret, host, port, typ, disableSsl)
 	}
 }
--- a/email/sendgrid.go
+++ b/email/sendgrid.go
@@ -41,24 +41,13 @@ func NewSendgridEmailProvider(apiKey string, host string, endpoint string) *Send
 	return &SendgridEmailProvider{ApiKey: apiKey, Host: host, Endpoint: endpoint}
 }

-func (s *SendgridEmailProvider) Send(fromAddress string, fromName string, toAddresses []string, subject string, content string) error {
-	from := mail.NewEmail(fromName, fromAddress)
-	message := mail.NewV3Mail()
-	message.SetFrom(from)
-	message.AddContent(mail.NewContent("text/html", content))
-
-	personalization := mail.NewPersonalization()
-
-	for _, toAddress := range toAddresses {
-		to := mail.NewEmail(toAddress, toAddress)
-		personalization.AddTos(to)
-	}
-
-	personalization.Subject = subject
-
-	message.AddPersonalizations(personalization)
-
+func (s *SendgridEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
 	client := s.initSendgridClient()
+
+	from := mail.NewEmail(fromName, fromAddress)
+	to := mail.NewEmail("", toAddress)
+	message := mail.NewSingleEmail(from, subject, to, "", content)
+
 	resp, err := client.Send(message)
 	if err != nil {
 		return err
--- a/email/smtp.go
+++ b/email/smtp.go
@@ -15,46 +15,77 @@
 package email

 import (
+	"context"
 	"crypto/tls"
+	"fmt"
+	"net"
+	"strings"

 	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/gomail/v2"
+	"github.com/wneessen/go-mail"
+	"golang.org/x/net/proxy"
 )

 type SmtpEmailProvider struct {
-	Dialer *gomail.Dialer
+	Client *mail.Client
 }

-func NewSmtpEmailProvider(userName string, password string, host string, port int, typ string, disableSsl bool, enableProxy bool) *SmtpEmailProvider {
-	dialer := gomail.NewDialer(host, port, userName, password)
-	if typ == "SUBMAIL" {
-		dialer.TLSConfig = &tls.Config{InsecureSkipVerify: true}
+func NewSmtpEmailProvider(userName string, password string, host string, port int, typ string, disableSsl bool) (*SmtpEmailProvider, error) {
+	client, err := mail.NewClient(host, mail.WithSMTPAuth(mail.SMTPAuthAutoDiscover), mail.WithUsername(userName), mail.WithPassword(password), mail.WithPort(port))
+	if err != nil {
+		return nil, err
 	}

-	dialer.SSL = !disableSsl
+	if client == nil {
+		return nil, fmt.Errorf("client is nil")
+	}

-	if enableProxy {
-		socks5Proxy := conf.GetConfigString("socks5Proxy")
-		if socks5Proxy != "" {
-			dialer.SetSocks5Proxy(socks5Proxy)
+	if typ == "SUBMAIL" {
+		err = client.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})
+		if err != nil {
+			return nil, err
 		}
 	}

-	return &SmtpEmailProvider{Dialer: dialer}
-}
+	client.SetSSL(!disableSsl)

-func (s *SmtpEmailProvider) Send(fromAddress string, fromName string, toAddresses []string, subject string, content string) error {
-	message := gomail.NewMessage()
+	if strings.HasSuffix(host, ".amazonaws.com") {
+		socks5Proxy := conf.GetConfigString("socks5Proxy")
+		if socks5Proxy != "" {
+			dialSocksProxy, err := proxy.SOCKS5("tcp", socks5Proxy, nil, proxy.Direct)
+			if err != nil {
+				return nil, err
+			}

-	message.SetAddressHeader("From", fromAddress, fromName)
-	var addresses []string
-	for _, address := range toAddresses {
-		addresses = append(addresses, message.FormatAddress(address, ""))
+			dialContext := func(ctx context.Context, network, addr string) (net.Conn, error) {
+				return dialSocksProxy.Dial(network, addr)
+			}
+
+			err = mail.WithDialContextFunc(dialContext)(client)
+			if err != nil {
+				return nil, err
+			}
+		}
 	}
-	message.SetHeader("To", addresses...)
-	message.SetHeader("Subject", subject)
-	message.SetBody("text/html", content)

-	message.SkipUsernameCheck = true
-	return s.Dialer.DialAndSend(message)
+	return &SmtpEmailProvider{Client: client}, nil
+}
+
+func (s *SmtpEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
+	message := mail.NewMsg()
+
+	err := message.FromFormat(fromName, fromAddress)
+	if err != nil {
+		return err
+	}
+
+	err = message.To(toAddress)
+	if err != nil {
+		return err
+	}
+
+	message.Subject(subject)
+	message.SetBodyString(mail.TypeTextHTML, content)
+
+	return s.Client.DialAndSend(message)
 }
--- a/form/auth.go
+++ b/form/auth.go
@@ -46,7 +46,6 @@ type AuthForm struct {
 	State        string `json:"state"`
 	RedirectUri  string `json:"redirectUri"`
 	Method       string `json:"method"`
-	CodeVerifier string `json:"codeVerifier"`

 	EmailCode   string `json:"emailCode"`
 	PhoneCode   string `json:"phoneCode"`
@@ -62,10 +61,9 @@ type AuthForm struct {
 	CaptchaToken string `json:"captchaToken"`
 	ClientSecret string `json:"clientSecret"`

-	MfaType           string `json:"mfaType"`
-	Passcode          string `json:"passcode"`
-	RecoveryCode      string `json:"recoveryCode"`
-	EnableMfaRemember bool   `json:"enableMfaRemember"`
+	MfaType      string `json:"mfaType"`
+	Passcode     string `json:"passcode"`
+	RecoveryCode string `json:"recoveryCode"`

 	Plan    string `json:"plan"`
 	Pricing string `json:"pricing"`
--- a/form/verification.go
+++ b/form/verification.go
@@ -47,7 +47,7 @@ func (form *VerificationForm) CheckParameter(checkType int, lang string) string
 			return i18n.Translate(lang, "general:Missing parameter") + ": dest."
 		}
 		if form.CaptchaType == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": captchaType."
+			return i18n.Translate(lang, "general:Missing parameter") + ": checkType."
 		}
 		if !strings.Contains(form.ApplicationId, "/") {
 			return i18n.Translate(lang, "verification:Wrong parameter") + ": applicationId."
--- a/go.mod
+++ b/go.mod
@@ -1,29 +1,22 @@
 module github.com/casdoor/casdoor

-go 1.23.0
+go 1.21

 require (
 	github.com/Masterminds/squirrel v1.5.3
-	github.com/NdoleStudio/lemonsqueezy-go v1.2.4
-	github.com/PaddleHQ/paddle-go-sdk v1.0.0
-	github.com/adyen/adyen-go-api-library/v11 v11.0.0
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
-	github.com/alibabacloud-go/cloudauth-20190307/v3 v3.9.2
 	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.4
 	github.com/alibabacloud-go/facebody-20191230/v5 v5.1.2
 	github.com/alibabacloud-go/openapi-util v0.1.0
 	github.com/alibabacloud-go/tea v1.3.2
 	github.com/alibabacloud-go/tea-utils/v2 v2.0.7
-	github.com/aliyun/aliyun-oss-go-sdk v2.2.2+incompatible
-	github.com/aliyun/credentials-go v1.3.10
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.95.0
-	github.com/beego/beego/v2 v2.3.8
+	github.com/aws/aws-sdk-go v1.45.5
+	github.com/beego/beego v1.12.12
 	github.com/beevik/etree v1.1.0
 	github.com/casbin/casbin/v2 v2.77.2
 	github.com/casdoor/go-sms-sender v0.25.0
-	github.com/casdoor/gomail/v2 v2.2.0
 	github.com/casdoor/ldapserver v1.2.0
-	github.com/casdoor/notify2 v1.6.0
+	github.com/casdoor/notify v1.0.1
 	github.com/casdoor/oss v1.8.0
 	github.com/casdoor/xorm-adapter/v3 v3.1.0
 	github.com/casvisor/casvisor-go-sdk v1.4.0
@@ -32,13 +25,11 @@ require (
 	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
 	github.com/fogleman/gg v1.3.0
 	github.com/go-asn1-ber/asn1-ber v1.5.5
-	github.com/go-git/go-git/v5 v5.16.3
-	github.com/go-jose/go-jose/v4 v4.1.2
+	github.com/go-git/go-git/v5 v5.13.0
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/go-mysql-org/go-mysql v1.7.0
-	github.com/go-pay/gopay v1.5.115
-	github.com/go-pay/util v0.0.4
-	github.com/go-sql-driver/mysql v1.8.1
+	github.com/go-pay/gopay v1.5.72
+	github.com/go-sql-driver/mysql v1.6.0
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
 	github.com/go-webauthn/webauthn v0.10.2
 	github.com/golang-jwt/jwt/v5 v5.2.2
@@ -47,60 +38,55 @@ require (
 	github.com/lestrrat-go/jwx v1.2.29
 	github.com/lib/pq v1.10.9
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
-	github.com/markbates/goth v1.82.0
+	github.com/markbates/goth v1.79.0
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/nyaruka/phonenumbers v1.2.2
-	github.com/polarsource/polar-go v0.12.0
+	github.com/nyaruka/phonenumbers v1.1.5
 	github.com/pquerna/otp v1.4.0
-	github.com/prometheus/client_golang v1.19.0
-	github.com/prometheus/client_model v0.6.0
+	github.com/prometheus/client_golang v1.11.1
+	github.com/prometheus/client_model v0.4.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/russellhaering/gosaml2 v0.9.0
 	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/sendgrid/sendgrid-go v3.16.0+incompatible
-	github.com/shirou/gopsutil/v4 v4.25.9
+	github.com/sendgrid/sendgrid-go v3.14.0+incompatible
+	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
-	github.com/stretchr/testify v1.11.1
+	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
+	github.com/stretchr/testify v1.10.0
 	github.com/stripe/stripe-go/v74 v74.29.0
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
+	github.com/wneessen/go-mail v0.6.2
 	github.com/xorm-io/builder v0.3.13
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
-	golang.org/x/crypto v0.40.0
-	golang.org/x/net v0.41.0
-	golang.org/x/oauth2 v0.27.0
-	golang.org/x/text v0.27.0
-	google.golang.org/api v0.215.0
-	layeh.com/radius v0.0.0-20231213012653-1006025d24f8
-	maunium.net/go/mautrix v0.22.1
+	golang.org/x/crypto v0.33.0
+	golang.org/x/net v0.34.0
+	golang.org/x/oauth2 v0.17.0
+	golang.org/x/text v0.22.0
+	google.golang.org/api v0.150.0
+	gopkg.in/square/go-jose.v2 v2.6.0
+	layeh.com/radius v0.0.0-20221205141417-e7fbddd11d68
+	maunium.net/go/mautrix v0.16.0
 	modernc.org/sqlite v1.18.2
 )

 require (
-	cel.dev/expr v0.18.0 // indirect
-	cloud.google.com/go v0.116.0 // indirect
-	cloud.google.com/go/auth v0.13.0 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
-	cloud.google.com/go/compute/metadata v0.6.0 // indirect
-	cloud.google.com/go/iam v1.2.2 // indirect
-	cloud.google.com/go/monitoring v1.21.2 // indirect
-	cloud.google.com/go/storage v1.47.0 // indirect
+	cloud.google.com/go v0.110.8 // indirect
+	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v1.1.3 // indirect
+	cloud.google.com/go/storage v1.35.1 // indirect
 	dario.cat/mergo v1.0.0 // indirect
-	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
 	github.com/Azure/azure-storage-blob-go v0.15.0 // indirect
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/BurntSushi/toml v0.3.1 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
-	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
 	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
-	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/ProtonMail/go-crypto v1.1.6 // indirect
-	github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20240116134246-a8cbe886bab0 // indirect
-	github.com/SherClockHolmes/webpush-go v1.4.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v1.1.3 // indirect
+	github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20221121042443-a3fd332d56d9 // indirect
+	github.com/SherClockHolmes/webpush-go v1.2.0 // indirect
 	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
 	github.com/alibabacloud-go/darabonba-number v1.0.4 // indirect
 	github.com/alibabacloud-go/debug v1.0.1 // indirect
@@ -112,68 +98,55 @@ require (
 	github.com/alibabacloud-go/tea-utils v1.3.6 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
 	github.com/aliyun/alibaba-cloud-sdk-go v1.62.545 // indirect
+	github.com/aliyun/aliyun-oss-go-sdk v2.2.2+incompatible // indirect
+	github.com/aliyun/credentials-go v1.3.10 // indirect
 	github.com/apistd/uni-go-sdk v0.0.2 // indirect
 	github.com/atc0005/go-teams-notify/v2 v2.13.0 // indirect
-	github.com/aws/aws-sdk-go v1.45.5 // indirect
-	github.com/aws/smithy-go v1.24.0 // indirect
 	github.com/baidubce/bce-sdk-go v0.9.156 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/blinkbean/dingtalk v1.1.3 // indirect
-	github.com/boombuler/barcode v1.0.1 // indirect
-	github.com/bwmarrin/discordgo v0.28.1 // indirect
-	github.com/caarlos0/go-reddit/v3 v3.0.1 // indirect
+	github.com/blinkbean/dingtalk v0.0.0-20210905093040-7d935c0f7e19 // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/bwmarrin/discordgo v0.27.1 // indirect
 	github.com/casdoor/casdoor-go-sdk v0.50.0 // indirect
-	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
-	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/casdoor/go-reddit/v2 v2.1.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
-	github.com/cloudflare/circl v1.6.1 // indirect
-	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb // indirect
-	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
-	github.com/dghubble/oauth1 v0.7.3 // indirect
-	github.com/dghubble/sling v1.4.2 // indirect
-	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
+	github.com/dghubble/oauth1 v0.7.2 // indirect
+	github.com/dghubble/sling v1.4.0 // indirect
 	github.com/di-wu/parser v0.2.2 // indirect
 	github.com/di-wu/xsd-datetime v1.0.0 // indirect
 	github.com/drswork/go-twitter v0.0.0-20221107160839-dea1b6ed53d7 // indirect
-	github.com/ebitengine/purego v0.9.0 // indirect
+	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/envoyproxy/go-control-plane v0.13.1 // indirect
-	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
-	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
-	github.com/ggicci/httpin v0.19.0 // indirect
-	github.com/ggicci/owl v0.8.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.2 // indirect
-	github.com/go-lark/lark v1.15.1 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-git/go-billy/v5 v5.6.0 // indirect
+	github.com/go-lark/lark v1.9.0 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
-	github.com/go-pay/crypto v0.0.1 // indirect
-	github.com/go-pay/errgroup v0.0.3 // indirect
-	github.com/go-pay/smap v0.0.2 // indirect
-	github.com/go-pay/xlog v0.0.3 // indirect
-	github.com/go-pay/xtime v0.0.2 // indirect
 	github.com/go-webauthn/x v0.1.9 // indirect
-	github.com/goccy/go-json v0.10.3 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
-	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/mock v1.6.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
+	github.com/gomodule/redigo v2.0.0+incompatible // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/go-tpm v0.9.0 // indirect
-	github.com/google/s2a-go v0.1.8 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
-	github.com/gorilla/websocket v1.5.3 // indirect
-	github.com/gregdel/pushover v1.3.1 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gregdel/pushover v1.2.1 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -183,17 +156,17 @@ require (
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
 	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
-	github.com/lestrrat-go/blackmagic v1.0.4 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/line/line-bot-sdk-go v7.8.0+incompatible // indirect
-	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/markbates/going v1.0.0 // indirect
 	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-ieproxy v0.0.1 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/mileusna/viber v1.0.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -202,84 +175,74 @@ require (
 	github.com/pingcap/errors v0.11.5-0.20210425183316-da1aaba5fb63 // indirect
 	github.com/pingcap/log v0.0.0-20210625125904-98ed8e2eb1c7 // indirect
 	github.com/pingcap/tidb/parser v0.0.0-20221126021158-6b02a5d8ba7d // indirect
-	github.com/pjbgf/sha1cd v0.3.2 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/prometheus/common v0.48.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/prometheus/common v0.30.0 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
 	github.com/qiniu/go-sdk/v7 v7.12.1 // indirect
-	github.com/redis/go-redis/v9 v9.5.5 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
-	github.com/rs/zerolog v1.33.0 // indirect
+	github.com/rs/zerolog v1.30.0 // indirect
 	github.com/scim2/filter-parser/v2 v2.2.0 // indirect
 	github.com/sendgrid/rest v2.6.9+incompatible // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
 	github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 // indirect
 	github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skeema/knownhosts v1.3.1 // indirect
-	github.com/slack-go/slack v0.15.0 // indirect
-	github.com/spyzhov/ajson v0.8.0 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/skeema/knownhosts v1.3.0 // indirect
+	github.com/slack-go/slack v0.12.3 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/syndtr/goleveldb v1.0.0 // indirect
 	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.744 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sms v1.0.744 // indirect
-	github.com/tidwall/gjson v1.18.0 // indirect
+	github.com/tidwall/gjson v1.16.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
-	github.com/tklauser/go-sysconf v0.3.15 // indirect
-	github.com/tklauser/numcpus v0.10.0 // indirect
+	github.com/tklauser/go-sysconf v0.3.10 // indirect
+	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/twilio/twilio-go v1.13.0 // indirect
 	github.com/ucloud/ucloud-sdk-go v0.22.5 // indirect
 	github.com/utahta/go-linenotify v0.5.0 // indirect
 	github.com/volcengine/volc-sdk-golang v1.0.117 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.mau.fi/util v0.8.3 // indirect
+	github.com/yusufpapurcu/wmi v1.2.2 // indirect
+	go.mau.fi/util v0.0.0-20230805171708-199bf3eec776 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/detectors/gcp v1.32.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect
-	go.opentelemetry.io/otel v1.32.0 // indirect
-	go.opentelemetry.io/otel/metric v1.32.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.32.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.32.0 // indirect
-	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.7.0 // indirect
 	go.uber.org/zap v1.19.1 // indirect
-	golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect
-	golang.org/x/image v0.0.0-20220302094943-723b81ca9867 // indirect
-	golang.org/x/mod v0.25.0 // indirect
-	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
-	golang.org/x/time v0.8.0 // indirect
-	golang.org/x/tools v0.34.0 // indirect
-	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8 // indirect
-	google.golang.org/grpc v1.68.0 // indirect
-	google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3 // indirect
-	google.golang.org/protobuf v1.36.1 // indirect
-	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
+	golang.org/x/image v0.0.0-20190802002840-cff245a6509b // indirect
+	golang.org/x/mod v0.19.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	lukechampine.com/uint128 v1.2.0 // indirect
+	lukechampine.com/uint128 v1.1.1 // indirect
+	maunium.net/go/maulogger/v2 v2.4.1 // indirect
 	modernc.org/cc/v3 v3.37.0 // indirect
 	modernc.org/ccgo/v3 v3.16.9 // indirect
 	modernc.org/libc v1.18.0 // indirect
 	modernc.org/mathutil v1.5.0 // indirect
 	modernc.org/memory v1.3.0 // indirect
-	modernc.org/opt v0.1.3 // indirect
+	modernc.org/opt v0.1.1 // indirect
 	modernc.org/strutil v1.1.3 // indirect
 	modernc.org/token v1.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
--- a/i18n/generate.go
+++ b/i18n/generate.go
@@ -19,7 +19,6 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
-	"strconv"
 	"strings"

