When we deploy identity server to azure app service the login page logs an exception about missing assets:
I cannot find any information on how to include those assets to identity server deployment package. Gulpfile-scripts does not seem to copy anything to identity server side. So is there a desingned way to make sure the assets are copied to the Identity Server deployment package.
We have an issue with NgxValidateCoreModule that emerges after it is imported to a module that has a component in which we have the following: The component is a view that has KendoTreeList in which we use kendoTreeListCellTemplate to be able to render our own custom FormControl of choice to its table cells. Kendo rows/cells have “edit mode” which means Kendo renders the form control with the form group when an editable cell or whole row is clicked. There is kendoTreeListEditTemplate for the edit mode content, but in our case, we have a custom form control that has two functionalities in one so we need to use kendoTreeListCellTemplate. This means that the content (form control) is there 100% of the time, not only in the cell’s edit mode like things are with kendo’s own editable cells. The edit mode means that when the user clicks a cell in the tree list table, it transforms to a form control with a form group. So, with the cell template with our custom form control being rendered there straight away when initing the KendoTreeList and it’s there without any surrounding form group. The control is given to it in the template definition via [formControl] directive from the the collection of form groups that represent the tree list table rows (e.g. this.formGroups[rowIndex].controls[col.field]). When we import the NgxValidateCoreModule, the following error is given <customCellTemplateWithOurFormControlCount> times:
core.mjs:6461 ERROR NullInjectorError: R3InjectorError(ConsumptionForecastModule)[ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective]:
NullInjectorError: No provider for ValidationGroupDirective!
at NullInjector.get (core.mjs:11095:1)
at R3Injector.get (core.mjs:11262:1)
at R3Injector.get (core.mjs:11262:1)
at R3Injector.get (core.mjs:11262:1)
at NgModuleRef.get (core.mjs:21807:1)
at R3Injector.get (core.mjs:11262:1)
at NgModuleRef.get (core.mjs:21807:1)
at R3Injector.get (core.mjs:11262:1)
at NgModuleRef.get (core.mjs:21807:1)
at Object.get (core.mjs:21484:1)
defaultErrorLogger @ core.mjs:6461
handleError @ core.mjs:6508
(anonymous) @ core.mjs:26428
invoke @ zone.js:372
run @ zone.js:134
runOutsideAngular @ core.mjs:25356
tick @ core.mjs:26428
(anonymous) @ core.mjs:26273
invoke @ zone.js:372
onInvoke @ core.mjs:25457
invoke @ zone.js:371
run @ zone.js:134
run @ core.mjs:25311
next @ core.mjs:26272
__tryOrUnsub @ Subscriber.js:183
next @ Subscriber.js:122
_next @ Subscriber.js:72
next @ Subscriber.js:49
next @ Subject.js:39
emit @ core.mjs:22402
checkStable @ core.mjs:25379
onLeave @ core.mjs:25507
onInvokeTask @ core.mjs:25451
invokeTask @ zone.js:405
runTask @ zone.js:178
invokeTask @ zone.js:487
invokeTask @ zone.js:1648
globalCallback @ zone.js:1679
globalZoneAwareCallback @ zone.js:1712
So the questions are:
How should the Redis cache be configured between different instances of the application? We have planned to use four deployment stages (UAT, QA, Canary Production and Production). Can we share the Redis cache server between some of the stages or will there be a problem of data mixing between the stages?
Actually, I have now tested this and at least the redirect URL configuration gets mixed up between the stages. Is there a way to define instance-specific key through configuration so the values won't mix up in the cache?
Hello, we are deploying our project build on top of ABP to Azure. After the deployment, we found that some of the requests are blocked by the OWASP scanner in the Azure Application Gateway Firewall. The first block comes from the authentication call:
requestUri_s /connect/authorize?response_type=code\u0026client_id=OUR_APP_App\u0026state=UXB5Zmh6VWFST3BLVUZTbXVkdEt3dWpfdWF3dy56XzFFMDNyNURESlFRQnNi\u0026redirect_uri=https%3A%2F%2FOUR_APP-qa.lw.app\u0026scope=offline_access%20openid%20profile%20role%20email%20phone%20OUR_APP\u0026code_challenge=JG1J3rF5kFDd-kQNWu5Bi7ji-zOCKWuJ4b_zK0yADjA\u0026code_challenge_method=S256\u0026nonce=UXB5Zmh6VWFST3BLVUZTbXVkdEt3dWpfdWF3dy56XzFFMDNyNURESlFRQnNi\u0026culture=en\u0026ui-culture=en
Message Detects basic SQL authentication bypass attempts 3/3
ruleSetVersion_s 3.2
ruleGroup_s REQUEST-942-APPLICATION-ATTACK-SQLI
details_message_s
Pattern match (?i:(?:["'](?:\\s*?(?:is\\s*?(?:[\\d.]+\\s*?\\W.*?[\"']|\d.+["']?\\w)|\\d\\s*?(?:--|#))|(?:\\W+[\\w+-]+\\s*?=\\s*?\\d\\W+|\\|?[\\w-]{3,}[^\\w\\s.,]+)[\"']|[\%\u0026\u003c\u003e^=]+\d\s*?(?:between|like|x?or|and|div|=))|(?i:n?and|x?x?or|div|like|between|not|\|\||\\u0026\\u0026)\s+[\s\w+]+(?:sounds\s+like\s*?["'`]|regexp\s*?\(|[=\d]+x)|in\s*?\(+\s*?select)) at REQUEST_COOKIES.
