Activities of "BenS-FreshRF"

• ABP Framework version: v8.3.0-rc.1
• UI Type: Blazor WASM
• Database System: EF Core (PostgreSQL)
• Tiered (for MVC) or Auth Server Separated (for Angular): no
• Exception message and full stack trace: 2024-08-26 22:17:45.244 +00:00 [ERR] Failed executing DbCommand (15ms) [Parameters=[@__date_0='?' (DbType = DateTime)], CommandType='"Text"', CommandTimeout='30'] DELETE FROM "OpenIddictTokens" AS o WHERE o."Id" IN ( SELECT o0."Id" FROM "OpenIddictTokens" AS o0 LEFT JOIN ( SELECT o1."Id", o1."ApplicationId", o1."ConcurrencyStamp", o1."CreationDate", o1."CreationTime", o1."CreatorId", o1."DeleterId", o1."DeletionTime", o1."ExtraProperties", o1."IsDeleted", o1."LastModificationTime", o1."LastModifierId", o1."Properties", o1."Scopes", o1."Status", o1."Subject", o1."Type" FROM "OpenIddictAuthorizations" AS o1 WHERE NOT (o1."IsDeleted") ) AS t ON o0."AuthorizationId" = t."Id" WHERE NOT (o0."IsDeleted") AND o0."CreationDate" < @__date_0 AND (((o0."Status" <> 'inactive' OR o0."Status" IS NULL) AND (o0."Status" <> 'valid' OR o0."Status" IS NULL)) OR (t."Id" IS NOT NULL AND (t."Status" <> 'valid' OR t."Status" IS NULL)) OR o0."ExpirationDate" < now() AT TIME ZONE 'UTC') ) 2024-08-26 22:17:45.247 +00:00 [ERR] 42501: permission denied for table OpenIddictTokens
• Steps to reproduce the issue: Revoke the Delete Permission on the OpenIddictTokens table for the ABP database user for the API, then use the system for a bit logging on and off and on again

For security we've recently created a new database user with tightened up permissions for usual access (https://en.wikipedia.org/wiki/Principle_of_least_privilege), the user doesn't need to be a superuser or have any alter table permissions. Due to soft-deleting being common it shouldn't need Delete permission for most tables either.

The Volo.Abp.OpenIddict.Tokens.OpenIddictToken class is setup as a FullAuditedAggregateRoot which has soft-deleting enabled but it's not actually using it so when we revoked the delete permissions the system stopped working properly.

Quick fix is to re-grant the Delete permission, but the OpenIddictToken class should either be setup to use soft-deleting as its inheritance provides, or its inheritance should be changed so we don't have unnecessary unused columns present on the database table.

Your provided link to "Migrating to Blazor Web App" is broken and linking back to this post.

We're also in the process of upgrading to 8.2 and I came across the same issue and the lack of 8.2 guides.

For our localization configuration inside Configure<AbpLocalizationOptions> the FlagIcon parameter in the LanguageInfo constructor was identical to the CultureName parameter so I've just removed the parameter for now as I'm not sure we're actually using the FlagIcon itself anywhere so we'll see if that causes any problems.

Also had the same issue with the new IdentitySession inside our DbContext but solved that by adding a reference to the new Sessions table as required by the IIdentityProDbContext interface. public DbSet<IdentitySession> Sessions { get; set; }