 	"github.com/casdoor/casdoor/util"
@@ -48,11 +47,7 @@ func getAllI18nStringsFrontend(fileContent string) []string {
 	}

 	for _, match := range matches {
-		target, err := strconv.Unquote("\"" + match[1] + "\"")
-		if err != nil {
-			target = match[1]
-		}
-		res = append(res, target)
+		res = append(res, match[1])
 	}
 	return res
 }
@@ -66,12 +61,7 @@ func getAllI18nStringsBackend(fileContent string, isObjectPackage bool) []string
 		}
 		for _, match := range matches {
 			match := strings.SplitN(match[1], ",", 2)
-			target, err := strconv.Unquote("\"" + match[1][2:] + "\"")
-			if err != nil {
-				target = match[1][2:]
-			}
-
-			res = append(res, target)
+			res = append(res, match[1][2:])
 		}
 	} else {
 		matches := reI18nBackendController.FindAllStringSubmatch(fileContent, -1)
@@ -79,11 +69,7 @@ func getAllI18nStringsBackend(fileContent string, isObjectPackage bool) []string
 			return res
 		}
 		for _, match := range matches {
-			target, err := strconv.Unquote("\"" + match[1][1:] + "\"")
-			if err != nil {
-				target = match[1][1:]
-			}
-			res = append(res, target)
+			res = append(res, match[1][1:])
 		}
 	}

@@ -155,26 +141,10 @@ func parseAllWords(category string) *I18nData {
 	return &data
 }

-// copyI18nData creates a deep copy of an I18nData structure to prevent shared reference issues
-// between language translations. This ensures each language starts with fresh English defaults
-// rather than inheriting values from previously processed languages.
-func copyI18nData(src *I18nData) *I18nData {
-	dst := I18nData{}
-	for namespace, pairs := range *src {
-		dst[namespace] = make(map[string]string)
-		for key, value := range pairs {
-			dst[namespace][key] = value
-		}
-	}
-	return &dst
-}
-
 func applyToOtherLanguage(category string, language string, newData *I18nData) {
 	oldData := readI18nFile(category, language)
 	println(oldData)

-	// Create a copy of newData to avoid modifying the shared data across languages
-	dataCopy := copyI18nData(newData)
-	applyData(dataCopy, oldData)
-	writeI18nFile(category, language, dataCopy)
+	applyData(newData, oldData)
+	writeI18nFile(category, language, newData)
 }
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@@ -13,6 +13,7 @@
 // limitations under the License.

 //go:build !skipCi
+// +build !skipCi

 package i18n

@@ -22,30 +23,58 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	data := parseAllWords("frontend")

 	applyToOtherLanguage("frontend", "en", data)
+	applyToOtherLanguage("frontend", "zh", data)
 	applyToOtherLanguage("frontend", "es", data)
 	applyToOtherLanguage("frontend", "fr", data)
 	applyToOtherLanguage("frontend", "de", data)
+	applyToOtherLanguage("frontend", "id", data)
 	applyToOtherLanguage("frontend", "ja", data)
-	applyToOtherLanguage("frontend", "zh", data)
+	applyToOtherLanguage("frontend", "ko", data)
+	applyToOtherLanguage("frontend", "ru", data)
 	applyToOtherLanguage("frontend", "vi", data)
 	applyToOtherLanguage("frontend", "pt", data)
+	applyToOtherLanguage("frontend", "it", data)
+	applyToOtherLanguage("frontend", "ms", data)
 	applyToOtherLanguage("frontend", "tr", data)
+	applyToOtherLanguage("frontend", "ar", data)
+	applyToOtherLanguage("frontend", "he", data)
+	applyToOtherLanguage("frontend", "nl", data)
 	applyToOtherLanguage("frontend", "pl", data)
+	applyToOtherLanguage("frontend", "fi", data)
+	applyToOtherLanguage("frontend", "sv", data)
 	applyToOtherLanguage("frontend", "uk", data)
+	applyToOtherLanguage("frontend", "kk", data)
+	applyToOtherLanguage("frontend", "fa", data)
+	applyToOtherLanguage("frontend", "cs", data)
+	applyToOtherLanguage("frontend", "sk", data)
 }

 func TestGenerateI18nBackend(t *testing.T) {
 	data := parseAllWords("backend")

