Activities of "LiSong"

*can you show me where the code for the switch tenant pop up window is? I couldn't find it

This code comes from the layout of the theme. * I meant the modal, I found it for the mauiblazor , but couldn't find it for the MVC project: <Modal @ref="SwitchTenantModal" Closing="@SwitchTenantModal.CancelClosingModalWhenFocusLost"> <ModalContent Centered="true"> <Form> <ModalHeader> <ModalTitle>@L["SwitchTenant"]</ModalTitle> <CloseButton Clicked="CloseSwitchTenantModalAsync"/> </ModalHeader> <ModalBody> <Field> <FieldLabel>@L["Name"] *</FieldLabel> <TextEdit @bind-Text="TenantName" Autofocus="true"/> <div class="form-text">@L["SwitchTenantHint"]</div> </Field> </ModalBody> <ModalFooter> <Button Color="Color.Secondary" Clicked="CloseSwitchTenantModalAsync">@L["Cancel"]</Button> <SubmitButton Clicked="@SwitchTenantAsync"/> </ModalFooter> </Form> </ModalContent> </Modal>

Thanks! it worked, pls also check the register page in my project, it has same issue.

I can see we have the code in layout default.cshtml <div> <div class="row"> <div class="col"> <span style="font-size: .8em;" class="text-uppercase text-muted">@MultiTenancyStringLocalizer["Tenant"]</span><br /> <h6 class="m-0 d-inline-block"> @if (CurrentTenant.Id == null) { <span> @MultiTenancyStringLocalizer["NotSelected"] </span> } else { <strong> @(CurrentTenant.Name ?? CurrentTenant.Id.Value.ToString()) </strong> } </h6> </div> <div class="col-auto"> <a id="AbpTenantSwitchLink" href="javascript:;" class="btn btn-sm btn-outline-primary">@MultiTenancyStringLocalizer["Switch"]</a> </div> </div> </div>

1. I can't find the js code to set the tenant with the __tenant value in querystring, can you show me where the js function is? because I want to change the UI a little bit. or is it just set by QueryStringTenantResolveContributor? QueryStringTenantResolveContributor -> CurrentTenant-> CurrentTenant.Name
2. can you show me where the code for the switch tenant pop up window is? I couldn't find it

We wanted to prevent an adversary to execute unsanitized JavaScript in browser, *the suggestion online is User input should be validated as strictly as possible and have an appropriate permitted length based on the kind of content that it is expected to contain (i.e., personal names should consist of letters while excluding symbols and numbers; a year should be composed of 4 digits; e-mail addresses should be validated with a regular expression). 2. User input should be HTML-encoded whenever it is reflected in an application’s response. Special characters, including < > " ' and =, should be encoded with the corresponding HTML entities (lt gt etc). * I actually saw a post talking this issue here https://github.com/abpframework/abp/issues/7751

anyway, I am thinking to do: using System; using System.Collections.Generic; using System.ComponentModel.DataAnnotations; using System.Text.RegularExpressions; using Tapp.Enums;

namespace Tapp.DataHub.TappOrganizations { public class TappOrganizationCreateDto : TappOrganizationCreateDtoBase { public Guid? Id { get; set; } [Required] [RegularExpression(@"^[^<>'""`]*$", ErrorMessage = "Invalid characters detected")] public string Position { get; set; } = String.Empty; public Guid UserId { get; set; } [Required(ErrorMessage = "Please select at least one code.")] public List

    [Required]
    [RegularExpression(@"^[^<>'""`]*$", ErrorMessage = "Invalid characters detected")]
    public new string Address { get; set; }

    [Required]
    [RegularExpression(@"^[0-9+\-\(\)\s]*$", ErrorMessage = "Invalid phone number format")]
    public new string OfficePhone { get; set; }

    public List&lt;Guid&gt;? TappThemeAttributeList { get; set; } = new List&lt;Guid&gt;();

}

}

and

    <abp-modal-header title="@Html.Raw(HttpUtility.HtmlEncode(L["NewTappOrganization"].Value))"></abp-modal-header>

and private void SanitizeInput(TappOrganizationCreateViewModel model) { if (model == null) return;

