Activities of "jackmcelhinney"

  • ABP Framework version: v6.0.2
  • UI type: Angular
  • DB provider: EF Core
  • Identity Server Separated (Angular): no

After updating to OpenIddict, we want to adjust the token lifetimes and pruning behavior. We successfully changed the lifetimes with PreConfigure<OpenIddictServerBuilder> in the Host module, but PreConfigure<TokenCleanupOptions> is not working.

Host module:

public override void PreConfigureServices(ServiceConfigurationContext context)
{
    ...
    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        ...
        builder.SetRefreshTokenLifetime(TimeSpan.FromMinutes(15)); // Test lifetime
    });
    
    PreConfigure<TokenCleanupOptions>(options =>
    {
        options.CleanupPeriod = 60000;
        options.MinimumAuthorizationLifespan = TimeSpan.FromMinutes(15);
        options.MinimumTokenLifespan = TimeSpan.FromMinutes(15);
    });
    ...
}

With these values, the refresh token lifetime is set to 15 minutes, but the pruning job still runs once an hour and does not use the new minimum lifespans. Is this a bug or is something wrong with this configuration?

Thanks!

  • ABP Framework version: v5.3.3
  • UI type: Angular
  • DB provider: EF Core
  • Identity Server Separated (Angular): no

After configuring our project to use the Redis Cache, we are getting occasional errors (once or twice a day) logged in the background. Based on the traces, it appears this may be happening in the SettingManagement module after the cache tries to refresh.

Usually 1 warning and 3 errors get logged at the same time:

Warning: The operation was canceled. Exception:

System.OperationCanceledException: The operation was canceled.     at System.Threading.CancellationToken.ThrowOperationCanceledException()     at Volo.Abp.Caching.StackExchangeRedis.AbpRedisCache.GetAndRefreshManyAsync(IEnumerable`1 keys, Boolean getData, CancellationToken token)     at Volo.Abp.Caching.StackExchangeRedis.AbpRedisCache.GetManyAsync(IEnumerable`1 keys, CancellationToken token)     at Volo.Abp.Caching.DistributedCache`2.GetManyAsync(IEnumerable`1 keys, Nullable`1 hideErrors, Boolean considerUow, CancellationToken token)

Properties:

&lt;properties&gt;&lt;property key=&#39;SourceContext&#39;&gt;Volo.Abp.Caching.DistributedCache&lt;/property&gt;&lt;property key=&#39;ActionId&#39;&gt;15fe26d2-905e-451e-956e-9273e2ee2f29&lt;/property&gt;&lt;property key=&#39;ActionName&#39;&gt;Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)&lt;/property&gt;&lt;property key=&#39;RequestId&#39;&gt;0HMJE86AB1IHV:00000063&lt;/property&gt;&lt;property key=&#39;RequestPath&#39;&gt;/Abp/ApplicationConfigurationScript&lt;/property&gt;&lt;property key=&#39;ConnectionId&#39;&gt;0HMJE86AB1IHV&lt;/property&gt;&lt;property key=&#39;CorrelationId&#39;&gt;50d2b898ed494793b23a9d6d5f6f5da3&lt;/property&gt;&lt;/properties&gt;

Error: An error occurred using the connection to database '{database}' on server '{server}'. Exception: NULL Properties:

&lt;properties&gt;&lt;property key=&#39;database&#39;&gt;test-web-db&lt;/property&gt;&lt;property key=&#39;server&#39;&gt;tcp:redis-test.database.windows.net,1433&lt;/property&gt;&lt;property key=&#39;EventId&#39;&gt;&lt;structure type=&#39;&#39;&gt;&lt;property key=&#39;Id&#39;&gt;20004&lt;/property&gt;&lt;property key=&#39;Name&#39;&gt;Microsoft.EntityFrameworkCore.Database.Connection.ConnectionError&lt;/property&gt;&lt;/structure&gt;&lt;/property&gt;&lt;property key=&#39;SourceContext&#39;&gt;Microsoft.EntityFrameworkCore.Database.Connection&lt;/property&gt;&lt;property key=&#39;ActionId&#39;&gt;15fe26d2-905e-451e-956e-9273e2ee2f29&lt;/property&gt;&lt;property key=&#39;ActionName&#39;&gt;Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)&lt;/property&gt;&lt;property key=&#39;RequestId&#39;&gt;0HMJE86AB1IHV:00000063&lt;/property&gt;&lt;property key=&#39;RequestPath&#39;&gt;/Abp/ApplicationConfigurationScript&lt;/property&gt;&lt;property key=&#39;ConnectionId&#39;&gt;0HMJE86AB1IHV&lt;/property&gt;&lt;property key=&#39;CorrelationId&#39;&gt;50d2b898ed494793b23a9d6d5f6f5da3&lt;/property&gt;&lt;/properties&gt;

