Hi, unfortunately, I can't help with the first one, because we need more information, it's hard to understand the reason.
For the second problem, you have option to disable the recaptcha completely or check your credentials. Because we are using Google's Recaptcha and not customizing it.
Please check your settings.
For the last one, when you register, yes the user's cookie becomes invalid and expect it to re-login again.
Description:
Currently, in ABP, enforcing multi-factor authentication (MFA) only includes SMS/email methods, which are not considered fully secure. There is no option to enforce the use of an authenticator app.
Problem:
- The current MFA enforcement does not include authenticator apps.
- SMS and email are vulnerable to attacks (e.g., phishing, SIM-swap).
- From a standard business security requirements perspective, an authenticator app should be available as a mandatory MFA option.
Expected Solution:
- Add an option to enforce MFA using an authenticator app (Google Authenticator, Microsoft Authenticator, etc.).
- Allow administrators (preferably at the tenant level) to enforce this setting for all users.
- During login, check if the user has already configured an authenticator app. If not, enforce its setup, similar to the existing process available in the "My Account" section.
Benefits:
- Improved login security.
- Compliance with modern security standards.
- Better control for administrators over MFA policies.
ABP already provides 2fa with an authenticator app, see https://abp.io/docs/9.0/modules/identity/two-factor-authentication#user-side
Any update on this? web version also not working.
Hi, we updated the react-native template versions and changed to TypeScript (all .js files to .tsx) for the react-native applications except for the microservice template. I will create an internal issue for this.
Regards.
With layered application template the web version throws error and unable to run.
If you are talking about React-Native application, yes there is a known issue due to expo migration. We are currently working on that and will try to fix and release a patch version asap. Thanks for your understanding.
Regards.
Hi again, we tested but could not reproduce your problem. Adding more than 10 custom hook points are working as expected:
Can you provide more information? For example, which template did you update?
Hi, can you check your container and inspect it to ensure about the password and also confirm it's same in your microservice application?
Any update on this? web version also not working.
Hi, we updated the react-native template versions and changed to TypeScript (all .js files to .tsx) for the react-native applications except for the microservice template. I will create an internal issue for this.
Regards.
Hi, Thanks for the reply! This solution only works when a user correctly signs out of the application, which is a partial answer to my question. Is there no way to do the same also when a user closes the browser window or leaves the application website?
Hi, there is not an event for that purpose on the OpenIddict side. You may consider using SignalR, and when the user disconnects, apply your logic. (however, sometimes signalr connection terminates because of numerous reasons, so you should check it accordingly)
Regards.
i mean:
Situation 1: AppService1 gets data from my Entity with eaual filter type (set in DbContext Filter for OU) for current user's Organization Unit.
Situation 2: AppService2 gets data from my Entity with contains filter type for List of user's Organization Unit and its hierarchy units.
Hi, if I understood you correctly, for the first situation you want to apply the data filter and for the second one, you don't want to apply the data-filter and only query according to input filters. The first thing came to my mind is disabling data-filter according to a bool parameter value.
Assume that you have a repository interface as below:
public interface IMyRepository : IRepository<TEntity>
{
Task<List<TEntity>> GetAllAsync(/* other params... */, bool ignoreOUFilters = false);
}
In the repository implementation you can do something like:
public async Task<List<TEntity>> GetAllAsync(/* other params... */, bool ignoreOUFilters = false)
{
if(ignoreOUFilters)
{
using(DataFilter.Disable<IHasOrganization>())
{
return await GetAllInternalAsync(/* other args... */, ignoreOUFilters);
}
}
return await GetAllInternalAsync(/* other args... */, ignoreOUFilters);
}
private async Task<List<TEntity>> GetAllInternalAsync(/* other params... */, bool ignoreOUFilters = false)
{
//your query logic
}
Then, calling the repository method, pass if you want to allow has-organization data-filter or not.
Regards.
Instead of reading rsms.me, how about changing the method so that ABP downloads rsms.me?
This is exactly what it should be. We are testing the situation and considering using the related CSS as a static file. @sumeyye.kurtulus working on that.
Regards.
Hi, to add more than 10 custom-code placeholders, you should edit templates and add the relevant placeholder for the related templates. Here are the documents that you can check to see how to do that:
- https://abp.io/docs/latest/suite/customizing-the-generated-code#adding-new-custom-hook-points-changing-their-places-1
- https://abp.io/docs/latest/suite/editing-templates
I quoted the documentation you linked me.... adding more hook points does nothing. They are ignored.
We will test this and write back to you as soon as possible.