        // HTML encode all string properties
        model.Position = HttpUtility.HtmlEncode(model.Position);
        model.Address = HttpUtility.HtmlEncode(model.Address);
        model.OfficePhone = HttpUtility.HtmlEncode(model.OfficePhone);
        model.OrgName = HttpUtility.HtmlEncode(model.OrgName);
        model.WebsiteUrl = HttpUtility.HtmlEncode(model.WebsiteUrl);
        model.OrganizationNumber = HttpUtility.HtmlEncode(model.OrganizationNumber);
        model.Country = HttpUtility.HtmlEncode(model.Country);
        model.Region = HttpUtility.HtmlEncode(model.Region);
        model.Community = HttpUtility.HtmlEncode(model.Community);
        model.PostalCode = HttpUtility.HtmlEncode(model.PostalCode);
        model.StreetAddress = HttpUtility.HtmlEncode(model.StreetAddress);
        model.AddressNumber = HttpUtility.HtmlEncode(model.AddressNumber);
        model.AddressFormatted = HttpUtility.HtmlEncode(model.AddressFormatted);
        model.NaicsCodes = HttpUtility.HtmlEncode(model.NaicsCodes);
    }

but I am wondering if abp provides a better solution? Or rather, a solution that I can:

1. apply to all my CRUD pages
2. without being overwritten by regenerated code in the future.

thank you

I've just sent you an email with same subject. thank you so much

the action value is null and I got this error:

An unhandled exception occurred while processing the request. AbpValidationException: ModelState is not valid! See ValidationErrors for details. Volo.Abp.AspNetCore.Mvc.Validation.ModelStateValidator.Validate(ModelStateDictionary modelState)

Stack Query Cookies Headers Routing AbpValidationException: ModelState is not valid! See ValidationErrors for details. Volo.Abp.AspNetCore.Mvc.Validation.ModelStateValidator.Validate(ModelStateDictionary modelState) Volo.Abp.AspNetCore.Mvc.UI.RazorPages.AbpPageModel.ValidateModel() Tapp.Web.Pages.Account.TappLoginModel.OnPostAsync(string action) in Login.cshtml.cs + ValidateModel(); Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory+GenericTaskHandlerMethod.Convert<T>(object taskAsObject) Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory+GenericTaskHandlerMethod.Execute(object receiver, object[] arguments) Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync() Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync() Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)

That's what I did, and your code has errors. However, if I fix those errors, I still encounter the issue I reported in my original post. Please check my first post.

public TappLoginModel(
    IAuthenticationSchemeProvider schemeProvider,
    IOptions<AbpAccountOptions> accountOptions,
    IAbpRecaptchaValidatorFactory recaptchaValidatorFactory,
    IAccountExternalProviderAppService accountExternalProviderAppService,
    ICurrentPrincipalAccessor currentPrincipalAccessor,
    IOptions<IdentityOptions> identityOptions,
    IOptionsSnapshot<reCAPTCHAOptions> reCaptchaOptions) : base(
        schemeProvider,
        accountOptions,
        recaptchaValidatorFactory,
        accountExternalProviderAppService,
        currentPrincipalAccessor,
        identityOptions,
        reCaptchaOptions)
{

}

• ABP Framework version: v9.X.X
• UI Type: MVC / Blazor WASM / Blazor Server
• Database System: EF Core (SQL Server
• Tiered (for MVC) or Auth Server Separated (for Angular): no
• Exception message and full stack trace:
• Steps to reproduce the issue:

currently the CRUD page has xss issues, what's the best way to fix it? i.e. with html-encoded. etc..