 	applyToOtherLanguage("backend", "en", data)
+	applyToOtherLanguage("backend", "zh", data)
 	applyToOtherLanguage("backend", "es", data)
 	applyToOtherLanguage("backend", "fr", data)
 	applyToOtherLanguage("backend", "de", data)
+	applyToOtherLanguage("backend", "id", data)
 	applyToOtherLanguage("backend", "ja", data)
-	applyToOtherLanguage("backend", "zh", data)
+	applyToOtherLanguage("backend", "ko", data)
+	applyToOtherLanguage("backend", "ru", data)
 	applyToOtherLanguage("backend", "vi", data)
 	applyToOtherLanguage("backend", "pt", data)
+	applyToOtherLanguage("backend", "it", data)
+	applyToOtherLanguage("backend", "ms", data)
 	applyToOtherLanguage("backend", "tr", data)
+	applyToOtherLanguage("backend", "ar", data)
+	applyToOtherLanguage("backend", "he", data)
+	applyToOtherLanguage("backend", "nl", data)
 	applyToOtherLanguage("backend", "pl", data)
+	applyToOtherLanguage("backend", "fi", data)
+	applyToOtherLanguage("backend", "sv", data)
 	applyToOtherLanguage("backend", "uk", data)
+	applyToOtherLanguage("backend", "kk", data)
+	applyToOtherLanguage("backend", "fa", data)
+	applyToOtherLanguage("backend", "cs", data)
+	applyToOtherLanguage("backend", "sk", data)
 }
--- a/i18n/locales/ar/data.json
+++ b/i18n/locales/ar/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The invitation code has already been used": "The invitation code has already been used",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "Please login first",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}
--- a/i18n/locales/cs/data.json
+++ b/i18n/locales/cs/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "Nepodařilo se přidat uživatele",
+    "Get init score failed, error: %w": "Nepodařilo se získat počáteční skóre, chyba: %w",
+    "Please sign out first": "Nejprve se prosím odhlaste",
+    "The application does not allow to sign up new account": "Aplikace neumožňuje registraci nového účtu"
+  },
+  "auth": {
+    "Challenge method should be S256": "Metoda výzvy by měla být S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "Nepodařilo se vytvořit uživatele, informace o uživateli jsou neplatné: %s",
+    "Failed to login in: %s": "Nepodařilo se přihlásit: %s",
+    "Invalid token": "Neplatný token",
+    "State expected: %s, but got: %s": "Očekávaný stav: %s, ale získán: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) neexistuje a není povoleno se registrovat jako nový účet přes %%s, prosím použijte jiný způsob registrace",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) neexistuje a není povoleno se registrovat jako nový účet, prosím kontaktujte svou IT podporu",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Účet pro poskytovatele: %s a uživatelské jméno: %s (%s) je již propojen s jiným účtem: %s (%s)",
+    "The application: %s does not exist": "Aplikace: %s neexistuje",
+    "The login method: login with LDAP is not enabled for the application": "Metoda přihlášení: přihlášení pomocí LDAP není pro aplikaci povolena",
+    "The login method: login with SMS is not enabled for the application": "Metoda přihlášení: přihlášení pomocí SMS není pro aplikaci povolena",
+    "The login method: login with email is not enabled for the application": "Metoda přihlášení: přihlášení pomocí emailu není pro aplikaci povolena",
+    "The login method: login with face is not enabled for the application": "Metoda přihlášení: přihlášení pomocí obličeje není pro aplikaci povolena",
+    "The login method: login with password is not enabled for the application": "Metoda přihlášení: přihlášení pomocí hesla není pro aplikaci povolena",
+    "The organization: %s does not exist": "Organizace: %s neexistuje",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "Poskytovatel: %s není pro aplikaci povolen",
+    "Unauthorized operation": "Neoprávněná operace",
+    "Unknown authentication type (not password or provider), form = %s": "Neznámý typ autentizace (není heslo nebo poskytovatel), formulář = %s",
+    "User's tag: %s is not listed in the application's tags": "Štítek uživatele: %s není uveden v štítcích aplikace",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Placený uživatel %s nemá aktivní nebo čekající předplatné a aplikace: %s nemá výchozí ceny",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Služba %s a %s se neshodují"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "Příslušnost nemůže být prázdná",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Výchozí kód neodpovídá pravidlům pro shodu kódů",
+    "DisplayName cannot be blank": "Zobrazované jméno nemůže být prázdné",
+    "DisplayName is not valid real name": "Zobrazované jméno není platné skutečné jméno",
+    "Email already exists": "Email již existuje",
+    "Email cannot be empty": "Email nemůže být prázdný",
+    "Email is invalid": "Email je neplatný",
+    "Empty username.": "Prázdné uživatelské jméno.",
+    "Face data does not exist, cannot log in": "Data obličeje neexistují, nelze se přihlásit",
+    "Face data mismatch": "Neshoda dat obličeje",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "Křestní jméno nemůže být prázdné",
+    "Invitation code cannot be blank": "Pozvánkový kód nemůže být prázdný",
+    "Invitation code exhausted": "Pozvánkový kód vyčerpán",
+    "Invitation code is invalid": "Pozvánkový kód je neplatný",
+    "Invitation code suspended": "Pozvánkový kód pozastaven",
+    "LDAP user name or password incorrect": "Uživatelské jméno nebo heslo LDAP je nesprávné",
+    "LastName cannot be blank": "Příjmení nemůže být prázdné",
+    "Multiple accounts with same uid, please check your ldap server": "Více účtů se stejným uid, prosím zkontrolujte svůj ldap server",
+    "Organization does not exist": "Organizace neexistuje",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "Telefon již existuje",
+    "Phone cannot be empty": "Telefon nemůže být prázdný",
+    "Phone number is invalid": "Telefonní číslo je neplatné",
+    "Please register using the email corresponding to the invitation code": "Prosím zaregistrujte se pomocí emailu odpovídajícího pozvánkovému kódu",
+    "Please register using the phone  corresponding to the invitation code": "Prosím zaregistrujte se pomocí telefonu odpovídajícího pozvánkovému kódu",
+    "Please register using the username corresponding to the invitation code": "Prosím zaregistrujte se pomocí uživatelského jména odpovídajícího pozvánkovému kódu",
+    "Session outdated, please login again": "Relace je zastaralá, prosím přihlaste se znovu",
+    "The invitation code has already been used": "Pozvánkový kód již byl použit",
+    "The user is forbidden to sign in, please contact the administrator": "Uživatel má zakázáno se přihlásit, prosím kontaktujte administrátora",
+    "The user: %s doesn't exist in LDAP server": "Uživatel: %s neexistuje na LDAP serveru",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Uživatelské jméno může obsahovat pouze alfanumerické znaky, podtržítka nebo pomlčky, nemůže mít po sobě jdoucí pomlčky nebo podtržítka a nemůže začínat nebo končit pomlčkou nebo podtržítkem.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Hodnota \\\"%s\\\" pro pole účtu \\\"%s\\\" neodpovídá regulárnímu výrazu položky účtu",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Hodnota \\\"%s\\\" pro pole registrace \\\"%s\\\" neodpovídá regulárnímu výrazu položky registrace aplikace \\\"%s\\\"",
+    "Username already exists": "Uživatelské jméno již existuje",
+    "Username cannot be an email address": "Uživatelské jméno nemůže být emailová adresa",
+    "Username cannot contain white spaces": "Uživatelské jméno nemůže obsahovat mezery",
+    "Username cannot start with a digit": "Uživatelské jméno nemůže začínat číslicí",
+    "Username is too long (maximum is 255 characters).": "Uživatelské jméno je příliš dlouhé (maximálně 255 znaků).",
+    "Username must have at least 2 characters": "Uživatelské jméno musí mít alespoň 2 znaky",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Zadali jste špatné heslo nebo kód příliš mnohokrát, prosím počkejte %d minut a zkuste to znovu",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "Vaše oblast neumožňuje registraci pomocí telefonu",
+    "password or code is incorrect": "heslo nebo kód je nesprávné",
+    "password or code is incorrect, you have %d remaining chances": "heslo nebo kód je nesprávné, máte %d zbývajících pokusů",
+    "unsupported password type: %s": "nepodporovaný typ hesla: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "Chybějící parametr",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "Prosím, přihlaste se nejprve",
+    "The organization: %s should have one application at least": "Organizace: %s by měla mít alespoň jednu aplikaci",
+    "The user: %s doesn't exist": "Uživatel: %s neexistuje",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "nepodporuje captchaProvider: ",
+    "this operation is not allowed in demo mode": "tato operace není povolena v demo režimu",
+    "this operation requires administrator to perform": "tato operace vyžaduje administrátora"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server existuje"
+  },
+  "link": {
+    "Please link first": "Prosím, nejprve propojte",
+    "This application has no providers": "Tato aplikace nemá žádné poskytovatele",
+    "This application has no providers of type": "Tato aplikace nemá žádné poskytovatele typu",
+    "This provider can't be unlinked": "Tento poskytovatel nemůže být odpojen",
+    "You are not the global admin, you can't unlink other users": "Nejste globální administrátor, nemůžete odpojovat jiné uživatele",
+    "You can't unlink yourself, you are not a member of any application": "Nemůžete odpojit sami sebe, nejste členem žádné aplikace"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Pouze administrátor může upravit %s.",
+    "The %s is immutable.": "%s je neměnný.",
+    "Unknown modify rule %s.": "Neznámé pravidlo úpravy %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "Oprávnění: \\\"%s\\\" neexistuje"
+  },
+  "provider": {
+    "Invalid application id": "Neplatné ID aplikace",
+    "the provider: %s does not exist": "poskytovatel: %s neexistuje"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "Uživatel je nil pro tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Uživatelské jméno nebo úplná cesta k souboru je prázdná: uživatelské jméno = %s, úplná cesta k souboru = %s"
+  },
+  "saml": {
+    "Application %s not found": "Aplikace %s nebyla nalezena"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "poskytovatel %s není kategorie SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Prázdné parametry pro emailForm: %v",
+    "Invalid Email receivers: %s": "Neplatní příjemci emailu: %s",
+    "Invalid phone receivers: %s": "Neplatní příjemci telefonu: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "objectKey: %s není povolen",
+    "The provider type: %s is not supported": "typ poskytovatele: %s není podporován"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s není v této aplikaci podporován",
+    "Invalid application or wrong clientSecret": "Neplatná aplikace nebo špatný clientSecret",
+    "Invalid client_id": "Neplatné client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Přesměrovací URI: %s neexistuje v seznamu povolených přesměrovacích URI",
+    "Token not found, invalid accessToken": "Token nenalezen, neplatný accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Zobrazované jméno nemůže být prázdné",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Nové heslo nemůže obsahovat prázdné místo.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Nepodařilo se importovat uživatele"
+  },
+  "util": {
+    "No application is found for userId: %s": "Pro userId: %s nebyla nalezena žádná aplikace",
+    "No provider for category: %s is found for application: %s": "Pro kategorii: %s nebyl nalezen žádný poskytovatel pro aplikaci: %s",
+    "The provider: %s is not found": "Poskytovatel: %s nebyl nalezen"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Neplatný poskytovatel captcha.",
+    "Phone number is invalid in your region %s": "Telefonní číslo je ve vaší oblasti %s neplatné",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "Ověřovací kód ještě nebyl odeslán!",
+    "Turing test failed.": "Turingův test selhal.",
+    "Unable to get the email modify rule.": "Nelze získat pravidlo pro úpravu emailu.",
+    "Unable to get the phone modify rule.": "Nelze získat pravidlo pro úpravu telefonu.",
+    "Unknown type": "Neznámý typ",
+    "Wrong verification code!": "Špatný ověřovací kód!",
+    "You should verify your code in %d min!": "Měli byste ověřit svůj kód do %d minut!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "prosím přidejte poskytovatele SMS do seznamu \\\"Providers\\\" pro aplikaci: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "prosím přidejte poskytovatele emailu do seznamu \\\"Providers\\\" pro aplikaci: %s",
+    "the user does not exist, please sign up first": "uživatel neexistuje, prosím nejprve se zaregistrujte"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "Prosím, nejprve zavolejte WebAuthnSigninBegin"
+  }
+}
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@@ -7,117 +7,100 @@
  },
  "auth": {
    "Challenge method should be S256": "Die Challenge-Methode sollte S256 sein",
-    "DeviceCode Invalid": "Gerätecode ungültig",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Es konnte kein Benutzer erstellt werden, da die Benutzerinformationen ungültig sind: %s",
    "Failed to login in: %s": "Konnte nicht anmelden: %s",
    "Invalid token": "Ungültiges Token",
    "State expected: %s, but got: %s": "Erwarteter Zustand: %s, aber erhalten: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up": "Das Konto für den Anbieter: %s und Benutzernamen: %s (%s) existiert nicht und darf nicht über %s als neues Konto erstellt werden. Bitte nutzen Sie einen anderen Weg, um sich anzumelden",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Das Konto für den Anbieter: %s und Benutzernamen: %s (%s) existiert nicht und darf nicht über %%s als neues Konto erstellt werden. Bitte nutzen Sie einen anderen Weg, um sich anzumelden",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Das Konto für den Anbieter %s und Benutzernamen %s (%s) existiert nicht und es ist nicht erlaubt, ein neues Konto anzumelden. Bitte wenden Sie sich an Ihren IT-Support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Das Konto für den Anbieter %s und Benutzernamen %s (%s) ist bereits mit einem anderen Konto verknüpft: %s (%s)",
    "The application: %s does not exist": "Die Anwendung: %s existiert nicht",
-    "The application: %s has disabled users to signin": "Die Anwendung: %s hat die Anmeldung von Benutzern deaktiviert",
-    "The group: %s does not exist": "Die Gruppe: %s existiert nicht",
-    "The login method: login with LDAP is not enabled for the application": "Die Anmeldemethode: Anmeldung mit LDAP ist für die Anwendung nicht aktiviert",
-    "The login method: login with SMS is not enabled for the application": "Die Anmeldemethode: Anmeldung per SMS ist für die Anwendung nicht aktiviert",
-    "The login method: login with email is not enabled for the application": "Die Anmeldemethode: Anmeldung per E-Mail ist für die Anwendung nicht aktiviert",
-    "The login method: login with face is not enabled for the application": "Die Anmeldemethode: Anmeldung per Gesicht ist für die Anwendung nicht aktiviert",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "Die Anmeldeart \"Anmeldung mit Passwort\" ist für die Anwendung nicht aktiviert",
-    "The organization: %s does not exist": "Die Organisation: %s existiert nicht",
-    "The organization: %s has disabled users to signin": "Die Organisation: %s hat die Anmeldung von Benutzern deaktiviert",
-    "The plan: %s does not exist": "Der Plan: %s existiert nicht",
-    "The pricing: %s does not exist": "Die Preisgestaltung: %s existiert nicht",
-    "The pricing: %s does not have plan: %s": "Die Preisgestaltung: %s hat keinen Plan: %s",
-    "The provider: %s does not exist": "Der Anbieter: %s existiert nicht",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Der Anbieter: %s ist nicht für die Anwendung aktiviert",
    "Unauthorized operation": "Nicht autorisierte Operation",
    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s",
-    "User's tag: %s is not listed in the application's tags": "Benutzer-Tag: %s ist nicht in den Tags der Anwendung aufgeführt",
-    "UserCode Expired": "Benutzercode abgelaufen",
-    "UserCode Invalid": "Benutzercode ungültig",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "Bezahlter Benutzer %s hat kein aktives oder ausstehendes Abonnement und die Anwendung: %s hat keine Standardpreisgestaltung",
-    "the application for user %s is not found": "Die Anwendung für Benutzer %s wurde nicht gefunden",
-    "the organization: %s is not found": "Die Organisation: %s wurde nicht gefunden"
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s und %s stimmen nicht überein"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s erfüllt nicht die CIDR-Formatanforderungen: %s",
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Zugehörigkeit darf nicht leer sein",
-    "CIDR for IP: %s should not be empty": "CIDR für IP: %s darf nicht leer sein",
-    "Default code does not match the code's matching rules": "Standardcode entspricht nicht den Übereinstimmungsregeln des Codes",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "Anzeigename kann nicht leer sein",
    "DisplayName is not valid real name": "DisplayName ist kein gültiger Vorname",
    "Email already exists": "E-Mail existiert bereits",
    "Email cannot be empty": "E-Mail darf nicht leer sein",
    "Email is invalid": "E-Mail ist ungültig",
    "Empty username.": "Leerer Benutzername.",
-    "Face data does not exist, cannot log in": "Gesichtsdaten existieren nicht, Anmeldung nicht möglich",
-    "Face data mismatch": "Gesichtsdaten stimmen nicht überein",
-    "Failed to parse client IP: %s": "Fehler beim Parsen der Client-IP: %s",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Vorname darf nicht leer sein",
-    "Invitation code cannot be blank": "Einladungscode darf nicht leer sein",
-    "Invitation code exhausted": "Einladungscode aufgebraucht",
-    "Invitation code is invalid": "Einladungscode ist ungültig",
-    "Invitation code suspended": "Einladungscode ausgesetzt",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
    "LDAP user name or password incorrect": "Ldap Benutzername oder Passwort falsch",
    "LastName cannot be blank": "Nachname darf nicht leer sein",
    "Multiple accounts with same uid, please check your ldap server": "Mehrere Konten mit derselben uid, bitte überprüfen Sie Ihren LDAP-Server",
    "Organization does not exist": "Organisation existiert nicht",
-    "Password cannot be empty": "Passwort darf nicht leer sein",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Telefon existiert bereits",
    "Phone cannot be empty": "Das Telefon darf nicht leer sein",
    "Phone number is invalid": "Die Telefonnummer ist ungültig",
