Übersicht
Benutzereigenschaften
As an authentication platform, Casdoor manages user accounts. Jeder Benutzer hat die folgenden Eigenschaften:
Owner: Die Organisation, der der Benutzer gehörtName: Der einzigartige BenutzernameCreatedTimeUpdatedTimeId: Eindeutige Kennung für jeden BenutzerTypePasswordPasswordSaltPasswordOptions: PasswortkomplexitätsoptionenDisplayName: Wird in der Benutzeroberfläche angezeigtVornameNachnameAvatar: Ein Link zum Avatar des BenutzersPermanentAvatarE-MailTelefonStandortAdresseZugehörigkeitTitelAusweistypAusweisnummerHomepageBiografieTagRegionSpracheGeschlechtGeburtstagBildungBalance: The user's account balancePunktzahlKarmaRangIsDefaultAvatarIsOnlineIsAdmin: Indicates whether the user is an administrator of their organizationIsGlobalAdmin: Indicates whether the user has permission to manage CasdoorIsForbiddenIsDeleted: When a user is soft-deleted (IsDeleted = true), they cannot sign in through any authentication method, including OAuth providers. This prevents deleted users from re-registering via third-party login.SignupApplicationHashPreHashCreatedIpLastSigninTimeLastSigninIpRoles: An array of the user's roles (extended field, read-only via User API)Permissions: An array of the user's permissions (extended field, read-only via User API)
Einzigartige IDs für Social-Plattform-Logins:
GithubGoogleQQWeChatFacebookDingTalkWeiboGiteeLinkedInWecomLarkGitlabAdfsBaiduCasdoorInfoflowAppleAzure ADAzure AD B2CSlackSteamLdap
Organization Admin Privileges
Users with IsAdmin set to true have administrator privileges within their organization:
- Full access to manage users, applications, and resources within their organization
- Access to verification code records sent to users in their organization
- Ability to configure organization-level settings and policies
Organization admins have elevated permissions but are scoped to their organization only. Global admins (built-in organization users) have full access across all organizations in the Casdoor instance.
User Tags
The Tag field allows you to categorize users for different purposes. Casdoor uses specific tag values for special user types:
normal-user: Standard users with full authentication capabilitiesguest-user: Temporary users created through guest authentication without initial credentials- Automatically upgrade to
normal-userwhen they set a proper username or password - Cannot sign in directly until they upgrade their account
- Automatically upgrade to
You can also define custom tags to restrict application access. See Application Tags for more information.
Email Normalization
Casdoor normalizes all email addresses to lowercase to ensure uniqueness and prevent duplicate accounts. This means that user@example.com, User@Example.com, and USER@EXAMPLE.COM are treated as the same email address, complying with RFC 5321 standards.
This normalization happens automatically during:
- User signup and account creation
- User login and authentication
- Email duplicate checking
Understanding Roles and Permissions Fields
The Roles and Permissions fields in the User object are extended fields that are dynamically populated when retrieving user data. These fields are not stored directly in the User table but are collected from the Roles and Permissions resources through the ExtendUserWithRolesAndPermissions() function.
Important: You cannot update roles and permissions through the /api/update-user endpoint, even when using the columns parameter. To manage user roles and permissions, you must use the dedicated APIs for Roles and Permissions resources.
To assign roles or permissions to users:
- Roles: Use the Roles API endpoints to create and assign roles. Visit the Roles management page (e.g.,
https://door.casdoor.com/roles) or use the roles API. - Permissions: Use the Permissions API endpoints to create and assign permissions. Visit the Permissions management page (e.g.,
https://door.casdoor.com/permissions) or use the permissions API.
Using the Properties Field
The Properties field is a flexible key-value map (map[string]string) that allows you to store custom attributes for users beyond the predefined fields in the User schema. This is particularly useful when you need to:
- Store organization-specific user attributes
- Add custom metadata that doesn't fit into standard fields
- Extend user profiles without modifying the core schema
Benutzer aus XLSX-Datei importieren
Sie können neue Benutzer hinzufügen oder bestehende Casdoor-Benutzer aktualisieren, indem Sie eine XLSX-Datei mit Benutzerinformationen hochladen.
Getting Started
In the Admin Console, navigate to the Users page. You'll find two buttons for bulk user operations:
- Download template: Generates an XLSX template with all available user fields and their localized column headers
- Upload (.xlsx): Opens the upload dialog to import users from your XLSX file
The template file includes headers in the format Display Name#field_name (e.g., Organization#owner), where the display name is localized to your language and the field name after # is used for import mapping. The comment prefix (everything before #) is automatically removed during import.
Upload Process
When you select an XLSX file, Casdoor displays a preview modal showing all the data to be imported. This allows you to review and verify the information before final submission. Once you confirm, click the upload button to import the users.
We also provide a sample XLSX file named user_test.xlsx in the xlsx folder with 5 test users for reference.
Upload Permissions
User upload permissions depend on your admin role:
- Global admins (users in the
built-inorganization withIsGlobalAdminset to true) can upload users to any organization. The target organization is determined by theOwnerfield in the XLSX file. - Organization admins (users with
IsAdminset to true) can only upload users to their own organization. The system ensures that duplicate checking and user creation are scoped to the correct organization.
Passwortverschlüsselung umgehen
Wenn Sie Benutzer von einer externen Datenbank zu Casdoor migrieren, kann es Situationen geben, in denen Sie die standardmäßige Verschlüsselungsmethode, die von organization standard Password type method bereitgestellt wird, umgehen oder steuern möchten.
Dies kann durch Verwendung des Feldes passwordType beim Benutzerimport erreicht werden.
Benutzer mit Bycrypt-Passwort
Unten ist ein Beispiel für einen POST-Body-Request für die API-Route /api/add-user.
{
"owner": "organization",
"signupApplication": "first-app",
"email":"dev@dev.com",
"name": "dev",
"displayName": "developper",
"password": "$2a$10$.o/iVyDE9Xk8ioywHDnQRu72RviOi6FPa1ujhusbSCZeg7VOa6MY6",
"passwordType":"bcrypt",
}
Hier ist das Passwort des Benutzers bereits mit dem bcrypt-Algorithmus verschlüsselt, daher geben wir den passwordType als "bcrypt" an, um Casdoor zu informieren, dass es nicht noch einmal verschlüsselt werden soll.