Here are what we wanted

1. removing the current tenant switch;
2. adding a new textbox called Invite Code
3. creating a function to map the invite codes to tenant id (for example, XDEF(Code) -> test(Tenant Id); i.e. when type XDEF for code, users will create a new account for test tenant

The reason we do this is that we don't want to expose the platform's tenants externally.

same error using System; using System.Collections.Generic; using System.ComponentModel.DataAnnotations; using System.Diagnostics; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Http.Extensions; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; using Owl.reCAPTCHA; using Volo.Abp; using Volo.Abp.Account; using Volo.Abp.Account.ExternalProviders; using Volo.Abp.Account.Public.Web; using Volo.Abp.Account.Public.Web.Pages.Account; using Volo.Abp.Account.Public.Web.Security.Recaptcha; using Volo.Abp.Account.Security.Recaptcha; using Volo.Abp.Account.Settings; using Volo.Abp.Auditing; using Volo.Abp.DependencyInjection; using Volo.Abp.Identity; using Volo.Abp.Identity.AspNetCore; using Volo.Abp.Identity.Settings; using Volo.Abp.Reflection; using Volo.Abp.Security.Claims; using Volo.Abp.Settings; using Volo.Abp.Uow; using Volo.Abp.Users; using Volo.Abp.Validation; using IdentityUser = Volo.Abp.Identity.IdentityUser;

namespace Tapp.Web.Pages.Account;

[Dependency(ReplaceServices = true)] [ExposeServices(typeof(LoginModel))] [DisableAuditing] public class TappLoginModel : LoginModel, ITransientDependency {

public TappLoginModel(
    IAuthenticationSchemeProvider schemeProvider,
    IOptions<AbpAccountOptions> accountOptions,
    IAbpRecaptchaValidatorFactory recaptchaValidatorFactory,
    IAccountExternalProviderAppService accountExternalProviderAppService,
    ICurrentPrincipalAccessor currentPrincipalAccessor,
    IOptions<IdentityOptions> identityOptions,
    IOptionsSnapshot<reCAPTCHAOptions> reCaptchaOptions) : base(
    schemeProvider,
    accountOptions,
    recaptchaValidatorFactory,
    accountExternalProviderAppService,
    currentPrincipalAccessor,
    identityOptions,
    reCaptchaOptions)
{

}

}

@page @using Microsoft.AspNetCore.Mvc.Localization @using Microsoft.Extensions.Options @using Owl.reCAPTCHA @using Volo.Abp.Account.Localization @using Volo.Abp.Account.Public.Web.Pages.Account; @using Volo.Abp.Account.Public.Web.Security.Recaptcha @using Volo.Abp.Account.Settings @using Volo.Abp.Identity; @using Volo.Abp.Settings @model Tapp.Web.Pages.Account.TappLoginModel

@inject IHtmlLocalizer<AccountResource> L @inject Volo.Abp.AspNetCore.Mvc.UI.Layout.IPageLayout PageLayout @inject ISettingProvider SettingProvider @{ PageLayout.Content.Title = L["Login"].Value; var reCaptchaVersion = await SettingProvider.GetAsync<int>(AccountSettingNames.Captcha.Version); if (Model.UseCaptcha) { await Model.ReCaptchaOptions.SetAsync(reCaptchaVersion == 3 ? reCAPTCHAConsts.V3 : reCAPTCHAConsts.V2); }

}

@section scripts { <abp-script-bundle name="@typeof(LoginModel).FullName"> <abp-script src="/Pages/Account/Login.js" /> </abp-script-bundle>

@if (Model.UseCaptcha)
{
    if (reCaptchaVersion == 3)
    {
        <recaptcha-script-v3 />
        <recaptcha-script-v3-js action="login" execute="false" />
    }
    else
    {
        <recaptcha-script-v2 />
    }
}

}

@if (Model.IsLinkLogin) { <abp-alert alert-type="Warning"> @L["LinkAccountWarning", Url.PageLink()] </abp-alert> }

@if (Model.BackToExternalLogins) { <div class="d-grid gap-2"> <a class="mb-3 btn btn-primary btn-block" href="@Url.Page("./ExternalLogins")">@L["Back"]</a> </div> } <div class="account-module-form">

@if (Model.IsSelfRegistrationEnabled)
{
    <h5 class="mb-2">@L["NotAMemberYet"] <a class="text-decoration-none" href="@Url.Page("./Register", new {returnUrl = Model.ReturnUrl, returnUrlHash = Model.ReturnUrlHash})">@L["Register"]</a></h5>
}