-    "Please register using the email corresponding to the invitation code": "Bitte registrieren Sie sich mit der E-Mail, die zum Einladungscode gehört",
-    "Please register using the phone  corresponding to the invitation code": "Bitte registrieren Sie sich mit der Telefonnummer, die zum Einladungscode gehört",
-    "Please register using the username corresponding to the invitation code": "Bitte registrieren Sie sich mit dem Benutzernamen, der zum Einladungscode gehört",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
    "Session outdated, please login again": "Sitzung abgelaufen, bitte erneut anmelden",
-    "The invitation code has already been used": "Der Einladungscode wurde bereits verwendet",
-    "The password must contain at least one special character": "Das Passwort muss mindestens ein Sonderzeichen enthalten",
-    "The password must contain at least one uppercase letter, one lowercase letter and one digit": "Das Passwort muss mindestens einen Großbuchstaben, einen Kleinbuchstaben und eine Ziffer enthalten",
-    "The password must have at least 6 characters": "Das Passwort muss mindestens 6 Zeichen haben",
-    "The password must have at least 8 characters": "Das Passwort muss mindestens 8 Zeichen haben",
-    "The password must not contain any repeated characters": "Das Passwort darf keine wiederholten Zeichen enthalten",
-    "The user has been deleted and cannot be used to sign in, please contact the administrator": "Der Benutzer wurde gelöscht und kann nicht zur Anmeldung verwendet werden. Bitte wenden Sie sich an den Administrator",
+    "The invitation code has already been used": "The invitation code has already been used",
    "The user is forbidden to sign in, please contact the administrator": "Dem Benutzer ist der Zugang verboten, bitte kontaktieren Sie den Administrator",
-    "The user: %s doesn't exist in LDAP server": "Der Benutzer: %s existiert nicht im LDAP-Server",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Der Benutzername darf nur alphanumerische Zeichen, Unterstriche oder Bindestriche enthalten, keine aufeinanderfolgenden Bindestriche oder Unterstriche haben und darf nicht mit einem Bindestrich oder Unterstrich beginnen oder enden.",
-    "The value \"%s\" for account field \"%s\" doesn't match the account item regex": "Der Wert \"%s\" für das Kontenfeld \"%s\" stimmt nicht mit dem Kontenelement-Regex überein",
-    "The value \"%s\" for signup field \"%s\" doesn't match the signup item regex of the application \"%s\"": "Der Wert \"%s\" für das Registrierungsfeld \"%s\" stimmt nicht mit dem Registrierungselement-Regex der Anwendung \"%s\" überein",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
    "Username already exists": "Benutzername existiert bereits",
    "Username cannot be an email address": "Benutzername kann keine E-Mail-Adresse sein",
    "Username cannot contain white spaces": "Benutzername darf keine Leerzeichen enthalten",
    "Username cannot start with a digit": "Benutzername darf nicht mit einer Ziffer beginnen",
    "Username is too long (maximum is 255 characters).": "Benutzername ist zu lang (das Maximum beträgt 255 Zeichen).",
    "Username must have at least 2 characters": "Benutzername muss mindestens 2 Zeichen lang sein",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Benutzername unterstützt E-Mail-Format. Der Benutzername darf nur alphanumerische Zeichen, Unterstriche oder Bindestriche enthalten, keine aufeinanderfolgenden Bindestriche oder Unterstriche haben und darf nicht mit einem Bindestrich oder Unterstrich beginnen oder enden. Achten Sie auch auf das E-Mail-Format.",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Sie haben zu oft das falsche Passwort oder den falschen Code eingegeben. Bitte warten Sie %d Minuten und versuchen Sie es erneut",
-    "Your IP address: %s has been banned according to the configuration of: ": "Ihre IP-Adresse: %s wurde laut Konfiguration gesperrt von: ",
-    "Your password has expired. Please reset your password by clicking \"Forgot password\"": "Ihr Passwort ist abgelaufen. Bitte setzen Sie Ihr Passwort zurück, indem Sie auf \"Passwort vergessen\" klicken",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Ihre Region ist nicht berechtigt, sich telefonisch anzumelden",
-    "password or code is incorrect": "Passwort oder Code ist falsch",
-    "password or code is incorrect, you have %s remaining chances": "Das Passwort oder der Code ist falsch. Du hast noch %s Versuche übrig",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "Das Passwort oder der Code ist falsch. Du hast noch %d Versuche übrig",
    "unsupported password type: %s": "Nicht unterstützter Passworttyp: %s"
  },
  "enforcer": {
-    "the adapter: %s is not found": "Der Adapter: %s wurde nicht gefunden"
+    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
-    "Failed to import groups": "Gruppen importieren fehlgeschlagen",
-    "Failed to import users": "Fehler beim Importieren von Benutzern",
    "Missing parameter": "Fehlender Parameter",
-    "Only admin user can specify user": "Nur Administrator kann Benutzer angeben",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Bitte zuerst einloggen",
-    "The organization: %s should have one application at least": "Die Organisation: %s sollte mindestens eine Anwendung haben",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "Der Benutzer %s existiert nicht",
-    "Wrong userId": "Falsche Benutzer-ID",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:",
-    "this operation is not allowed in demo mode": "Dieser Vorgang ist im Demo-Modus nicht erlaubt",
-    "this operation requires administrator to perform": "Dieser Vorgang erfordert einen Administrator zur Ausführung"
-  },
-  "invitation": {
-    "Invitation %s does not exist": "Einladung %s existiert nicht"
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
  },
  "ldap": {
    "Ldap server exist": "Es gibt einen LDAP-Server"
@@ -134,10 +117,10 @@
    "Only admin can modify the %s.": "Nur der Administrator kann das %s ändern.",
    "The %s is immutable.": "Das %s ist unveränderlich.",
    "Unknown modify rule %s.": "Unbekannte Änderungsregel %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "Das Hinzufügen eines neuen Benutzers zur 'eingebauten' Organisation ist derzeit deaktiviert. Bitte beachten Sie: Alle Benutzer in der 'eingebauten' Organisation sind globale Administratoren in Casdoor. Siehe die Docs: https://casdoor.org/docs/basic/core-concepts#how  -does-casdoor-manage-sich selbst. Wenn Sie immer noch einen Benutzer für die 'eingebaute' Organisation erstellen möchten, gehen Sie auf die Einstellungsseite der Organisation und aktivieren Sie die Option 'Habt Berechtigungszustimmung'."
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
-    "The permission: \"%s\" doesn't exist": "Die Berechtigung: \"%s\" existiert nicht"
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
  },
  "provider": {
    "Invalid application id": "Ungültige Anwendungs-ID",
@@ -163,7 +146,7 @@
    "The provider type: %s is not supported": "Der Anbieter-Typ %s wird nicht unterstützt"
  },
  "subscription": {
-    "Error": "Fehler"
+    "Error": "Error"
  },
  "token": {
    "Grant_type: %s is not supported in this application": "Grant_type: %s wird von dieser Anwendung nicht unterstützt",
@@ -174,11 +157,13 @@
  },
  "user": {
    "Display name cannot be empty": "Anzeigename darf nicht leer sein",
-    "MFA email is enabled but email is empty": "MFA-E-Mail ist aktiviert, aber E-Mail ist leer",
-    "MFA phone is enabled but phone number is empty": "MFA-Telefon ist aktiviert, aber Telefonnummer ist leer",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten.",
-    "The new password must be different from your current password": "Das neue Passwort muss sich von Ihrem aktuellen Passwort unterscheiden",
-    "the user's owner and name should not be empty": "Eigentümer und Name des Benutzers dürfen nicht leer sein"
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Fehler beim Importieren von Benutzern"
  },
  "util": {
    "No application is found for userId: %s": "Es wurde keine Anwendung für die Benutzer-ID gefunden: %s",
@@ -188,20 +173,19 @@
  "verification": {
    "Invalid captcha provider.": "Ungültiger Captcha-Anbieter.",
    "Phone number is invalid in your region %s": "Die Telefonnummer ist in Ihrer Region %s ungültig",
-    "The verification code has already been used!": "Der Verifizierungscode wurde bereits verwendet!",
-    "The verification code has not been sent yet!": "Der Verifizierungscode wurde noch nicht gesendet!",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
    "Turing test failed.": "Turing-Test fehlgeschlagen.",
    "Unable to get the email modify rule.": "Nicht in der Lage, die E-Mail-Änderungsregel zu erhalten.",
    "Unable to get the phone modify rule.": "Nicht in der Lage, die Telefon-Änderungsregel zu erhalten.",
    "Unknown type": "Unbekannter Typ",
    "Wrong verification code!": "Falscher Bestätigungscode!",
    "You should verify your code in %d min!": "Du solltest deinen Code in %d Minuten verifizieren!",
-    "please add a SMS provider to the \"Providers\" list for the application: %s": "Bitte fügen Sie einen SMS-Anbieter zur \"Providers\"-Liste für die Anwendung hinzu: %s",
-    "please add an Email provider to the \"Providers\" list for the application: %s": "Bitte fügen Sie einen E-Mail-Anbieter zur \"Providers\"-Liste für die Anwendung hinzu: %s",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
    "the user does not exist, please sign up first": "Der Benutzer existiert nicht, bitte zuerst anmelden"
  },
  "webauthn": {
-    "Found no credentials for this user": "Für diesen Benutzer wurden keine Anmeldeinformationen gefunden",
    "Please call WebAuthnSigninBegin first": "Bitte rufen Sie zuerst WebAuthnSigninBegin auf"
  }
 }
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@@ -12,22 +12,16 @@
    "Failed to login in: %s": "Failed to login in: %s",
    "Invalid token": "Invalid token",
    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
-    "The application: %s has disabled users to signin": "The application: %s has disabled users to signin",
-    "The group: %s does not exist": "The group: %s does not exist",
    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The organization: %s does not exist": "The organization: %s does not exist",
-    "The organization: %s has disabled users to signin": "The organization: %s has disabled users to signin",
-    "The plan: %s does not exist": "The plan: %s does not exist",
-    "The pricing: %s does not exist": "The pricing: %s does not exist",
-    "The pricing: %s does not have plan: %s": "The pricing: %s does not have plan: %s",
    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
@@ -74,17 +68,11 @@
    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
    "Session outdated, please login again": "Session outdated, please login again",
    "The invitation code has already been used": "The invitation code has already been used",
-    "The password must contain at least one special character": "The password must contain at least one special character",
-    "The password must contain at least one uppercase letter, one lowercase letter and one digit": "The password must contain at least one uppercase letter, one lowercase letter and one digit",
-    "The password must have at least 6 characters": "The password must have at least 6 characters",
-    "The password must have at least 8 characters": "The password must have at least 8 characters",
-    "The password must not contain any repeated characters": "The password must not contain any repeated characters",
-    "The user has been deleted and cannot be used to sign in, please contact the administrator": "The user has been deleted and cannot be used to sign in, please contact the administrator",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "The value \"%s\" for account field \"%s\" doesn't match the account item regex": "The value \"%s\" for account field \"%s\" doesn't match the account item regex",
-    "The value \"%s\" for signup field \"%s\" doesn't match the signup item regex of the application \"%s\"": "The value \"%s\" for signup field \"%s\" doesn't match the signup item regex of the application \"%s\"",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
    "Username cannot contain white spaces": "Username cannot contain white spaces",
@@ -94,18 +82,16 @@
    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
-    "Your password has expired. Please reset your password by clicking \"Forgot password\"": "Your password has expired. Please reset your password by clicking \"Forgot password\"",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %s remaining chances": "password or code is incorrect, you have %s remaining chances",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
  "enforcer": {
    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
-    "Failed to import groups": "Failed to import groups",
-    "Failed to import users": "Failed to import users",
    "Missing parameter": "Missing parameter",
    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Please login first",
@@ -116,9 +102,6 @@
    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
    "this operation requires administrator to perform": "this operation requires administrator to perform"
  },
-  "invitation": {
-    "Invitation %s does not exist": "Invitation %s does not exist"
-  },
  "ldap": {
    "Ldap server exist": "Ldap server exist"
  },
@@ -137,7 +120,7 @@
    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
-    "The permission: \"%s\" doesn't exist": "The permission: \"%s\" doesn't exist"
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
  },
  "provider": {
    "Invalid application id": "Invalid application id",
@@ -177,9 +160,11 @@
    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "The new password must be different from your current password": "The new password must be different from your current password",
    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
@@ -196,12 +181,11 @@
    "Unknown type": "Unknown type",
    "Wrong verification code!": "Wrong verification code!",
    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "please add a SMS provider to the \"Providers\" list for the application: %s": "please add a SMS provider to the \"Providers\" list for the application: %s",
-    "please add an Email provider to the \"Providers\" list for the application: %s": "please add an Email provider to the \"Providers\" list for the application: %s",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
  },
  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
  }
 }
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@@ -7,117 +7,100 @@
  },
  "auth": {
    "Challenge method should be S256": "El método de desafío debe ser S256",
-    "DeviceCode Invalid": "Código de dispositivo inválido",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "No se pudo crear el usuario, la información del usuario es inválida: %s",
    "Failed to login in: %s": "No se ha podido iniciar sesión en: %s",
    "Invalid token": "Token inválido",
    "State expected: %s, but got: %s": "Estado esperado: %s, pero se obtuvo: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up": "La cuenta para el proveedor: %s y nombre de usuario: %s (%s) no existe y no está permitido registrarse como una cuenta nueva a través de %s, por favor use otro método para registrarse",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "La cuenta para el proveedor: %s y nombre de usuario: %s (%s) no existe y no está permitido registrarse como una cuenta nueva a través de %%s, por favor use otro método para registrarse",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "La cuenta para el proveedor: %s y el nombre de usuario: %s (%s) no existe y no se permite registrarse como una nueva cuenta, por favor contacte a su soporte de TI",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "La cuenta para proveedor: %s y nombre de usuario: %s (%s) ya está vinculada a otra cuenta: %s (%s)",
    "The application: %s does not exist": "La aplicación: %s no existe",
-    "The application: %s has disabled users to signin": "La aplicación: %s ha desactivado el inicio de sesión de usuarios",
-    "The group: %s does not exist": "El grupo: %s no existe",
-    "The login method: login with LDAP is not enabled for the application": "El método de inicio de sesión: inicio de sesión con LDAP no está habilitado para la aplicación",
-    "The login method: login with SMS is not enabled for the application": "El método de inicio de sesión: inicio de sesión con SMS no está habilitado para la aplicación",
-    "The login method: login with email is not enabled for the application": "El método de inicio de sesión: inicio de sesión con correo electrónico no está habilitado para la aplicación",
-    "The login method: login with face is not enabled for the application": "El método de inicio de sesión: inicio de sesión con reconocimiento facial no está habilitado para la aplicación",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "El método de inicio de sesión: inicio de sesión con contraseña no está habilitado para la aplicación",
-    "The organization: %s does not exist": "La organización: %s no existe",
-    "The organization: %s has disabled users to signin": "La organización: %s ha desactivado el inicio de sesión de usuarios",
-    "The plan: %s does not exist": "El plan: %s no existe",
-    "The pricing: %s does not exist": "El precio: %s no existe",
-    "The pricing: %s does not have plan: %s": "El precio: %s no tiene el plan: %s",
-    "The provider: %s does not exist": "El proveedor: %s no existe",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "El proveedor: %s no está habilitado para la aplicación",
    "Unauthorized operation": "Operación no autorizada",
    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s",
-    "User's tag: %s is not listed in the application's tags": "La etiqueta del usuario: %s no está incluida en las etiquetas de la aplicación",
-    "UserCode Expired": "Código de usuario expirado",
-    "UserCode Invalid": "Código de usuario inválido",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "El usuario de pago %s no tiene una suscripción activa o pendiente y la aplicación: %s no tiene precio predeterminado",
-    "the application for user %s is not found": "no se encontró la aplicación para el usuario %s",
-    "the organization: %s is not found": "no se encontró la organización: %s"
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Los servicios %s y %s no coinciden"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s no cumple con los requisitos del formato CIDR: %s",
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Afiliación no puede estar en blanco",
-    "CIDR for IP: %s should not be empty": "El CIDR para la IP: %s no debe estar vacío",
