diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample
index f166912aa..87027910e 100755
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -1049,6 +1049,9 @@ RESULT_BACKEND = redis://localhost:6379
 HOST     = http://192.168.204.24
 USERNAME =
 PASSWORD =
+USER_CENTER_HOST = http://192.168.202.73:31441
+CLIENT_ID = 3Z377wcplxeE2qpycpjv
+CLIENT_SECRET = J5ykfVl2kcxW0H9cawSL
 ; cloudbrain visit opendata
 USER     = cW4cMtH24eoWPE7X
 PWD      = 4BPmgvK2hb2Eywwyp4YZRY4B7yQf4DAC
diff --git a/docs/opendata对外接口文档.docx b/docs/opendata对外接口文档.docx
index 15619ffec..88229ff12 100755
Binary files a/docs/opendata对外接口文档.docx and b/docs/opendata对外接口文档.docx differ
diff --git a/models/attachment.go b/models/attachment.go
index be0507d37..83394f883 100755
--- a/models/attachment.go
+++ b/models/attachment.go
@@ -353,5 +353,5 @@ func GetAllPublicAttachments() ([]*Attachment, error) {
 
 func getAllPublicAttachments(e Engine) ([]*Attachment, error) {
 	attachments := make([]*Attachment, 0, 10)
-	return attachments, e.Where("is_private = true ").Find(&attachments)
+	return attachments, e.Where("is_private = false ").Find(&attachments)
 }
diff --git a/models/login_source.go b/models/login_source.go
old mode 100644
new mode 100755
index 535044623..89bacd48b
--- a/models/login_source.go
+++ b/models/login_source.go
@@ -14,6 +14,7 @@ import (
 	"net/textproto"
 	"strings"
 
+	"code.gitea.io/gitea/modules/auth/cloudbrain"
 	"code.gitea.io/gitea/modules/auth/ldap"
 	"code.gitea.io/gitea/modules/auth/oauth2"
 	"code.gitea.io/gitea/modules/auth/pam"
@@ -21,6 +22,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 
+	gouuid "github.com/satori/go.uuid"
 	"github.com/unknwon/com"
 	"xorm.io/xorm"
 	"xorm.io/xorm/convert"
@@ -761,6 +763,16 @@ func UserSignIn(username, password string) (*User, error) {
 	}
 
 	if hasUser {
+		if user.CloudBrainValidated {
+			_, _, err := cloudbrain.UserValidate(username, password)
+			if err != nil {
+				log.Error("cloudbrain.UserValidate(%s) failed: %v", username, err)
+				return nil, err
+			} else {
+				return user, nil
+			}
+		}
+
 		switch user.LoginType {
 		case LoginNoType, LoginPlain, LoginOAuth2:
 			if user.IsPasswordSet() && user.ValidatePassword(password) {
@@ -795,6 +807,32 @@ func UserSignIn(username, password string) (*User, error) {
 
 			return ExternalUserLogin(user, user.LoginName, password, &source)
 		}
+	} else {
+		email, token, err := cloudbrain.UserValidate(username, password)
+		if err == nil {
+			if email == "" {
+				email = genRandEmail()
+			}
+
+			log.Info(email)
+			u := &User{
+				Name:     username,
+				Email:    email,
+				Passwd:   password,
+				IsActive: true,
+				CloudBrainValidated: true,
+				Token:		token,
+			}
+			if err := CreateUser(u); err != nil {
+				log.Error("CreateUser(%s) failed: %v", username, err)
+				return nil, err
+			}
+			log.Info("Account created: %s", u.Name)
+
+			return u, nil
+		}
+
+		log.Info("cloudbrain.UserValidate(%s) failed: %v", username, err)
 	}
 
 	sources := make([]*LoginSource, 0, 5)
@@ -817,3 +855,7 @@ func UserSignIn(username, password string) (*User, error) {
 
 	return nil, ErrUserNotExist{user.ID, user.Name, 0}
 }
+
+func genRandEmail() string{
+	return gouuid.NewV4().String() + "@cloudbrain.com"
+}
diff --git a/models/user.go b/models/user.go
old mode 100644
new mode 100755
index 8875840db..b5ffae03f
--- a/models/user.go
+++ b/models/user.go
@@ -165,6 +165,10 @@ type User struct {
 	// Preferences
 	DiffViewStyle string `xorm:"NOT NULL DEFAULT ''"`
 	Theme         string `xorm:"NOT NULL DEFAULT ''"`
+
+	//CloudBrain
+	CloudBrainValidated			bool	`xorm:"NOT NULL DEFAULT false"`
+	Token						string	`xorm:"VARCHAR(64)"`
 }
 