Error: An exception occurred while iterating over the results of a query for context type '{contextType}'.{newline}{error} Exception:

System.Threading.Tasks.TaskCanceledException: A task was canceled.     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected)     at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.SqlServer.Storage.Internal.SqlServerExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()

Properties:

&lt;properties&gt;&lt;property key=&#39;contextType&#39;&gt;Volo.Abp.SettingManagement.EntityFrameworkCore.SettingManagementDbContext&lt;/property&gt;&lt;property key=&#39;newline&#39;&gt;  &lt;/property&gt;&lt;property key=&#39;error&#39;&gt;System.Threading.Tasks.TaskCanceledException: A task was canceled.     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected)     at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.SqlServer.Storage.Internal.SqlServerExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()&lt;/property&gt;&lt;property key=&#39;EventId&#39;&gt;&lt;structure type=&#39;&#39;&gt;&lt;property key=&#39;Id&#39;&gt;10100&lt;/property&gt;&lt;property key=&#39;Name&#39;&gt;Microsoft.EntityFrameworkCore.Query.QueryIterationFailed&lt;/property&gt;&lt;/structure&gt;&lt;/property&gt;&lt;property key=&#39;SourceContext&#39;&gt;Microsoft.EntityFrameworkCore.Query&lt;/property&gt;&lt;property key=&#39;ActionId&#39;&gt;15fe26d2-905e-451e-956e-9273e2ee2f29&lt;/property&gt;&lt;property key=&#39;ActionName&#39;&gt;Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)&lt;/property&gt;&lt;property key=&#39;RequestId&#39;&gt;0HMJE86AB1IHV:00000063&lt;/property&gt;&lt;property key=&#39;RequestPath&#39;&gt;/Abp/ApplicationConfigurationScript&lt;/property&gt;&lt;property key=&#39;ConnectionId&#39;&gt;0HMJE86AB1IHV&lt;/property&gt;&lt;property key=&#39;CorrelationId&#39;&gt;50d2b898ed494793b23a9d6d5f6f5da3&lt;/property&gt;&lt;/properties&gt;

Error: An unhandled exception has occurred while executing the request. Exception:

System.Threading.Tasks.TaskCanceledException: A task was canceled.     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected)     at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(AsyncEnumerator enumerator, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.SqlServer.Storage.Internal.SqlServerExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()     at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable`1 source, CancellationToken cancellationToken)     at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable`1 source, CancellationToken cancellationToken)     at Volo.Abp.SettingManagement.EntityFrameworkCore.EfCoreSettingRepository.GetListAsync(String[] names, String providerName, String providerKey, CancellationToken cancellationToken)     at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)     at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()     at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)     at ...

Properties:

<properties><property key='EventId'><structure type=''><property key='Id'>1</property><property key='Name'>UnhandledException</property></structure></property><property key='SourceContext'>Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware</property><property key='RequestId'>0HMJE86AB1IHV:00000063</property><property key='RequestPath'>/Abp/ApplicationConfigurationScript</property><property key='ConnectionId'>0HMJE86AB1IHV</property></properties>

I am able to reproduce this issue in a fresh project:

  • Create new project
  • Update appsettings
  • Update Application module to configure caching
[DependsOn(
    ...
    typeof(AbpCachingModule),
    typeof(AbpCachingStackExchangeRedisModule)
)]

...