-    "Default code does not match the code's matching rules": "El código predeterminado no coincide con las reglas de coincidencia de códigos",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "El nombre de visualización no puede estar en blanco",
    "DisplayName is not valid real name": "El nombre de pantalla no es un nombre real válido",
    "Email already exists": "El correo electrónico ya existe",
    "Email cannot be empty": "El correo electrónico no puede estar vacío",
    "Email is invalid": "El correo electrónico no es válido",
    "Empty username.": "Nombre de usuario vacío.",
-    "Face data does not exist, cannot log in": "No existen datos faciales, no se puede iniciar sesión",
-    "Face data mismatch": "Los datos faciales no coinciden",
-    "Failed to parse client IP: %s": "Error al analizar la IP del cliente: %s",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "El nombre no puede estar en blanco",
-    "Invitation code cannot be blank": "El código de invitación no puede estar vacío",
-    "Invitation code exhausted": "Código de invitación agotado",
-    "Invitation code is invalid": "Código de invitación inválido",
-    "Invitation code suspended": "Código de invitación suspendido",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
    "LDAP user name or password incorrect": "Nombre de usuario o contraseña de Ldap incorrectos",
    "LastName cannot be blank": "El apellido no puede estar en blanco",
    "Multiple accounts with same uid, please check your ldap server": "Cuentas múltiples con el mismo uid, por favor revise su servidor ldap",
    "Organization does not exist": "La organización no existe",
-    "Password cannot be empty": "La contraseña no puede estar vacía",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "El teléfono ya existe",
    "Phone cannot be empty": "Teléfono no puede estar vacío",
    "Phone number is invalid": "El número de teléfono no es válido",
-    "Please register using the email corresponding to the invitation code": "Regístrese usando el correo electrónico correspondiente al código de invitación",
-    "Please register using the phone  corresponding to the invitation code": "Regístrese usando el número de teléfono correspondiente al código de invitación",
-    "Please register using the username corresponding to the invitation code": "Regístrese usando el nombre de usuario correspondiente al código de invitación",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
    "Session outdated, please login again": "Sesión expirada, por favor vuelva a iniciar sesión",
-    "The invitation code has already been used": "El código de invitación ya ha sido utilizado",
-    "The password must contain at least one special character": "La contraseña debe contener al menos un carácter especial",
-    "The password must contain at least one uppercase letter, one lowercase letter and one digit": "La contraseña debe contener al menos una letra mayúscula, una letra minúscula y un dígito",
-    "The password must have at least 6 characters": "La contraseña debe tener al menos 6 caracteres",
-    "The password must have at least 8 characters": "La contraseña debe tener al menos 8 caracteres",
-    "The password must not contain any repeated characters": "La contraseña no debe contener caracteres repetidos",
-    "The user has been deleted and cannot be used to sign in, please contact the administrator": "El usuario ha sido eliminado y no se puede usar para iniciar sesión, póngase en contacto con el administrador",
+    "The invitation code has already been used": "The invitation code has already been used",
    "The user is forbidden to sign in, please contact the administrator": "El usuario no está autorizado a iniciar sesión, por favor contacte al administrador",
-    "The user: %s doesn't exist in LDAP server": "El usuario: %s no existe en el servidor LDAP",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "El nombre de usuario solo puede contener caracteres alfanuméricos, guiones bajos o guiones, no puede tener guiones o subrayados consecutivos, y no puede comenzar ni terminar con un guión o subrayado.",
-    "The value \"%s\" for account field \"%s\" doesn't match the account item regex": "El valor \"%s\" para el campo de cuenta \"%s\" no coincide con la expresión regular del elemento de cuenta",
-    "The value \"%s\" for signup field \"%s\" doesn't match the signup item regex of the application \"%s\"": "El valor \"%s\" para el campo de registro \"%s\" no coincide con la expresión regular del elemento de registro de la aplicación \"%s\"",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
    "Username already exists": "El nombre de usuario ya existe",
    "Username cannot be an email address": "Nombre de usuario no puede ser una dirección de correo electrónico",
    "Username cannot contain white spaces": "Nombre de usuario no puede contener espacios en blanco",
    "Username cannot start with a digit": "El nombre de usuario no puede empezar con un dígito",
    "Username is too long (maximum is 255 characters).": "El nombre de usuario es demasiado largo (el máximo es de 255 caracteres).",
    "Username must have at least 2 characters": "Nombre de usuario debe tener al menos 2 caracteres",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "El nombre de usuario admite formato de correo electrónico. Además, el nombre de usuario solo puede contener caracteres alfanuméricos, guiones bajos o guiones, no puede tener guiones bajos o guiones consecutivos y no puede comenzar ni terminar con un guión o guión bajo. También preste atención al formato del correo electrónico.",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Has ingresado la contraseña o código incorrecto demasiadas veces, por favor espera %d minutos e intenta de nuevo",
-    "Your IP address: %s has been banned according to the configuration of: ": "Su dirección IP: %s ha sido bloqueada según la configuración de: ",
-    "Your password has expired. Please reset your password by clicking \"Forgot password\"": "Su contraseña ha expirado. Restablezca su contraseña haciendo clic en \"Olvidé mi contraseña\"",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Tu región no está permitida para registrarse por teléfono",
-    "password or code is incorrect": "contraseña o código incorrecto",
-    "password or code is incorrect, you have %s remaining chances": "Contraseña o código incorrecto, tienes %s intentos restantes",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "Contraseña o código incorrecto, tienes %d intentos restantes",
    "unsupported password type: %s": "Tipo de contraseña no compatible: %s"
  },
  "enforcer": {
-    "the adapter: %s is not found": "no se encontró el adaptador: %s"
+    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
-    "Failed to import groups": "Error al importar grupos",
-    "Failed to import users": "Error al importar usuarios",
    "Missing parameter": "Parámetro faltante",
-    "Only admin user can specify user": "Solo el usuario administrador puede especificar usuario",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Por favor, inicia sesión primero",
-    "The organization: %s should have one application at least": "La organización: %s debe tener al menos una aplicación",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "El usuario: %s no existe",
-    "Wrong userId": "ID de usuario incorrecto",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "No apoyo a captchaProvider",
-    "this operation is not allowed in demo mode": "esta operación no está permitida en modo de demostración",
-    "this operation requires administrator to perform": "esta operación requiere que el administrador la realice"
-  },
-  "invitation": {
-    "Invitation %s does not exist": "La invitación %s no existe"
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
  },
  "ldap": {
    "Ldap server exist": "El servidor LDAP existe"
@@ -134,10 +117,10 @@
    "Only admin can modify the %s.": "Solo el administrador puede modificar los %s.",
    "The %s is immutable.": "El %s es inmutable.",
    "Unknown modify rule %s.": "Regla de modificación desconocida %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "La adición de un nuevo usuario a la organización 'integrada' está actualmente deshabilitada. Tenga en cuenta: todos los usuarios de la organización 'integrada' son administradores globales en Casdoor. Consulte los docs: https://casdoor.org/docs/basic/core-concepts#how  -does-casdoor-manage-itself. Si todavía desea crear un usuario para la organización 'integrada', vaya a la página de configuración de la organización y habilite la opción 'Tiene consentimiento de privilegios'."
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
-    "The permission: \"%s\" doesn't exist": "El permiso: \"%s\" no existe"
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
  },
  "provider": {
    "Invalid application id": "Identificación de aplicación no válida",
@@ -174,11 +157,13 @@
  },
  "user": {
    "Display name cannot be empty": "El nombre de pantalla no puede estar vacío",
-    "MFA email is enabled but email is empty": "El correo electrónico MFA está habilitado pero el correo está vacío",
-    "MFA phone is enabled but phone number is empty": "El teléfono MFA está habilitado pero el número de teléfono está vacío",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco.",
-    "The new password must be different from your current password": "La nueva contraseña debe ser diferente de su contraseña actual",
-    "the user's owner and name should not be empty": "el propietario y el nombre del usuario no deben estar vacíos"
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Error al importar usuarios"
  },
  "util": {
    "No application is found for userId: %s": "No se encuentra ninguna aplicación para el Id de usuario: %s",
@@ -188,20 +173,19 @@
  "verification": {
    "Invalid captcha provider.": "Proveedor de captcha no válido.",
    "Phone number is invalid in your region %s": "El número de teléfono es inválido en tu región %s",
-    "The verification code has already been used!": "¡El código de verificación ya ha sido utilizado!",
-    "The verification code has not been sent yet!": "¡El código de verificación aún no ha sido enviado!",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
    "Turing test failed.": "El test de Turing falló.",
    "Unable to get the email modify rule.": "No se puede obtener la regla de modificación de correo electrónico.",
    "Unable to get the phone modify rule.": "No se pudo obtener la regla de modificación del teléfono.",
    "Unknown type": "Tipo desconocido",
    "Wrong verification code!": "¡Código de verificación incorrecto!",
    "You should verify your code in %d min!": "¡Deberías verificar tu código en %d minutos!",
-    "please add a SMS provider to the \"Providers\" list for the application: %s": "agregue un proveedor de SMS a la lista \"Proveedores\" para la aplicación: %s",
-    "please add an Email provider to the \"Providers\" list for the application: %s": "agregue un proveedor de correo electrónico a la lista \"Proveedores\" para la aplicación: %s",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
    "the user does not exist, please sign up first": "El usuario no existe, por favor regístrese primero"
  },
  "webauthn": {
-    "Found no credentials for this user": "No se encontraron credenciales para este usuario",
    "Please call WebAuthnSigninBegin first": "Por favor, llama primero a WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/fa/data.json
+++ b/i18n/locales/fa/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "عدم موفقیت در افزودن کاربر",
+    "Get init score failed, error: %w": "عدم موفقیت در دریافت امتیاز اولیه، خطا: %w",
+    "Please sign out first": "لطفاً ابتدا خارج شوید",
+    "The application does not allow to sign up new account": "برنامه اجازه ثبت‌نام حساب جدید را نمی‌دهد"
+  },
+  "auth": {
+    "Challenge method should be S256": "روش چالش باید S256 باشد",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "عدم موفقیت در ایجاد کاربر، اطلاعات کاربر نامعتبر است: %s",
+    "Failed to login in: %s": "عدم موفقیت در ورود: %s",
+    "Invalid token": "توکن نامعتبر",
+    "State expected: %s, but got: %s": "وضعیت مورد انتظار: %s، اما دریافت شد: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "حساب برای ارائه‌دهنده: %s و نام کاربری: %s (%s) وجود ندارد و مجاز به ثبت‌نام به‌عنوان حساب جدید از طریق %%s نیست، لطفاً از روش دیگری برای ثبت‌نام استفاده کنید",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "حساب برای ارائه‌دهنده: %s و نام کاربری: %s (%s) وجود ندارد و مجاز به ثبت‌نام به‌عنوان حساب جدید نیست، لطفاً با پشتیبانی IT خود تماس بگیرید",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "حساب برای ارائه‌دهنده: %s و نام کاربری: %s (%s) در حال حاضر به حساب دیگری مرتبط است: %s (%s)",
+    "The application: %s does not exist": "برنامه: %s وجود ندارد",
+    "The login method: login with LDAP is not enabled for the application": "روش ورود: ورود با LDAP برای برنامه فعال نیست",
+    "The login method: login with SMS is not enabled for the application": "روش ورود: ورود با پیامک برای برنامه فعال نیست",
+    "The login method: login with email is not enabled for the application": "روش ورود: ورود با ایمیل برای برنامه فعال نیست",
+    "The login method: login with face is not enabled for the application": "روش ورود: ورود با چهره برای برنامه فعال نیست",
+    "The login method: login with password is not enabled for the application": "روش ورود: ورود با رمز عبور برای برنامه فعال نیست",
+    "The organization: %s does not exist": "سازمان: %s وجود ندارد",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "ارائه‌دهنده: %s برای برنامه فعال نیست",
+    "Unauthorized operation": "عملیات غیرمجاز",
+    "Unknown authentication type (not password or provider), form = %s": "نوع احراز هویت ناشناخته (نه رمز عبور و نه ارائه‌دهنده)، فرم = %s",
+    "User's tag: %s is not listed in the application's tags": "برچسب کاربر: %s در برچسب‌های برنامه فهرست نشده است",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "کاربر پرداختی %s اشتراک فعال یا در انتظار ندارد و برنامه: %s قیمت‌گذاری پیش‌فرض ندارد",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "سرویس %s و %s مطابقت ندارند"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "وابستگی نمی‌تواند خالی باشد",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "کد پیش‌فرض با قوانین تطبیق کد مطابقت ندارد",
+    "DisplayName cannot be blank": "نام نمایشی نمی‌تواند خالی باشد",
+    "DisplayName is not valid real name": "نام نمایشی یک نام واقعی معتبر نیست",
+    "Email already exists": "ایمیل قبلاً وجود دارد",
+    "Email cannot be empty": "ایمیل نمی‌تواند خالی باشد",
+    "Email is invalid": "ایمیل نامعتبر است",
+    "Empty username.": "نام کاربری خالی است.",
+    "Face data does not exist, cannot log in": "داده‌های چهره وجود ندارد، نمی‌توان وارد شد",
+    "Face data mismatch": "عدم تطابق داده‌های چهره",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "نام نمی‌تواند خالی باشد",
+    "Invitation code cannot be blank": "کد دعوت نمی‌تواند خالی باشد",
+    "Invitation code exhausted": "کد دعوت استفاده شده است",
+    "Invitation code is invalid": "کد دعوت نامعتبر است",
+    "Invitation code suspended": "کد دعوت معلق است",
+    "LDAP user name or password incorrect": "نام کاربری یا رمز عبور LDAP نادرست است",
+    "LastName cannot be blank": "نام خانوادگی نمی‌تواند خالی باشد",
+    "Multiple accounts with same uid, please check your ldap server": "چندین حساب با uid یکسان، لطفاً سرور LDAP خود را بررسی کنید",
+    "Organization does not exist": "سازمان وجود ندارد",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "تلفن قبلاً وجود دارد",
+    "Phone cannot be empty": "تلفن نمی‌تواند خالی باشد",
+    "Phone number is invalid": "شماره تلفن نامعتبر است",
+    "Please register using the email corresponding to the invitation code": "لطفاً با استفاده از ایمیل مربوط به کد دعوت ثبت‌نام کنید",
+    "Please register using the phone  corresponding to the invitation code": "لطفاً با استفاده از تلفن مربوط به کد دعوت ثبت‌نام کنید",
+    "Please register using the username corresponding to the invitation code": "لطفاً با استفاده از نام کاربری مربوط به کد دعوت ثبت‌نام کنید",
+    "Session outdated, please login again": "جلسه منقضی شده است، لطفاً دوباره وارد شوید",
+    "The invitation code has already been used": "کد دعوت قبلاً استفاده شده است",
+    "The user is forbidden to sign in, please contact the administrator": "ورود کاربر ممنوع است، لطفاً با مدیر تماس بگیرید",
+    "The user: %s doesn't exist in LDAP server": "کاربر: %s در سرور LDAP وجود ندارد",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "نام کاربری فقط می‌تواند حاوی کاراکترهای الفبایی عددی، زیرخط یا خط تیره باشد، نمی‌تواند خط تیره یا زیرخط متوالی داشته باشد، و نمی‌تواند با خط تیره یا زیرخط شروع یا پایان یابد.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "Username already exists": "نام کاربری قبلاً وجود دارد",
+    "Username cannot be an email address": "نام کاربری نمی‌تواند یک آدرس ایمیل باشد",
+    "Username cannot contain white spaces": "نام کاربری نمی‌تواند حاوی فاصله باشد",
+    "Username cannot start with a digit": "نام کاربری نمی‌تواند با یک رقم شروع شود",
+    "Username is too long (maximum is 255 characters).": "نام کاربری بیش از حد طولانی است (حداکثر ۳۹ کاراکتر).",
+    "Username must have at least 2 characters": "نام کاربری باید حداقل ۲ کاراکتر داشته باشد",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "شما رمز عبور یا کد اشتباه را بیش از حد وارد کرده‌اید، لطفاً %d دقیقه صبر کنید و دوباره تلاش کنید",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "منطقه شما اجازه ثبت‌نام با تلفن را ندارد",
+    "password or code is incorrect": "رمز عبور یا کد نادرست است",
+    "password or code is incorrect, you have %d remaining chances": "رمز عبور یا کد نادرست است، شما %d فرصت باقی‌مانده دارید",
+    "unsupported password type: %s": "نوع رمز عبور پشتیبانی نشده: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "پارامتر گمشده",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "لطفاً ابتدا وارد شوید",
+    "The organization: %s should have one application at least": "سازمان: %s باید حداقل یک برنامه داشته باشد",
+    "The user: %s doesn't exist": "کاربر: %s وجود ندارد",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "از captchaProvider پشتیبانی نمی‌شود: ",
+    "this operation is not allowed in demo mode": "این عملیات در حالت دمو مجاز نیست",
+    "this operation requires administrator to perform": "این عملیات نیاز به مدیر برای انجام دارد"
+  },
+  "ldap": {
+    "Ldap server exist": "سرور LDAP وجود دارد"
+  },
+  "link": {
+    "Please link first": "لطفاً ابتدا پیوند دهید",
+    "This application has no providers": "این برنامه ارائه‌دهنده‌ای ندارد",
+    "This application has no providers of type": "این برنامه ارائه‌دهنده‌ای از نوع ندارد",
+    "This provider can't be unlinked": "این ارائه‌دهنده نمی‌تواند لغو پیوند شود",
+    "You are not the global admin, you can't unlink other users": "شما مدیر جهانی نیستید، نمی‌توانید کاربران دیگر را لغو پیوند کنید",
+    "You can't unlink yourself, you are not a member of any application": "شما نمی‌توانید خودتان را لغو پیوند کنید، شما عضو هیچ برنامه‌ای نیستید"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "فقط مدیر می‌تواند %s را تغییر دهد.",