 // SearchOrganizationsOptions options to filter organizations
diff --git a/modules/auth/cloudbrain/cloudbrain.go b/modules/auth/cloudbrain/cloudbrain.go
new file mode 100755
index 000000000..c0ce3b3dd
--- /dev/null
+++ b/modules/auth/cloudbrain/cloudbrain.go
@@ -0,0 +1,63 @@
+package cloudbrain
+
+import (
+	"encoding/json"
+	"errors"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+const (
+	GrantTypePassword = "password"
+	ScopeRead = "read"
+	TokenUrl = "/oauth/token"
+)
+
+type RespAuth struct {
+	AccessToken string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	TokenType string `json:"token_type"`
+	ExpiresIn int `json:"expires_in"`
+	Error string `json:"error"`
+	ErrorDescription string `json:"error_description"`
+}
+
+func UserValidate(username string, password string) (string, string, error) {
+	reqHttp := "client_id=" + setting.ClientID + "&client_secret=" + setting.ClientSecret +
+		"&grant_type=" + GrantTypePassword + "&scope=" + ScopeRead + "&username=" + username +
+		"&password=" + password
+	resp, err := http.Post(setting.UserCeterHost + TokenUrl,
+		"application/x-www-form-urlencoded",
+		strings.NewReader(reqHttp))
+	if err != nil {
+		log.Error("req user center failed:" + err.Error())
+		return "", "", err
+	}
+
+	body,err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		log.Error("read resp body failed:" + err.Error())
+		return "", "", err
+	}
+
+	var respAuth RespAuth
+	err = json.Unmarshal(body, &respAuth)
+	if err != nil {
+		log.Error("unmarshal resp failed:" + err.Error())
+		return "", "", err
+	}
+
+	if respAuth.Error != "" {
+		/*enc := mahonia.NewEncoder("GBK")
+		output := enc.ConvertString(respAuth.ErrorDescription)*/
+		log.Error("req user_center for token failed:" + respAuth.Error + ":" + respAuth.ErrorDescription)
+		return "", "", errors.New(respAuth.ErrorDescription)
+	}
+
+	//todo: get email
+	return "", respAuth.AccessToken, nil
+}
diff --git a/modules/cloudbrain/cloudbrain.go b/modules/cloudbrain/cloudbrain.go
old mode 100644
new mode 100755
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index a1b72594e..de0a4dc00 100755
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -434,6 +434,9 @@ var (
 	//cloudbrain config
 	CBAuthUser				string
 	CBAuthPassword			string
+	ClientID				string
+	ClientSecret			string
+	UserCeterHost			string
 )
 
 // DateLang transforms standard language locale name to corresponding value in datetime plugin.
@@ -1105,6 +1108,9 @@ func NewContext() {
 	sec = Cfg.Section("cloudbrain")
 	CBAuthUser = sec.Key("USER").MustString("cW4cMtH24eoWPE7X")
 	CBAuthPassword = sec.Key("PWD").MustString("4BPmgvK2hb2Eywwyp4YZRY4B7yQf4DAC")
+	ClientID = sec.Key("CLIENT_ID").MustString("3Z377wcplxeE2qpycpjv")
+	ClientSecret = sec.Key("CLIENT_SECRET").MustString("J5ykfVl2kcxW0H9cawSL")
+	UserCeterHost = sec.Key("USER_CENTER_HOST").MustString("http://192.168.202.73:31441")
 }
 
 func loadInternalToken(sec *ini.Section) string {
diff --git a/routers/repo/attachment.go b/routers/repo/attachment.go
index c2bbc5d46..412103e46 100755
--- a/routers/repo/attachment.go
+++ b/routers/repo/attachment.go
@@ -627,6 +627,7 @@ func QueryAllPublicDataset(ctx *context.Context){
 	if err != nil {
 		ctx.JSON(200, map[string]string{
 			"result_code": "-1",
+			"error_msg": err.Error(),
 			"data":	"",
 		})
 		return
@@ -643,6 +644,7 @@ func QueryAllPublicDataset(ctx *context.Context){
 		log.Error("json.Marshal failed:", err.Error())
 		ctx.JSON(200, map[string]string{
 			"result_code": "-1",
+			"error_msg": err.Error(),
 			"data":	"",
 		})
 		return
@@ -650,6 +652,7 @@ func QueryAllPublicDataset(ctx *context.Context){
 
 	ctx.JSON(200, map[string]string{
 		"result_code": "0",
+		"error_msg": "",
 		"data":	string(data),
 	})
 }