Configure<AbpDistributedCacheOptions>(options =>
{
    //options.KeyPrefix = configuration["Redis:KeyPrefix"];
});
  • Optionally log to db table

Domain object:

public class Log : Entity<int>
{
    public string Message { get; set; }
    public string MessageTemplate { get; set; }
    public string Level { get; set; }
    public DateTime? Timestamp { get; set; }
    public string Exception { get; set; }
    public string Properties { get; set; }
}

DbContext:

public DbSet<Log> Logs { get; set; }
...
builder.Entity<Log>(b =>
{
    b.ToTable(RedisTestConsts.DbTablePrefix + "Logs", RedisTestConsts.DbSchema);
    b.ConfigureByConvention();

    b.Property(x => x.Message);
    b.Property(x => x.MessageTemplate);
    b.Property(x => x.Level);
    b.Property(x => x.Timestamp);
    b.Property(x => x.Exception);
    b.Property(x => x.Properties);
});

Program.cs

...
builder.Host
    .AddAppSettingsSecretsJson()
    .UseAutofac()
    .UseSerilog(
    (hostingContext, services, loggerConfiguration) => loggerConfiguration

        .MinimumLevel.Debug()

        .MinimumLevel.Override("Microsoft", LogEventLevel.Information)
        .Enrich.FromLogContext()

        .WriteTo.Async(c => c.File("Logs/logs.txt"))


        .AuditTo.MSSqlServer(
            connectionString: hostingContext.Configuration["ConnectionStrings:Default"],
            sinkOptions: new MSSqlServerSinkOptions()
            {
                TableName = "AppLogs"
            },
            restrictedToMinimumLevel: LogEventLevel.Warning)
    );
...
  • Run the app, log in, and click around to get everything cached.
  • Leave the API project running and eventually these errors will be logged.

Other information:

  • DB: Azure SQL Server Database
  • Redis Cache: Azure Cache for Redis - Standard 250 MB

I'm not sure if there is impact on the user when this happens, but we have alerting on errors so we would like to resolve these even if there is no user impact. Please let me know if you have any ideas or need more information.

  • ABP Framework version: v5.2.2
  • UI type: Angular w/ Authorization Code Flow
  • DB provider: EF Core
  • Identity Server Separated (Angular): no

After running the OWASP ZAP penetration test tool, the report shows 2 Cross Site Scripting (Reflected) warnings and 1 SQL Injection warning on the log-out page. These may be false warnings, but can these be resolved as this issue was?

  • ABP Framework version: v5.0.1
  • UI type: Angular (Authorization Code Flow)
  • DB provider: EF Core
  • Identity Server Separated (Angular): yes

Occasionally when visiting the app after the credentials expire, we get Error refreshing token in the console. The app then immediately navigates to the login page. After entering credentials, verifying with two factor, and redirecting to the Angular home page, the user is still not logged in. They click login again and must enter credentials and two factor again, and then they are logged in.

Here is the console throughout this flow when this happens:

Any suggestions for a workaround for this?

  • ABP Framework version: v5.0.1
  • UI type: Angular
  • DB provider: EF Core
  • Identity Server Separated (Angular): no

Hello! We are trying to hide the username field from the Create and Edit User forms and use the email address for the username instead.

I have successfully removed the username field from the Angular UI and moved the email field to the top like this:

export function removeUserNameContributor(
  propList: FormPropList<IdentityUserDto>
) {
  propList.dropByValue(
    'userName',
    (prop, text) => prop.name === text
  )
  let emailPropIndex = propList.findIndex(p => p.value.name == 'email');
  propList.addHead(propList.get(emailPropIndex).value);
  propList.dropByIndex(emailPropIndex + 1);
}

export const identityEntityCreateFormPropContributors: IdentityCreateFormPropContributors = {
  [eIdentityComponents.Users]: [
    removeUserNameContributor
  ]
}

export const identityEntityEditFormPropContributors: IdentityEditFormPropContributors = {
  [eIdentityComponents.Users]: [
    removeUserNameContributor
  ]
}

{
    path: 'identity',
    loadChildren: () => {
      import('./identity/identity.module').then(m => m.IdentityOverrideModule)
      return import('@volo/abp.ng.identity').then((m) => m.IdentityModule.forLazy({
        createFormPropContributors: identityEntityCreateFormPropContributors,
        editFormPropContributors: identityEntityEditFormPropContributors,
      }))
    }
},

I've also overwritten the CreateAsync method to set the username to the email address:

[Authorize(IdentityPermissions.Users.Create)]
public override async Task<IdentityUserDto> CreateAsync(IdentityUserCreateDto input)
{
    var user = new Volo.Abp.Identity.IdentityUser(
        GuidGenerator.Create(),
        input.Email,
        input.Email,
        CurrentTenant.Id
    );
    
    input.MapExtraPropertiesTo(user);