+    "The %s is immutable.": "%s غیرقابل تغییر است.",
+    "Unknown modify rule %s.": "قانون تغییر ناشناخته %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "شناسه برنامه نامعتبر",
+    "the provider: %s does not exist": "ارائه‌دهنده: %s وجود ندارد"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "کاربر برای برچسب: آواتار تهی است",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "نام کاربری یا مسیر کامل فایل خالی است: نام کاربری = %s، مسیر کامل فایل = %s"
+  },
+  "saml": {
+    "Application %s not found": "برنامه %s یافت نشد"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "دسته‌بندی ارائه‌دهنده %s SAML نیست"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "پارامترهای خالی برای emailForm: %v",
+    "Invalid Email receivers: %s": "گیرندگان ایمیل نامعتبر: %s",
+    "Invalid phone receivers: %s": "گیرندگان تلفن نامعتبر: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "objectKey: %s مجاز نیست",
+    "The provider type: %s is not supported": "نوع ارائه‌دهنده: %s پشتیبانی نمی‌شود"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "grant_type: %s در این برنامه پشتیبانی نمی‌شود",
+    "Invalid application or wrong clientSecret": "برنامه نامعتبر یا clientSecret نادرست",
+    "Invalid client_id": "client_id نامعتبر",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "آدرس بازگشت: %s در لیست آدرس‌های بازگشت مجاز وجود ندارد",
+    "Token not found, invalid accessToken": "توکن یافت نشد، accessToken نامعتبر"
+  },
+  "user": {
+    "Display name cannot be empty": "نام نمایشی نمی‌تواند خالی باشد",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "رمز عبور جدید نمی‌تواند حاوی فاصله خالی باشد.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "عدم موفقیت در وارد کردن کاربران"
+  },
+  "util": {
+    "No application is found for userId: %s": "هیچ برنامه‌ای برای userId: %s یافت نشد",
+    "No provider for category: %s is found for application: %s": "هیچ ارائه‌دهنده‌ای برای دسته‌بندی: %s برای برنامه: %s یافت نشد",
+    "The provider: %s is not found": "ارائه‌دهنده: %s یافت نشد"
+  },
+  "verification": {
+    "Invalid captcha provider.": "ارائه‌دهنده کپچا نامعتبر.",
+    "Phone number is invalid in your region %s": "شماره تلفن در منطقه شما نامعتبر است %s",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "کد تأیید هنوز ارسال نشده است!",
+    "Turing test failed.": "تست تورینگ ناموفق بود.",
+    "Unable to get the email modify rule.": "عدم توانایی در دریافت قانون تغییر ایمیل.",
+    "Unable to get the phone modify rule.": "عدم توانایی در دریافت قانون تغییر تلفن.",
+    "Unknown type": "نوع ناشناخته",
+    "Wrong verification code!": "کد تأیید اشتباه!",
+    "You should verify your code in %d min!": "شما باید کد خود را در %d دقیقه تأیید کنید!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "the user does not exist, please sign up first": "کاربر وجود ندارد، لطفاً ابتدا ثبت‌نام کنید"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "لطفاً ابتدا WebAuthnSigninBegin را فراخوانی کنید"
+  }
+}
--- a/i18n/locales/fi/data.json
+++ b/i18n/locales/fi/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The invitation code has already been used": "The invitation code has already been used",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "Please login first",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@@ -7,117 +7,100 @@
  },
  "auth": {
    "Challenge method should be S256": "La méthode de défi doit être S256",
-    "DeviceCode Invalid": "Code appareil invalide",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "Échec de la création de l'utilisateur, les informations utilisateur sont invalides : %s",
    "Failed to login in: %s": "Échec de la connexion : %s",
    "Invalid token": "Jeton invalide",
    "State expected: %s, but got: %s": "État attendu : %s, mais obtenu : %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up": "Le compte pour le fournisseur : %s et le nom d'utilisateur : %s (%s) n'existe pas et n'est pas autorisé à s'inscrire en tant que nouveau compte via %s, veuillez utiliser une autre méthode pour vous inscrire",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Le compte pour le fournisseur : %s et le nom d'utilisateur : %s (%s) n'existe pas et n'est pas autorisé à s'inscrire en tant que nouveau compte via %%s, veuillez utiliser une autre méthode pour vous inscrire",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Le compte pour le fournisseur : %s et le nom d'utilisateur : %s (%s) n'existe pas et n'est pas autorisé à s'inscrire comme nouveau compte, veuillez contacter votre support informatique",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Le compte du fournisseur : %s et le nom d'utilisateur : %s (%s) sont déjà liés à un autre compte : %s (%s)",
    "The application: %s does not exist": "L'application : %s n'existe pas",
-    "The application: %s has disabled users to signin": "L'application: %s a désactivé la connexion des utilisateurs",
-    "The group: %s does not exist": "Le groupe : %s n'existe pas",
-    "The login method: login with LDAP is not enabled for the application": "La méthode de connexion : connexion LDAP n'est pas activée pour l'application",
-    "The login method: login with SMS is not enabled for the application": "La méthode de connexion : connexion par SMS n'est pas activée pour l'application",
-    "The login method: login with email is not enabled for the application": "La méthode de connexion : connexion par e-mail n'est pas activée pour l'application",
-    "The login method: login with face is not enabled for the application": "La méthode de connexion : connexion par visage n'est pas activée pour l'application",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "La méthode de connexion : connexion avec mot de passe n'est pas activée pour l'application",
-    "The organization: %s does not exist": "L'organisation : %s n'existe pas",
-    "The organization: %s has disabled users to signin": "L'organisation: %s a désactivé la connexion des utilisateurs",
-    "The plan: %s does not exist": "Le plan : %s n'existe pas",
-    "The pricing: %s does not exist": "Le tarif : %s n'existe pas",
-    "The pricing: %s does not have plan: %s": "Le tarif : %s n'a pas de plan : %s",
-    "The provider: %s does not exist": "Le fournisseur : %s n'existe pas",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "Le fournisseur :%s n'est pas activé pour l'application",
    "Unauthorized operation": "Opération non autorisée",
    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s",
-    "User's tag: %s is not listed in the application's tags": "Le tag de l'utilisateur : %s n'est pas répertorié dans les tags de l'application",
-    "UserCode Expired": "Code utilisateur expiré",
-    "UserCode Invalid": "Code utilisateur invalide",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "L'utilisateur payant %s n'a pas d'abonnement actif ou en attente et l'application : %s n'a pas de tarification par défaut",
-    "the application for user %s is not found": "L'application pour l'utilisateur %s est introuvable",
-    "the organization: %s is not found": "L'organisation : %s est introuvable"
+    "User's tag: %s is not listed in the application's tags": "Le tag de l’utilisateur %s n’est pas répertorié dans les tags de l’application",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "Les services %s et %s ne correspondent pas"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s ne respecte pas les exigences du format CIDR : %s",
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "Affiliation ne peut pas être vide",
-    "CIDR for IP: %s should not be empty": "Le CIDR pour l'IP : %s ne doit pas être vide",
-    "Default code does not match the code's matching rules": "Le code par défaut ne correspond pas aux règles de correspondance du code",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "Le nom d'affichage ne peut pas être vide",
    "DisplayName is not valid real name": "DisplayName n'est pas un nom réel valide",
    "Email already exists": "E-mail déjà existant",
    "Email cannot be empty": "L'e-mail ne peut pas être vide",
    "Email is invalid": "L'adresse e-mail est invalide",
    "Empty username.": "Nom d'utilisateur vide.",
-    "Face data does not exist, cannot log in": "Les données faciales n'existent pas, connexion impossible",
-    "Face data mismatch": "Données faciales incorrectes",
-    "Failed to parse client IP: %s": "Échec de l'analyse de l'IP client : %s",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "Le prénom ne peut pas être laissé vide",
-    "Invitation code cannot be blank": "Le code d'invitation ne peut pas être vide",
-    "Invitation code exhausted": "Code d'invitation épuisé",
-    "Invitation code is invalid": "Code d'invitation invalide",
-    "Invitation code suspended": "Code d'invitation suspendu",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
    "LDAP user name or password incorrect": "Nom d'utilisateur ou mot de passe LDAP incorrect",
    "LastName cannot be blank": "Le nom de famille ne peut pas être vide",
    "Multiple accounts with same uid, please check your ldap server": "Plusieurs comptes avec le même identifiant d'utilisateur, veuillez vérifier votre serveur LDAP",
    "Organization does not exist": "L'organisation n'existe pas",
-    "Password cannot be empty": "Le mot de passe ne peut pas être vide",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "Le téléphone existe déjà",
    "Phone cannot be empty": "Le téléphone ne peut pas être vide",
    "Phone number is invalid": "Le numéro de téléphone est invalide",
-    "Please register using the email corresponding to the invitation code": "Veuillez vous inscrire avec l'e-mail correspondant au code d'invitation",
-    "Please register using the phone  corresponding to the invitation code": "Veuillez vous inscrire avec le téléphone correspondant au code d'invitation",
-    "Please register using the username corresponding to the invitation code": "Veuillez vous inscrire avec le nom d'utilisateur correspondant au code d'invitation",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
    "Session outdated, please login again": "Session expirée, veuillez vous connecter à nouveau",
-    "The invitation code has already been used": "Le code d'invitation a déjà été utilisé",
-    "The password must contain at least one special character": "Le mot de passe doit contenir au moins un caractère spécial",
-    "The password must contain at least one uppercase letter, one lowercase letter and one digit": "Le mot de passe doit contenir au moins une lettre majuscule, une lettre minuscule et un chiffre",
-    "The password must have at least 6 characters": "Le mot de passe doit contenir au moins 6 caractères",
-    "The password must have at least 8 characters": "Le mot de passe doit contenir au moins 8 caractères",
-    "The password must not contain any repeated characters": "Le mot de passe ne doit pas contenir de caractères répétés",
-    "The user has been deleted and cannot be used to sign in, please contact the administrator": "L'utilisateur a été supprimé et ne peut pas être utilisé pour se connecter, veuillez contacter l'administrateur",
+    "The invitation code has already been used": "The invitation code has already been used",
    "The user is forbidden to sign in, please contact the administrator": "L'utilisateur est interdit de se connecter, veuillez contacter l'administrateur",
-    "The user: %s doesn't exist in LDAP server": "L'utilisateur : %s n'existe pas sur le serveur LDAP",
+    "The user: %s doesn't exist in LDAP server": "L'utilisateur %s n'existe pas sur le serveur LDAP",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Le nom d'utilisateur ne peut contenir que des caractères alphanumériques, des traits soulignés ou des tirets, ne peut pas avoir de tirets ou de traits soulignés consécutifs et ne peut pas commencer ou se terminer par un tiret ou un trait souligné.",
-    "The value \"%s\" for account field \"%s\" doesn't match the account item regex": "La valeur \"%s\" pour le champ de compte \"%s\" ne correspond pas à l'expression régulière de l'élément de compte",
-    "The value \"%s\" for signup field \"%s\" doesn't match the signup item regex of the application \"%s\"": "La valeur \"%s\" pour le champ d'inscription \"%s\" ne correspond pas à l'expression régulière de l'élément d'inscription de l'application \"%s\"",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
    "Username already exists": "Nom d'utilisateur existe déjà",
    "Username cannot be an email address": "Nom d'utilisateur ne peut pas être une adresse e-mail",
    "Username cannot contain white spaces": "Nom d'utilisateur ne peut pas contenir d'espaces blancs",
    "Username cannot start with a digit": "Nom d'utilisateur ne peut pas commencer par un chiffre",
    "Username is too long (maximum is 255 characters).": "Nom d'utilisateur est trop long (maximum de 255 caractères).",
    "Username must have at least 2 characters": "Le nom d'utilisateur doit comporter au moins 2 caractères",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Le nom d'utilisateur prend en charge le format e-mail. De plus, il ne peut contenir que des caractères alphanumériques, des tirets bas ou des traits d'union, ne peut pas avoir de traits d'union ou de tirets bas consécutifs, et ne peut pas commencer ou se terminer par un trait d'union ou un tiret bas. Faites également attention au format de l'e-mail.",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Vous avez entré le mauvais mot de passe ou code plusieurs fois, veuillez attendre %d minutes et réessayer",
-    "Your IP address: %s has been banned according to the configuration of: ": "Votre adresse IP : %s a été bannie selon la configuration de : ",
-    "Your password has expired. Please reset your password by clicking \"Forgot password\"": "Votre mot de passe a expiré. Veuillez le réinitialiser en cliquant sur \"Mot de passe oublié\"",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "Votre région n'est pas autorisée à s'inscrire par téléphone",
-    "password or code is incorrect": "mot de passe ou code incorrect",
-    "password or code is incorrect, you have %s remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %s chances",
+    "password or code is incorrect": "mot de passe ou code invalide",
+    "password or code is incorrect, you have %d remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %d chances",
    "unsupported password type: %s": "Type de mot de passe non pris en charge : %s"
  },
  "enforcer": {
-    "the adapter: %s is not found": "l'adaptateur : %s est introuvable"
+    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
-    "Failed to import groups": "Échec de l'importation des groupes",
-    "Failed to import users": "Échec de l'importation des utilisateurs",
    "Missing parameter": "Paramètre manquant",
-    "Only admin user can specify user": "Seul un administrateur peut désigner un utilisateur",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "Veuillez d'abord vous connecter",
-    "The organization: %s should have one application at least": "L'organisation : %s doit avoir au moins une application",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "L'utilisateur : %s n'existe pas",
-    "Wrong userId": "ID utilisateur incorrect",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "ne prend pas en charge captchaProvider: ",
-    "this operation is not allowed in demo mode": "cette opération n'est pas autorisée en mode démo",
-    "this operation requires administrator to perform": "cette opération nécessite un administrateur pour être effectuée"
-  },
-  "invitation": {
-    "Invitation %s does not exist": "L'invitation %s n'existe pas"
+    "this operation is not allowed in demo mode": "cette opération n’est pas autorisée en mode démo",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
  },
  "ldap": {
    "Ldap server exist": "Le serveur LDAP existe"
@@ -134,10 +117,10 @@
    "Only admin can modify the %s.": "Seul l'administrateur peut modifier le %s.",
    "The %s is immutable.": "Le %s est immuable.",
    "Unknown modify rule %s.": "Règle de modification inconnue %s.",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "L'ajout d'un nouvel utilisateur à l'organisation « built-in » (intégrée) est actuellement désactivé. Veuillez noter : Tous les utilisateurs de l'organisation « built-in » sont des administrateurs globaux dans Casdoor. Consulter la documentation : https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. Si vous souhaitez encore créer un utilisateur pour l'organisation « built-in », accédez à la page des paramètres de l'organisation et activez l'option « A le consentement aux privilèges »."
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
-    "The permission: \"%s\" doesn't exist": "La permission : \"%s\" n'existe pas"
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
  },
  "provider": {
    "Invalid application id": "Identifiant d'application invalide",
@@ -163,7 +146,7 @@
    "The provider type: %s is not supported": "Le type de fournisseur : %s n'est pas pris en charge"
  },
  "subscription": {
-    "Error": "Erreur"
+    "Error": "Error"
  },
  "token": {
    "Grant_type: %s is not supported in this application": "Type_de_subvention : %s n'est pas pris en charge dans cette application",
@@ -174,11 +157,13 @@
  },
  "user": {
    "Display name cannot be empty": "Le nom d'affichage ne peut pas être vide",
-    "MFA email is enabled but email is empty": "L'authentification MFA par e-mail est activée mais l'e-mail est vide",
-    "MFA phone is enabled but phone number is empty": "L'authentification MFA par téléphone est activée mais le numéro de téléphone est vide",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace.",
-    "The new password must be different from your current password": "Le nouveau mot de passe doit être différent de votre mot de passe actuel",
-    "the user's owner and name should not be empty": "le propriétaire et le nom de l'utilisateur ne doivent pas être vides"
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Échec de l'importation des utilisateurs"
  },
  "util": {
    "No application is found for userId: %s": "Aucune application n'a été trouvée pour l'identifiant d'utilisateur : %s",
@@ -188,20 +173,19 @@
  "verification": {
    "Invalid captcha provider.": "Fournisseur de captcha invalide.",
    "Phone number is invalid in your region %s": "Le numéro de téléphone n'est pas valide dans votre région %s",
-    "The verification code has already been used!": "Le code de vérification a déjà été utilisé !",
-    "The verification code has not been sent yet!": "Le code de vérification n'a pas encore été envoyé !",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
    "Turing test failed.": "Le test de Turing a échoué.",
    "Unable to get the email modify rule.": "Incapable d'obtenir la règle de modification de courriel.",
    "Unable to get the phone modify rule.": "Impossible d'obtenir la règle de modification de téléphone.",
    "Unknown type": "Type inconnu",
    "Wrong verification code!": "Mauvais code de vérification !",