@if (Model.EnableLocalLogin)
{
    <form method="post" id="loginForm">
        @if (Model.UseCaptcha)
        {
            <input class="mb-3" data-captcha="true" type="hidden" name="@RecaptchaValidatorBase.RecaptchaResponseKey" id="@RecaptchaValidatorBase.RecaptchaResponseKey"/>
        }
        <div>
            <div class="form-floating mb-2">
                <input asp-for="LoginInput.UserNameOrEmailAddress" type="text" class="form-control" placeholder="name@example.com">
                @Html.LabelFor(m => m.LoginInput.UserNameOrEmailAddress, "Email Address")
                <span asp-validation-for="LoginInput.UserNameOrEmailAddress"/>
            </div>

            <div class="form-floating mb-2">
                <input asp-for="LoginInput.Password" id="password-input" type="password" class="form-control" placeholder="Password">
                @Html.LabelFor(m => m.LoginInput.Password)
                <i id="PasswordVisibilityButton" class="bi bi-eye-slash show-pass-icon" data-bs-toggle="tooltip" data-bs-placement="top" data-bs-html="true" aria-label="@L["ShowPassword"]" data-bs-original-title="@L["ShowPassword"]"></i>
                <i id="capslockicon" class="bi bi-capslock caps-lock-icon" style="display: none;" data-bs-toggle="tooltip" data-bs-placement="top" data-bs-html="true" aria-label="<i class='bi bi-exclamation-circle'></i> @L["CapsLockOn"]!" data-bs-original-title="<i class='bi bi-exclamation-circle'></i> @L["CapsLockOn"]!"></i>
                <span asp-validation-for="LoginInput.Password"/>
            </div>
        </div>
        <abp-row>
            <abp-column>
                <div class="form-switch ps-2">
                    <abp-input asp-for="LoginInput.RememberMe" class="mb-4"/>
                </div>
            </abp-column>
            <abp-column class="text-end">
                <a href="@Url.Page("./ForgotPassword", new {returnUrl = Model.ReturnUrl, returnUrlHash = Model.ReturnUrlHash})">@L["ForgotPassword"]</a>
            </abp-column>
        </abp-row>

        @if (reCaptchaVersion == 2)
        {
            <script>
                recaptchaCallback = function (token) {
                    $('form button[type=submit]').removeAttr("disabled");
                    $('#@RecaptchaValidatorBase.RecaptchaResponseKey').val(token)
                };
            </script>
            <div class="mb-3">
                <recaptcha-div-v2 callback="recaptchaCallback"/>
            </div>
        }

        <div class="d-grid gap-2">
            <abp-button button-type="Primary" type="submit" class="mb-3" name="Action" value="Login" disabled="true">
                <i class="bi bi-box-arrow-in-right me-1"></i>
                @L["Login"]
            </abp-button>
        </div>

        @if (Model.ShowCancelButton)
        {
            <div class="d-grid gap-2">
                <abp-button button-type="Secondary" type="submit" formnovalidate="formnovalidate" class="mb-3" name="Action" value="Cancel">@L["Cancel"]</abp-button>
            </div>
        }
    </form>
}

@if (Model.VisibleExternalProviders.Any() && false)
{
    if(Model.EnableLocalLogin)
    {
        <hr/>
        @L["OrSignInWith"]
        <br/>
    }
    else
    {
        @L["SignInWithOneOfTheFollowingProviders"]
    }

    <form asp-page="./Login" asp-page-handler="ExternalLogin"
          asp-route-returnUrl="@Model.ReturnUrl"
          asp-route-returnUrlHash="@Model.ReturnUrlHash"
          asp-route-linkTenantId="@Model.LinkTenantId"
          asp-route-linkUserId="@Model.LinkUserId"
          asp-route-linkToken="@Model.LinkToken"
          method="post">
        @foreach (var provider in Model.VisibleExternalProviders)
        {
            <button type="submit"
                    class="mt-2 me-2 btn btn-outline-primary btn-sm"
                    name="provider"
                    value="@provider.AuthenticationScheme"
                    data-busy-text="@L["ProcessingWithThreeDot"]">
                @if (provider.Icon != null)
                {
                    <i class="@provider.Icon"></i>
                }
                <span>@provider.DisplayName</span>
            </button>
        }
    </form>
}

</div>