Outstanding! Thank you very much - it now works exactly as supposed to.
It's getting a bit complicated to synchronize a clean ABP framework test project and even a minimal customization.
We definitely might try what you suggest anyway, but now I even cannot make standard ABP pages work in the test project for the reason unknown to me. What i tried to do last was to switch from using 'http' in front-end to 'https' to make it as close to the original setup as possible (you may use some self-made SSL certificate if needed). I have modified OpenIddictApplications table accordingly (just for your information).
Could you please fix the test project uploaded (the linke has been sent to your email) - so adding a user and a link account feature would work - and zip the project back to me? I will take it from there. Thank you.
Replying this right away:
Some of them are Preflight requests, it's part of CQRS to pre-check if the server supports cross-domain requests.
Those are not prefetch. Please pay attention that both of them are with code 200. Prefetch is 204. So those are really duplicates for some reason...
Hi, thank you for the reopening.
I am afraid I do need your further assistance here. So I managed to eliminate extra API request at Home page which took place between /abp/application-configuration and /abp/application-localization and returning error 401 (for the reason still unknown to me):
However I still cannot figure out everything that followed /connect/token with 400 return code ('token_error'). Since I cannot share our code, and on the other hand it makes no sense to track things on a test example since it is a very simplified version of the code, I will kindly ask you to clarify how ABP works in this workflow and why exactly this way:
I see. So you are confirming, that 1, 2 that follow the /connect/token requests is inevitable even if i do not actually switch to the different login?
Alright, if those ABP requests are required.
But my problem is that as you can see from the screenshot above, there is a bunch of API requests between ABP requests take place.
The one which is important here is only the first request (it causes error 401, which is taken over by our error handler - it redirects to Home page and so on, I will deal with that later).
All these requests are initiated from Home page.The mentioned Home page resides in the external module:
Could you please give some clue / insight what might invoke this first request? In your video, the current page left intact: there are only 'application-configuration' and 'application-localization' requests.
If you do not have ideas / recomendations (from applicable ABP 'best practices' point of view here) - well, it's alright. I will try to investigate myself: there is a lot of custom code here.
As i noted before, i expect no further API requests coming through after unsuccessful link login. As you can see from the screenshot, despite returning error 400 by connect/token, API come through. Why? The login switch was unsuccessful - all i expect to see is an error toaster.
It does not solve the problem:
I have tried to use this approach in my HttpInteceptor (instead of handleLinkLoginError, when it's "too late"):
catchError((error: HttpErrorResponse) => {
if (error.status === 400 && error.url?.includes('/connect/token') && error.error?.error === 'access_denied') {
return EMPTY;
}
return throwError(() => error);
})
In this case, no extra requests (like "/abp/application-configuration") come through as expected. On the other hand, I do not see the original error toaster, because I do not propagate the error. Besides - i am even not sure it would be a right way: maybe reacing on /connect/token like this (even preventing further requests) is an incorrect behavior... In fact, after catching the error like this, I observed some issues when logging in with an active user afterwards.
I've tried this, but it does not work right yet. First of all, this still fails when res is null (when the link login is unsuccessful in my case): localStorage.setItem('access_token', res.access_token);
But even if i prevent this by using:
private handleLinkLoginError = (err: HttpErrorResponse) => {
this.toaster.error(err.error?.error_description);
return EMPTY;
};
there is an (unnecessary) chain of API requests to finally stay under the same user - prior to handleLinkLoginError: there is API request to 'abp/application-configuration' and so on - that usually take place when you visit an ordinary page (i have no idea why this is happening in this scenario).
Instead, the logic in my understanding should be as simple as follows: if the linked user is denied - current UI user should see the corresponding error toaster and nothing extra should happen (no page reloads or other API calls), the UI user should stay at the same page. Maybe for that, the specific logic needs to be implemented on server-side in a different way - not via IOpenIddictServerHandler?
Hi.
Yes, this is a custom property, but it's not very important here. What is important is to be able to invalidate inactive user not only in LoginModel - when a user tries to log in from Login form (it does work as expected) implemented as follows:
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(LoginModel), typeof(OpenIddictSupportedLoginModel), typeof(AbxLoginModel))]
public class AbxLoginModel : OpenIddictSupportedLoginModel, ITransientDependency
{
...
public override async Task<IActionResult> OnPostAsync(string action)
{
AbxLoginModel supportedLoginModel = this;
var user = await UserManager.FindByNameAsync(LoginInput.UserNameOrEmailAddress) ?? await UserManager.FindByEmailAsync(LoginInput.UserNameOrEmailAddress);
if (user != null)
{
var abxUser = await _abxUserRepository.GetAsync(user.Id);
if (abxUser != null)
{
var dateNow = DateTime.Now.Date;
if (abxUser.ValidFrom.HasValue && dateNow < abxUser.ValidFrom.Value)
{
Alerts.Danger(_stringLocalizer.GetString("Login:InvalidDateForUser"));
supportedLoginModel.EnableLocalLogin = true;
return supportedLoginModel.Page();
}
if (abxUser.ValidTo.HasValue && dateNow > abxUser.ValidTo.Value)
{
Alerts.Danger(_stringLocalizer.GetString("Login:InvalidDateForUser"));
supportedLoginModel.EnableLocalLogin = true;
return supportedLoginModel.Page();
}
}
}
var result = await base.OnPostAsync(action);
return result;
}
}
but also when a 'Linked accounts' dialog is shown and a user clicks a linked account login href to login as this user.
Unfortunately, I cannot share the project.