    "You should verify your code in %d min!": "Vous devriez vérifier votre code en %d min !",
-    "please add a SMS provider to the \"Providers\" list for the application: %s": "veuillez ajouter un fournisseur SMS à la liste \"Providers\" pour l'application : %s",
-    "please add an Email provider to the \"Providers\" list for the application: %s": "veuillez ajouter un fournisseur d'e-mail à la liste \"Providers\" pour l'application : %s",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
    "the user does not exist, please sign up first": "L'utilisateur n'existe pas, veuillez vous inscrire d'abord"
  },
  "webauthn": {
-    "Found no credentials for this user": "Aucune information d'identification trouvée pour cet utilisateur",
    "Please call WebAuthnSigninBegin first": "Veuillez d'abord appeler WebAuthnSigninBegin"
  }
 }
--- a/i18n/locales/he/data.json
+++ b/i18n/locales/he/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The invitation code has already been used": "The invitation code has already been used",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "Please login first",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "Gagal menambahkan pengguna",
+    "Get init score failed, error: %w": "Gagal mendapatkan nilai inisiasi, kesalahan: %w",
+    "Please sign out first": "Silakan keluar terlebih dahulu",
+    "The application does not allow to sign up new account": "Aplikasi tidak memperbolehkan pendaftaran akun baru"
+  },
+  "auth": {
+    "Challenge method should be S256": "Metode tantangan harus S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "Gagal membuat pengguna, informasi pengguna tidak valid: %s",
+    "Failed to login in: %s": "Gagal masuk: %s",
+    "Invalid token": "Token tidak valid",
+    "State expected: %s, but got: %s": "Diharapkan: %s, tapi diperoleh: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru melalui %%s, silakan gunakan cara lain untuk mendaftar",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru, silakan hubungi dukungan IT Anda",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Akun untuk penyedia: %s dan username: %s (%s) sudah terhubung dengan akun lain: %s (%s)",
+    "The application: %s does not exist": "Aplikasi: %s tidak ada",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
+    "The login method: login with password is not enabled for the application": "Metode login: login dengan sandi tidak diaktifkan untuk aplikasi tersebut",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
+    "Unauthorized operation": "Operasi tidak sah",
+    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan sandi atau penyedia), formulir = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Layanan %s dan %s tidak cocok"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "Keterkaitan tidak boleh kosong",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
+    "DisplayName cannot be blank": "Nama Pengguna tidak boleh kosong",
+    "DisplayName is not valid real name": "DisplayName bukanlah nama asli yang valid",
+    "Email already exists": "Email sudah ada",
+    "Email cannot be empty": "Email tidak boleh kosong",
+    "Email is invalid": "Email tidak valid",
+    "Empty username.": "Nama pengguna kosong.",
+    "Face data does not exist, cannot log in": "Data wajah tidak ada, tidak bisa login",
+    "Face data mismatch": "Ketidakcocokan data wajah",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "Nama depan tidak boleh kosong",
+    "Invitation code cannot be blank": "Kode undangan tidak boleh kosong",
+    "Invitation code exhausted": "Kode undangan habis",
+    "Invitation code is invalid": "Kode undangan tidak valid",
+    "Invitation code suspended": "Kode undangan ditangguhkan",
+    "LDAP user name or password incorrect": "Nama pengguna atau sandi LDAP salah",
+    "LastName cannot be blank": "Nama belakang tidak boleh kosong",
+    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server LDAP Anda",
+    "Organization does not exist": "Organisasi tidak ada",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "Telepon sudah ada",
+    "Phone cannot be empty": "Telepon tidak boleh kosong",
+    "Phone number is invalid": "Nomor telepon tidak valid",
+    "Please register using the email corresponding to the invitation code": "Silakan mendaftar menggunakan email yang sesuai dengan kode undangan",
+    "Please register using the phone  corresponding to the invitation code": "Silakan mendaftar menggunakan email yang sesuai dengan kode undangan",
+    "Please register using the username corresponding to the invitation code": "Silakan mendaftar menggunakan username yang sesuai dengan kode undangan",
+    "Session outdated, please login again": "Sesi kadaluwarsa, silakan masuk lagi",
+    "The invitation code has already been used": "Kode undangan sudah digunakan",
+    "The user is forbidden to sign in, please contact the administrator": "Pengguna dilarang masuk, silakan hubungi administrator",
+    "The user: %s doesn't exist in LDAP server": "Pengguna: %s tidak ada di server LDAP",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Nama pengguna hanya bisa menggunakan karakter alfanumerik, garis bawah atau tanda hubung, tidak boleh memiliki dua tanda hubung atau garis bawah berurutan, dan tidak boleh diawali atau diakhiri dengan tanda hubung atau garis bawah.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "Nilai \\\"%s\\\" pada bidang akun \\\"%s\\\" tidak cocok dengan ketentuan",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "Nilai \\\"%s\\\" pada bidang pendaftaran \\\"%s\\\" tidak cocok dengan ketentuan aplikasi \\\"%s\\\"",
+    "Username already exists": "Nama pengguna sudah ada",
+    "Username cannot be an email address": "Username tidak bisa menjadi alamat email",
+    "Username cannot contain white spaces": "Username tidak boleh mengandung spasi",
+    "Username cannot start with a digit": "Username tidak dapat dimulai dengan angka",
+    "Username is too long (maximum is 255 characters).": "Nama pengguna terlalu panjang (maksimum 255 karakter).",
+    "Username must have at least 2 characters": "Nama pengguna harus memiliki setidaknya 2 karakter",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan sandi atau kode yang salah terlalu sering, mohon tunggu selama %d menit lalu coba kembali",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "Wilayah Anda tidak diizinkan untuk mendaftar melalui telepon",
+    "password or code is incorrect": "kata sandi atau kode salah",
+    "password or code is incorrect, you have %d remaining chances": "Sandi atau kode salah, Anda memiliki %d kesempatan tersisa",
+    "unsupported password type: %s": "jenis sandi tidak didukung: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "Parameter hilang",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "Silahkan login terlebih dahulu",
+    "The organization: %s should have one application at least": "Organisasi: %s setidaknya harus memiliki satu aplikasi",
+    "The user: %s doesn't exist": "Pengguna: %s tidak ada",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:",
+    "this operation is not allowed in demo mode": "tindakan ini tidak diizinkan pada mode demo",
+    "this operation requires administrator to perform": "tindakan ini membutuhkan peran administrator"
+  },
+  "ldap": {
+    "Ldap server exist": "Server ldap ada"
+  },
+  "link": {
+    "Please link first": "Silahkan tautkan terlebih dahulu",
+    "This application has no providers": "Aplikasi ini tidak memiliki penyedia",
+    "This application has no providers of type": " Aplikasi ini tidak memiliki penyedia tipe ",
+    "This provider can't be unlinked": "Penyedia layanan ini tidak dapat dipisahkan",
+    "You are not the global admin, you can't unlink other users": "Anda bukan admin global, Anda tidak dapat memutuskan tautan pengguna lain",
+    "You can't unlink yourself, you are not a member of any application": "Anda tidak dapat memutuskan tautan diri sendiri, karena Anda bukan anggota dari aplikasi apa pun"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Hanya admin yang dapat memodifikasi %s.",
+    "The %s is immutable.": "%s tidak dapat diubah.",
+    "Unknown modify rule %s.": "Aturan modifikasi tidak diketahui %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "Izin: \\\"%s\\\" tidak ada"
+  },
+  "provider": {
+    "Invalid application id": "ID aplikasi tidak valid",
+    "the provider: %s does not exist": "penyedia: %s tidak ada"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "Pengguna kosong untuk tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Nama pengguna atau path lengkap file kosong: nama_pengguna = %s, path_lengkap_file = %s"
+  },
+  "saml": {
+    "Application %s not found": "Aplikasi %s tidak ditemukan"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "kategori penyedia %s bukan SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Parameter kosong untuk emailForm: %v",
+    "Invalid Email receivers: %s": "Penerima email tidak valid: %s",
+    "Invalid phone receivers: %s": "Penerima telepon tidak valid: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "Kunci objek: %s tidak diizinkan",
+    "The provider type: %s is not supported": "Jenis penyedia: %s tidak didukung"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Jenis grant (grant_type) %s tidak didukung dalam aplikasi ini",
+    "Invalid application or wrong clientSecret": "Aplikasi tidak valid atau clientSecret salah",
+    "Invalid client_id": "ID klien tidak valid",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI pengalihan: %s tidak ada dalam daftar URI Pengalihan yang diizinkan",
+    "Token not found, invalid accessToken": "Token tidak ditemukan, accessToken tidak valid"
+  },
+  "user": {
+    "Display name cannot be empty": "Nama tampilan tidak boleh kosong",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "Sandi baru tidak boleh mengandung spasi kosong.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Gagal mengimpor pengguna"
+  },
+  "util": {
+    "No application is found for userId: %s": "Tidak ditemukan aplikasi untuk userId: %s",
+    "No provider for category: %s is found for application: %s": "Tidak ditemukan penyedia untuk kategori: %s untuk aplikasi: %s",
+    "The provider: %s is not found": "Penyedia: %s tidak ditemukan"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Penyedia captcha tidak valid.",
+    "Phone number is invalid in your region %s": "Nomor telepon tidak valid di wilayah anda %s",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "Kode verifikasi belum terkirim!",
+    "Turing test failed.": "Tes Turing gagal.",
+    "Unable to get the email modify rule.": "Tidak dapat memperoleh aturan modifikasi email.",
+    "Unable to get the phone modify rule.": "Tidak dapat memodifikasi aturan telepon.",
+    "Unknown type": "Tipe tidak diketahui",
+    "Wrong verification code!": "Kode verifikasi salah!",
+    "You should verify your code in %d min!": "Anda harus memverifikasi kode Anda dalam %d menit!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "silahkan tambahkan penyedia SMS ke daftar \\\"Penyedia\\\" untuk aplikasi: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "silahkan tambahkan penyedia Email ke daftar \\\"Penyedia\\\" untuk aplikasi: %s",
+    "the user does not exist, please sign up first": "Pengguna tidak ada, silakan daftar terlebih dahulu"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "Harap panggil WebAuthnSigninBegin terlebih dahulu"
+  }
+}
--- a/i18n/locales/it/data.json
+++ b/i18n/locales/it/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The invitation code has already been used": "The invitation code has already been used",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "Please login first",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@@ -7,117 +7,100 @@
  },
  "auth": {
    "Challenge method should be S256": "チャレンジメソッドはS256である必要があります",
-    "DeviceCode Invalid": "デバイスコードが無効です",
+    "DeviceCode Invalid": "DeviceCode Invalid",
    "Failed to create user, user information is invalid: %s": "ユーザーの作成に失敗しました。ユーザー情報が無効です：%s",
    "Failed to login in: %s": "ログインできませんでした：%s",
    "Invalid token": "無効なトークン",
    "State expected: %s, but got: %s": "期待される状態： %s、実際には：%s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up": "プロバイダーのアカウント：%s とユーザー名：%s（%s）が存在せず、新しいアカウントを %s 経由でサインアップすることはできません。他の方法でサインアップしてください",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "プロバイダーのアカウント：%s とユーザー名：%s（%s）が存在せず、新しいアカウントを %%s 経由でサインアップすることはできません。他の方法でサインアップしてください",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "プロバイダー名：%sとユーザー名：%s（%s）のアカウントは存在しません。新しいアカウントとしてサインアップすることはできません。 ITサポートに連絡してください",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "プロバイダのアカウント：%s とユーザー名：%s (%s) は既に別のアカウント：%s (%s) にリンクされています",
    "The application: %s does not exist": "アプリケーション: %sは存在しません",
-    "The application: %s has disabled users to signin": "アプリケーション: %s はユーザーのサインインを無効にしました",
-    "The group: %s does not exist": "グループ: %sは存在しません",
-    "The login method: login with LDAP is not enabled for the application": "このアプリケーションでは LDAP ログインは有効になっていません",
-    "The login method: login with SMS is not enabled for the application": "このアプリケーションでは SMS ログインは有効になっていません",
-    "The login method: login with email is not enabled for the application": "このアプリケーションではメールログインは有効になっていません",
-    "The login method: login with face is not enabled for the application": "このアプリケーションでは顔認証ログインは有効になっていません",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
    "The login method: login with password is not enabled for the application": "ログイン方法：パスワードでのログインはアプリケーションで有効になっていません",
-    "The organization: %s does not exist": "組織「%s」は存在しません",
-    "The organization: %s has disabled users to signin": "組織: %s はユーザーのサインインを無効にしました",
-    "The plan: %s does not exist": "プラン: %sは存在しません",
-    "The pricing: %s does not exist": "料金: %sは存在しません",
-    "The pricing: %s does not have plan: %s": "料金: %sにはプラン%sがありません",
-    "The provider: %s does not exist": "プロバイダ「%s」は存在しません",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
    "The provider: %s is not enabled for the application": "プロバイダー：%sはアプリケーションでは有効化されていません",
    "Unauthorized operation": "不正操作",
    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s",
-    "User's tag: %s is not listed in the application's tags": "ユーザータグ「%s」はアプリケーションのタグに含まれていません",
-    "UserCode Expired": "ユーザーコードの有効期限が切れています",
-    "UserCode Invalid": "ユーザーコードが無効です",
-    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "有料ユーザー「%s」には有効または保留中のサブスクリプションがなく、アプリケーション「%s」にはデフォルトの価格設定がありません",
-    "the application for user %s is not found": "ユーザー「%s」のアプリケーションが見つかりません",
-    "the organization: %s is not found": "組織「%s」が見つかりません"
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
  },
  "cas": {
    "Service %s and %s do not match": "サービス%sと%sは一致しません"
  },
  "check": {
-    "%s does not meet the CIDR format requirements: %s": "%s は CIDR フォーマットの要件を満たしていません: %s",
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
    "Affiliation cannot be blank": "所属は空白にできません",
-    "CIDR for IP: %s should not be empty": "IP「%s」の CIDR は空にできません",
-    "Default code does not match the code's matching rules": "デフォルトコードがコードの一致ルールに一致しません",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
    "DisplayName cannot be blank": "表示名は空白にできません",
    "DisplayName is not valid real name": "表示名は有効な実名ではありません",
    "Email already exists": "メールは既に存在します",
    "Email cannot be empty": "メールが空白にできません",
    "Email is invalid": "電子メールは無効です",
    "Empty username.": "空のユーザー名。",
-    "Face data does not exist, cannot log in": "顔認証データが存在しないため、ログインできません",
-    "Face data mismatch": "顔認証データが一致しません",
-    "Failed to parse client IP: %s": "クライアント IP「%s」の解析に失敗しました",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
    "FirstName cannot be blank": "ファーストネームは空白にできません",
-    "Invitation code cannot be blank": "招待コードは空にできません",
-    "Invitation code exhausted": "招待コードの使用回数が上限に達しました",
-    "Invitation code is invalid": "招待コードが無効です",
-    "Invitation code suspended": "招待コードは一時的に無効化されています",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
    "LDAP user name or password incorrect": "Ldapのユーザー名またはパスワードが間違っています",
    "LastName cannot be blank": "姓は空白にできません",
    "Multiple accounts with same uid, please check your ldap server": "同じuidを持つ複数のアカウントがあります。あなたのLDAPサーバーを確認してください",
    "Organization does not exist": "組織は存在しません",
-    "Password cannot be empty": "パスワードは空にできません",
+    "Password cannot be empty": "Password cannot be empty",
    "Phone already exists": "電話はすでに存在しています",
    "Phone cannot be empty": "電話は空っぽにできません",
    "Phone number is invalid": "電話番号が無効です",
-    "Please register using the email corresponding to the invitation code": "招待コードに対応するメールアドレスで登録してください",
-    "Please register using the phone  corresponding to the invitation code": "招待コードに対応する電話番号で登録してください",
-    "Please register using the username corresponding to the invitation code": "招待コードに対応するユーザー名で登録してください",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
    "Session outdated, please login again": "セッションが期限切れになりました。再度ログインしてください",
-    "The invitation code has already been used": "この招待コードは既に使用されています",
-    "The password must contain at least one special character": "パスワードには少なくとも1つの特殊文字が必要です",
-    "The password must contain at least one uppercase letter, one lowercase letter and one digit": "パスワードには少なくとも1つの大文字、1つの小文字、1つの数字が必要です",
-    "The password must have at least 6 characters": "パスワードは少なくとも6文字必要です",
-    "The password must have at least 8 characters": "パスワードは少なくとも8文字必要です",
-    "The password must not contain any repeated characters": "パスワードに繰り返し文字を含めることはできません",
-    "The user has been deleted and cannot be used to sign in, please contact the administrator": "ユーザーは削除されており、サインインに使用できません。管理者にお問い合わせください",
+    "The invitation code has already been used": "The invitation code has already been used",
    "The user is forbidden to sign in, please contact the administrator": "ユーザーはサインインできません。管理者に連絡してください",
-    "The user: %s doesn't exist in LDAP server": "ユーザー「%s」は LDAP サーバーに存在しません",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "ユーザー名には英数字、アンダースコア、ハイフンしか含めることができません。連続したハイフンまたはアンダースコアは不可であり、ハイフンまたはアンダースコアで始まるまたは終わることもできません。",
-    "The value \"%s\" for account field \"%s\" doesn't match the account item regex": "アカウントフィールド「%s」の値「%s」がアカウント項目の正規表現に一致しません",
-    "The value \"%s\" for signup field \"%s\" doesn't match the signup item regex of the application \"%s\"": "アプリケーション「%s」のサインアップ項目「%s」の値「%s」が正規表現に一致しません",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
    "Username already exists": "ユーザー名はすでに存在しています",
    "Username cannot be an email address": "ユーザー名には電子メールアドレスを使用できません",
    "Username cannot contain white spaces": "ユーザ名にはスペースを含めることはできません",
    "Username cannot start with a digit": "ユーザー名は数字で始めることはできません",
    "Username is too long (maximum is 255 characters).": "ユーザー名が長すぎます（最大255文字）。",
    "Username must have at least 2 characters": "ユーザー名は少なくとも2文字必要です",
-    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "ユーザー名はメール形式もサポートします。ユーザー名は英数字、アンダースコア、またはハイフンのみを含め、連続するハイフンやアンダースコアは使用できません。また、ハイフンまたはアンダースコアで始まったり終わったりすることもできません。メール形式にも注意してください。",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "あなたは間違ったパスワードまたはコードを何度も入力しました。%d 分間待ってから再度お試しください",