details_data_s Matched Data: "uuid":" found within REQUEST_COOKIES:twk_uuid_6272619db0d10b6f3e709056: %7B%22uuid%22%3A%221.DECWNFunxcnpgYWrV82YSGHozzios3WMXMuV6utignc1kwKN9BEe3TVjnjGCKBM2TCtxVLGqUFfGNaX8VCZSQkz0Wb2xdIjkmk7pyyl343KA437h7YKdoYt6PKa2VEcY8hVOatTY%22%2C%22version%22%3A3%2C%22domain%22%3A%22lw.app%22%2C%22ts%22%3A1653031469585%7D
details_file_s REQUEST-942-APPLICATION-ATTACK-SQLI.conf
If we disable that rule, we encounter a couple of similar blocks where the pattern matching founds illegal characters in the request cookies: requestUri_s /api/app/***
Message SQL Comment Sequence Detected.
ruleSetVersion_s 3.2
ruleGroup_s REQUEST-942-APPLICATION-ATTACK-SQLI
details_message_s Pattern match (?:/\!?|\/|[';]--|--[\s\r\n\v\f]|--[^-]?-|[^\u0026-]#.?[\s\r\n\v\f]|;?\x00) at REQUEST_COOKIES.
details_data_s Matched Data: --F5xL1NDlpZthOfOfsLDkvkV1sMEefcR9Pd3u7i6Ap_m8rZALmz3YaT5tiyGccQvL1jexkpbFic8v_TNqzyp9Ke- found within REQUEST_COOKIES:XSRF-TOKEN: CfDJ8G_9tIpyArtNlo7jZliI7olinWNezAaJOZPmYgGvad_rNtd1Ia9uNi0eqRUNAs7--F5xL1NDlpZthOfOfsLDkvkV1sMEefcR9Pd3u7i6Ap_m8rZALmz3YaT5tiyGccQvL1jexkpbFic8v_TNqzyp9Ke-p2fz-iSA0WigEIeo13N67-TJ3LYX3rphCGyhx_zKSQ
details_file_s REQUEST-942-APPLICATION-ATTACK-SQLI.conf
I know this is only partially or not directly an ABP issue, but I'm looking for information if we can affect the token characters in some way in ABP. I suppose we cannot change the uuid- existence in the authorize call?
Hello, we are planning to use Azure AD as a third-party authentication provider. We have this enabled and working already. I just want to clarify for myself how to prevent users from logging into other tenants' environments. If the user manages to guess another tenant's name on the logging screen, how is it prevented that the user is not able to log in? Where the check should be that this user can only log into a certain tenant environment?
ABP Framework version: v5.1.0
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes
According to this advice https://support.abp.io/QA/Questions/2284/Concurrency-handling-clarification-question , we now implemented updating concurrency stamp in every update method. However, we now have a problem that the "conflict" return value is not handled correctly in our Angular app. Backend returns 409 as expected. We get an exception page instead of an error dialog telling the user about the error like it was shown in the linked answer. I assumed that of course there is a default handling for conflict type return code, but couldn't find it from the angular source code.
Steps to reproduce the issue:" Add concurrency stamp update to an entities update method in application service, then update the entity concurrently from Angular UI
Hello, I would very much like this clarified: https://docs.abp.io/en/abp/5.0/Concurrency-Check . Here it says that the concurrency stamp and check is managed by Abp: https://docs.abp.io/en/abp/latest/Entities#basicaggregateroot-class However, I now noticed that, at least in some Abp modules, the concurrency stamp is cycled via UI to update Dtos.
From this https://github.com/abpframework/abp/issues/3351 and from the docs I get the impression that the cycling is not needed but why is it implemented so at least in some modules here for example
My question is that should we always cycle the concurrency stamp through UI or in which cases we should do so.
We have a situation where we should attatch some extra information to our entites. For example: EntityX has some properties and in addition Tenant1 needs to see extra property "Xyx" and it's value in UI. Tenant2 also needs extra property for EntityX but with different name "Abc" and possibly different value type. These extra properties cannot be determined at build time. At our old solution we just had extra columns for some database tables and meaning of the value was taken care of in customer guidance. I'm looking for more elegant solution than that and was wondering if the Extra Properties -model could provide the solution?
Hello, As it says here https://docs.abp.io/en/abp/latest/Background-Workers-Quartz default Abp background jobs are executed "on top of each other" if they are long running and the job polling interval is shorter. Same job is executed multiple times. This occurs only when Quartz is used with background workers. As the documentation suggests, I added AbpQuartzBackgroundJobs dependency to fix this, but this did not help. Is is so that I cannot use the default background job abstractions in this case and have to use only Quartz's abstractions all the way?