    (await UserManager.CreateAsync(user, input.Password)).CheckErrors();
    
    ...
}

But I am unable to remove the Required attribute from UserName on IdentityUserCreateDto so I get the following error from the form:

In my ...DtoExtensions.cs I have tried:

ObjectExtensionManager.Instance
.AddOrUpdateProperty<string > (
    new[]
    {
        typeof(IdentityUserCreateDto),
    },
    "UserName",
    options => 
    {
        options.Attributes.Clear();
        options.Validators.Clear();
    }
);

and

ObjectExtensionManager.Instance
.AddOrUpdate<IdentityUserCreateDto>(objConfig =>
{
    objConfig.AddOrUpdateProperty<string>("UserName", propertyConfig =>
    {
        propertyConfig.Attributes.Clear();
        propertyConfig.Validators.Clear();
    });
});

and have tried substituting IdentityUserCreateDto with IdentityUserCreateOrUpdateDtoBase but none of these solutions have removed the Required attribute.

Any ideas would be appreciated. Thanks!

  • ABP Framework version: v5.0.1
  • UI type: Angular
  • DB provider: EF Core
  • Identity Server Separated: no

Hello! A while back we disabled the Organization Unit functionality in part by disabling the permissions:

context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.Default).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageOU).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageRoles).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageUsers).IsEnabled = false;

After upgrading from 4.4.4 to 5.0.1, the new filters on the user table throw a Volo.Abp.Authorization.AbpAuthorizationException when trying to get the organization units from Volo.Abp.Identity.OrganizationUnitController.GetListAsync. Is there a way to disable these new filters on the user table or another workaround to solve this problem within version 5.0.1?

Thanks!

  • ABP Framework version: v4.4.4
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no

Hello. We have removed the Languages and Language Texts features from the tenants by changing the MultiTenancySides to Host on these permissions. However, we'd like to use the UI in the host to edit the language texts and have these changes apply to all tenants. Currently, it seems changing language texts in the host only changes them in for users logged into the host. Is there a way to override so all tenants will use language texts defined in the host?

Thanks!

  • ABP Framework version: v4.4.4
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no

Hello. For Angular projects using authorization code flow, clicking the logo on the login, logout, and reset password pages by default redirects to the swagger page - i.e. href="/". Is there a way to easily override this link without overriding all of these pages? I currently have only replaced the logo from wwwroot/images/logo and the AppName from a custom BrandingProvider.

Thanks!

  • ABP Framework version: v3.0.3
  • UI type: Angular
  • Identity Server Seperated: no

Hello. This is a follow-up from a question a while back about removing functionality from the UI and API: https://support.abp.io/QA/Questions/255

By disabling the permissions to Organization Units and Claim Types we were able to remove these elements from the navigation:

//Remove the Organization Unit functionality by overriding permissions and setting it to not enabled/granted
context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.Default).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageOU).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageRoles).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.OrganizationUnits.ManageUsers).IsEnabled = false;

//Remove the Claim Types functionality by overriding permissions and setting it to not enabled/granted
context.GetPermissionOrNull(IdentityPermissions.ClaimTypes.Default).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.ClaimTypes.Create).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.ClaimTypes.Delete).IsEnabled = false;
context.GetPermissionOrNull(IdentityPermissions.ClaimTypes.Update).IsEnabled = false;

However, this did not stop these elements from appearing in other areas in the app:

  1. Organization Units tab still appears on Create/Edit User: When the modal opens to create or edit a user, the organization units tab is still present, but because the permission is disabled, it throws an error.

  2. Claims still appears in User and Role action dropdown: On the user and role tables, a Claims option is still present, and clicking will still get claim-types and claims for that user or role successfully and allows adding or updating claims with no errors. It seems that is because these endpoints check the IdentityPermissions.Roles/Users.Default/Update permissions and not any related to IdentityPermissions.ClaimTypes.

Am I correct in assuming that these elements should be hidden if these permissions are disabled? If so, could these extra permission checks be added to the Identity Module to prevent this unexpected behavior? If not, what would be the best way for me to manually hide these elements?

Thanks for the help, Jack

Showing 1 to 9 of 9 entries
Made with ❤️ on ABP v9.2.0-preview. Updated on January 14, 2025, 14:54