-    "Your IP address: %s has been banned according to the configuration of: ": "あなたの IP アドレス「%s」は設定によりアクセスが禁止されています: ",
-    "Your password has expired. Please reset your password by clicking \"Forgot password\"": "パスワードの有効期限が切れています。「パスワードを忘れた方はこちら」をクリックしてリセットしてください",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
    "Your region is not allow to signup by phone": "あなたの地域は電話でサインアップすることができません",
-    "password or code is incorrect": "パスワードまたはコードが正しくありません",
-    "password or code is incorrect, you have %s remaining chances": "パスワードまたはコードが間違っています。あと %s 回の試行機会があります",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "パスワードまたはコードが間違っています。あと%d回の試行機会があります",
    "unsupported password type: %s": "サポートされていないパスワードタイプ：%s"
  },
  "enforcer": {
-    "the adapter: %s is not found": "アダプタ「%s」が見つかりません"
+    "the adapter: %s is not found": "the adapter: %s is not found"
  },
  "general": {
-    "Failed to import groups": "グループのインポートに失敗しました",
-    "Failed to import users": "ユーザーのインポートに失敗しました",
    "Missing parameter": "不足しているパラメーター",
-    "Only admin user can specify user": "管理者ユーザーのみがユーザーを指定できます",
+    "Only admin user can specify user": "Only admin user can specify user",
    "Please login first": "最初にログインしてください",
-    "The organization: %s should have one application at least": "組織「%s」は少なくとも1つのアプリケーションを持っている必要があります",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
    "The user: %s doesn't exist": "そのユーザー：%sは存在しません",
-    "Wrong userId": "無効なユーザーIDです",
+    "Wrong userId": "Wrong userId",
    "don't support captchaProvider: ": "captchaProviderをサポートしないでください",
-    "this operation is not allowed in demo mode": "この操作はデモモードでは許可されていません",
-    "this operation requires administrator to perform": "この操作は管理者権限が必要です"
-  },
-  "invitation": {
-    "Invitation %s does not exist": "招待 %s は存在しません"
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
  },
  "ldap": {
    "Ldap server exist": "LDAPサーバーは存在します"
@@ -134,10 +117,10 @@
    "Only admin can modify the %s.": "管理者のみが%sを変更できます。",
    "The %s is immutable.": "%sは不変です。",
    "Unknown modify rule %s.": "未知の変更ルール%s。",
-    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "「built-in」（組み込み）組織への新しいユーザーの追加は現在無効になっています。注意：「built-in」組織のすべてのユーザーは、Casdoor のグローバル管理者です。ドキュメントを参照してください：https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself。「built-in」組織のユーザーを作成したい場合は、組織の設定ページに移動し、「特権同意を持つ」オプションを有効にしてください。"
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
  },
  "permission": {
-    "The permission: \"%s\" doesn't exist": "権限「%s」は存在しません"
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
  },
  "provider": {
    "Invalid application id": "アプリケーションIDが無効です",
@@ -163,7 +146,7 @@
    "The provider type: %s is not supported": "プロバイダータイプ：%sはサポートされていません"
  },
  "subscription": {
-    "Error": "エラー"
+    "Error": "Error"
  },
  "token": {
    "Grant_type: %s is not supported in this application": "grant_type：%sはこのアプリケーションでサポートされていません",
@@ -174,11 +157,13 @@
  },
  "user": {
    "Display name cannot be empty": "表示名は空にできません",
-    "MFA email is enabled but email is empty": "MFA メールが有効になっていますが、メールアドレスが空です",
-    "MFA phone is enabled but phone number is empty": "MFA 電話番号が有効になっていますが、電話番号が空です",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。",
-    "The new password must be different from your current password": "新しいパスワードは現在のパスワードと異なる必要があります",
-    "the user's owner and name should not be empty": "ユーザーのオーナーと名前は空にできません"
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "ユーザーのインポートに失敗しました"
  },
  "util": {
    "No application is found for userId: %s": "ユーザーIDに対するアプリケーションが見つかりません： %s",
@@ -188,20 +173,19 @@
  "verification": {
    "Invalid captcha provider.": "無効なCAPTCHAプロバイダー。",
    "Phone number is invalid in your region %s": "電話番号はあなたの地域で無効です %s",
-    "The verification code has already been used!": "この検証コードは既に使用されています！",
-    "The verification code has not been sent yet!": "検証コードはまだ送信されていません！",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
    "Turing test failed.": "チューリングテストは失敗しました。",
    "Unable to get the email modify rule.": "電子メール変更規則を取得できません。",
    "Unable to get the phone modify rule.": "電話の変更ルールを取得できません。",
    "Unknown type": "不明なタイプ",
    "Wrong verification code!": "誤った検証コードです！",
    "You should verify your code in %d min!": "あなたは%d分であなたのコードを確認する必要があります！",
-    "please add a SMS provider to the \"Providers\" list for the application: %s": "アプリケーション「%s」の「Providers」リストに SMS プロバイダを追加してください",
-    "please add an Email provider to the \"Providers\" list for the application: %s": "アプリケーション「%s」の「Providers」リストにメールプロバイダを追加してください",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
    "the user does not exist, please sign up first": "ユーザーは存在しません。まず登録してください"
  },
  "webauthn": {
-    "Found no credentials for this user": "このユーザーの認証情報が見つかりませんでした",
    "Please call WebAuthnSigninBegin first": "最初にWebAuthnSigninBeginを呼び出してください"
  }
 }
--- a/i18n/locales/kk/data.json
+++ b/i18n/locales/kk/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The invitation code has already been used": "The invitation code has already been used",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "Please login first",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "사용자 추가 실패",
+    "Get init score failed, error: %w": "초기 점수 획득 실패, 오류: %w",
+    "Please sign out first": "먼저 로그아웃해주세요",
+    "The application does not allow to sign up new account": "이 응용 프로그램은 새로운 계정 가입을 허용하지 않습니다"
+  },
+  "auth": {
+    "Challenge method should be S256": "도전 방식은 S256이어야 합니다",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "사용자를 만들지 못했습니다. 사용자 정보가 잘못되었습니다: %s",
+    "Failed to login in: %s": "로그인에 실패했습니다.: %s",
+    "Invalid token": "유효하지 않은 토큰",
+    "State expected: %s, but got: %s": "예상한 상태: %s, 실제 상태: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "제공자 계정: %s와 사용자 이름: %s (%s)은(는) 존재하지 않으며 %%s를 통해 새 계정으로 가입하는 것이 허용되지 않습니다. 다른 방법으로 가입하십시오",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "공급자 계정 %s과 사용자 이름 %s (%s)는 존재하지 않으며 새 계정으로 등록할 수 없습니다. IT 지원팀에 문의하십시오",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "공급자 계정 %s과 사용자 이름 %s(%s)는 이미 다른 계정 %s(%s)에 연결되어 있습니다",
+    "The application: %s does not exist": "해당 애플리케이션(%s)이 존재하지 않습니다",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
+    "The login method: login with password is not enabled for the application": "어플리케이션에서는 암호를 사용한 로그인 방법이 활성화되어 있지 않습니다",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "제공자 %s은(는) 응용 프로그램에서 활성화되어 있지 않습니다",
+    "Unauthorized operation": "무단 조작",
+    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "서비스 %s와 %s는 일치하지 않습니다"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "소속은 비워 둘 수 없습니다",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
+    "DisplayName cannot be blank": "DisplayName는 비어 있을 수 없습니다",
+    "DisplayName is not valid real name": "DisplayName는 유효한 실제 이름이 아닙니다",
+    "Email already exists": "이메일이 이미 존재합니다",
+    "Email cannot be empty": "이메일은 비어 있을 수 없습니다",
+    "Email is invalid": "이메일이 유효하지 않습니다",
+    "Empty username.": "빈 사용자 이름.",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "이름은 공백일 수 없습니다",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
+    "LDAP user name or password incorrect": "LDAP 사용자 이름 또는 암호가 잘못되었습니다",
+    "LastName cannot be blank": "성은 비어 있을 수 없습니다",
+    "Multiple accounts with same uid, please check your ldap server": "동일한 UID를 가진 여러 계정이 있습니다. LDAP 서버를 확인해주세요",
+    "Organization does not exist": "조직은 존재하지 않습니다",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "전화기는 이미 존재합니다",
+    "Phone cannot be empty": "전화는 비워 둘 수 없습니다",
+    "Phone number is invalid": "전화번호가 유효하지 않습니다",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
+    "Session outdated, please login again": "세션이 만료되었습니다. 다시 로그인해주세요",
+    "The invitation code has already been used": "The invitation code has already been used",
+    "The user is forbidden to sign in, please contact the administrator": "사용자는 로그인이 금지되어 있습니다. 관리자에게 문의하십시오",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "사용자 이름은 알파벳, 숫자, 밑줄 또는 하이픈만 포함할 수 있으며, 연속된 하이픈 또는 밑줄을 가질 수 없으며, 하이픈 또는 밑줄로 시작하거나 끝날 수 없습니다.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "Username already exists": "사용자 이름이 이미 존재합니다",
+    "Username cannot be an email address": "사용자 이름은 이메일 주소가 될 수 없습니다",
+    "Username cannot contain white spaces": "사용자 이름에는 공백이 포함될 수 없습니다",
+    "Username cannot start with a digit": "사용자 이름은 숫자로 시작할 수 없습니다",
+    "Username is too long (maximum is 255 characters).": "사용자 이름이 너무 깁니다 (최대 255자).",
+    "Username must have at least 2 characters": "사용자 이름은 적어도 2개의 문자가 있어야 합니다",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "올바르지 않은 비밀번호나 코드를 여러 번 입력했습니다. %d분 동안 기다리신 후 다시 시도해주세요",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "당신의 지역은 전화로 가입할 수 없습니다",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "암호 또는 코드가 올바르지 않습니다. %d번의 기회가 남아 있습니다",
+    "unsupported password type: %s": "지원되지 않는 암호 유형: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "누락된 매개변수",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "먼저 로그인 하십시오",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
+    "The user: %s doesn't exist": "사용자 %s는 존재하지 않습니다",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "CaptchaProvider를 지원하지 마세요",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
+  },
+  "ldap": {
+    "Ldap server exist": "LDAP 서버가 존재합니다"
+  },
+  "link": {
+    "Please link first": "먼저 링크해주세요",
+    "This application has no providers": "이 애플리케이션에는 제공자가 없습니다",
+    "This application has no providers of type": "이 응용 프로그램은 타입의 공급자가 없습니다",
+    "This provider can't be unlinked": "이 공급자는 연결이 해제될 수 없습니다",
+    "You are not the global admin, you can't unlink other users": "당신은 전역 관리자가 아니므로 다른 사용자와의 연결을 해제할 수 없습니다",
+    "You can't unlink yourself, you are not a member of any application": "당신은 어떤 애플리케이션의 회원이 아니기 때문에 스스로 링크를 해제할 수 없습니다"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "관리자만 %s을(를) 수정할 수 있습니다.",
+    "The %s is immutable.": "%s 는 변경할 수 없습니다.",
+    "Unknown modify rule %s.": "미확인 수정 규칙 %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "잘못된 애플리케이션 ID입니다",
+    "the provider: %s does not exist": "제공자 %s가 존재하지 않습니다"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "사용자는 아바타 태그에 대해 nil입니다",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "사용자 이름 또는 전체 파일 경로가 비어 있습니다: 사용자 이름 = %s, 전체 파일 경로 = %s"
+  },
+  "saml": {
+    "Application %s not found": "어플리케이션 %s을(를) 찾을 수 없습니다"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "제공 업체 %s의 카테고리는 SAML이 아닙니다"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "이메일 형식의 빈 매개 변수: %v",
+    "Invalid Email receivers: %s": "잘못된 이메일 수신자: %s",
+    "Invalid phone receivers: %s": "잘못된 전화 수신자: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "객체 키 : %s 는 허용되지 않습니다",
+    "The provider type: %s is not supported": "제공자 유형: %s은/는 지원되지 않습니다"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "그랜트 유형: %s은(는) 이 어플리케이션에서 지원되지 않습니다",
+    "Invalid application or wrong clientSecret": "잘못된 어플리케이션 또는 올바르지 않은 클라이언트 시크릿입니다",
+    "Invalid client_id": "잘못된 클라이언트 ID입니다",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "허용된 Redirect URI 목록에서 %s이(가) 존재하지 않습니다",
+    "Token not found, invalid accessToken": "토큰을 찾을 수 없습니다. 잘못된 액세스 토큰입니다"
+  },
+  "user": {
+    "Display name cannot be empty": "디스플레이 이름은 비어 있을 수 없습니다",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "사용자 가져오기를 실패했습니다"
+  },
+  "util": {
+    "No application is found for userId: %s": "어플리케이션을 찾을 수 없습니다. userId: %s",
+    "No provider for category: %s is found for application: %s": "어플리케이션 %s에서 %s 카테고리를 위한 공급자가 찾을 수 없습니다",
+    "The provider: %s is not found": "제공자: %s를 찾을 수 없습니다"
+  },
+  "verification": {
+    "Invalid captcha provider.": "잘못된 captcha 제공자입니다.",
+    "Phone number is invalid in your region %s": "전화 번호가 당신의 지역 %s에서 유효하지 않습니다",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
+    "Turing test failed.": "튜링 테스트 실패.",
+    "Unable to get the email modify rule.": "이메일 수정 규칙을 가져올 수 없습니다.",
+    "Unable to get the phone modify rule.": "전화 수정 규칙을 가져올 수 없습니다.",
+    "Unknown type": "알 수 없는 유형",
+    "Wrong verification code!": "잘못된 인증 코드입니다!",
+    "You should verify your code in %d min!": "당신은 %d분 안에 코드를 검증해야 합니다!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "the user does not exist, please sign up first": "사용자가 존재하지 않습니다. 먼저 회원 가입 해주세요"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "WebAuthnSigninBegin을 먼저 호출해주세요"
+  }
+}
--- a/i18n/locales/ms/data.json
+++ b/i18n/locales/ms/data.json
@@ -0,0 +1,191 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "DeviceCode Invalid": "DeviceCode Invalid",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with LDAP is not enabled for the application": "The login method: login with LDAP is not enabled for the application",
+    "The login method: login with SMS is not enabled for the application": "The login method: login with SMS is not enabled for the application",
+    "The login method: login with email is not enabled for the application": "The login method: login with email is not enabled for the application",
+    "The login method: login with face is not enabled for the application": "The login method: login with face is not enabled for the application",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The organization: %s does not exist": "The organization: %s does not exist",
+    "The provider: %s does not exist": "The provider: %s does not exist",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags",
+    "UserCode Expired": "UserCode Expired",
+    "UserCode Invalid": "UserCode Invalid",
+    "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing": "paid-user %s does not have active or pending subscription and the application: %s does not have default pricing",
+    "the application for user %s is not found": "the application for user %s is not found",
+    "the organization: %s is not found": "the organization: %s is not found"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "%s does not meet the CIDR format requirements: %s": "%s does not meet the CIDR format requirements: %s",
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "CIDR for IP: %s should not be empty": "CIDR for IP: %s should not be empty",
+    "Default code does not match the code's matching rules": "Default code does not match the code's matching rules",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "Face data does not exist, cannot log in": "Face data does not exist, cannot log in",
+    "Face data mismatch": "Face data mismatch",
+    "Failed to parse client IP: %s": "Failed to parse client IP: %s",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "Invitation code cannot be blank": "Invitation code cannot be blank",
+    "Invitation code exhausted": "Invitation code exhausted",
+    "Invitation code is invalid": "Invitation code is invalid",
+    "Invitation code suspended": "Invitation code suspended",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password cannot be empty": "Password cannot be empty",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please register using the email corresponding to the invitation code": "Please register using the email corresponding to the invitation code",
+    "Please register using the phone  corresponding to the invitation code": "Please register using the phone  corresponding to the invitation code",
+    "Please register using the username corresponding to the invitation code": "Please register using the username corresponding to the invitation code",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The invitation code has already been used": "The invitation code has already been used",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex": "The value \\\"%s\\\" for account field \\\"%s\\\" doesn't match the account item regex",
+    "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"": "The value \\\"%s\\\" for signup field \\\"%s\\\" doesn't match the signup item regex of the application \\\"%s\\\"",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 255 characters).": "Username is too long (maximum is 255 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.": "Username supports email format. Also The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline. Also pay attention to the email format.",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your IP address: %s has been banned according to the configuration of: ": "Your IP address: %s has been banned according to the configuration of: ",
+    "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"": "Your password has expired. Please reset your password by clicking \\\"Forgot password\\\"",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "enforcer": {
+    "the adapter: %s is not found": "the adapter: %s is not found"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Only admin user can specify user": "Only admin user can specify user",
+    "Please login first": "Please login first",
+    "The organization: %s should have one application at least": "The organization: %s should have one application at least",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "Wrong userId": "Wrong userId",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode",
+    "this operation requires administrator to perform": "this operation requires administrator to perform"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s.",
+    "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option.": "adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."
+  },
+  "permission": {
+    "The permission: \\\"%s\\\" doesn't exist": "The permission: \\\"%s\\\" doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "subscription": {
+    "Error": "Error"
+  },
+  "token": {
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "MFA email is enabled but email is empty": "MFA email is enabled but email is empty",
+    "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "the user's owner and name should not be empty": "the user's owner and name should not be empty"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "The verification code has already been used!": "The verification code has already been used!",
+    "The verification code has not been sent yet!": "The verification code has not been sent yet!",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "please add a SMS provider to the \\\"Providers\\\" list for the application: %s": "please add a SMS provider to the \\\"Providers\\\" list for the application: %s",
+    "please add an Email provider to the \\\"Providers\\\" list for the application: %s": "please add an Email provider to the \\\"Providers\\\" list for the application: %s",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Yang Luo	952bd14ba5	feat: use SMTPAuthAutoDiscover in NewSmtpEmailProvider	2025-06-21 13:15:23 +08:00
Yang Luo	bcdc7caca8	feat: fix SmtpEmailProvider's send email bug	2025-06-21 11:30:07 +08:00
DacongDA	ed046e594e	feat: replace Email sender lib: gomail with wneessen/go-mail (#3888 )	2025-06-18 20:46:53 +08:00