Hi,
You can configure the Polling interval
https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks?tab=readme-ov-file#ui-polling-interval
Perfect. Thank you very much.
Hello guys, I have been trying for a while to find where the configuration of the interval for logging the healthchecks but I couldn't find it anywhere in the source code. The current configuration (which is the default) logs the healthcheck status every 10 seconds which pollutes my log files. I would like to set the interval for logging to a higher interval instead of 10 seconds.
Do you mean the stacktrace of the exception? Nothing is logged in the log file when the test throws the exception.
Hello everyone,
I would like to get some information regarding mocking the CurrentUser instance for tests. I have tried this implementation that I found on google:
protected override void AfterAddApplication(IServiceCollection services) { currentUser = Substitute.For<ICurrentUser>(); services.AddSingleton(currentUser); }
I put this in my test class and when I debug it seems to work, but when the executing code reaches the CurrentUser instance in my application service, it throws null exception as shown below.!
Thank you very much liangshiwei. That solved the issue.
Hi,
It works for me
Thanks liangshiwei, That's exactly what I did and the same result I got but the JWT access token still gets renewed after expiry even though the refresh token is not there. In your case, if you for example set the JWT token expiry time in 10mins, does the app send a new request for a new one and gets it?
Hi everyone, I am trying to disable the refresh token and offline access in my app. I have followed multiple steps either here on this forum or on the internet but I haven't been successful. What I have done so far is I disabled the refresh token on the frontend (Angular) in the OpenId section and I removed the "offline_access" from the scope in the .env file. I have looked in the backend but I couldn't find anywhere to remove the refresh token in the AuthServer. Once I have done these steps, I no longer have the refresh token stored in localStorage, but the behaviour still persists. I have lowered the validation duration of the access token to 10mins, but once it expires, the app automatically gets a new one and the user's session is extended. Basically what i'm stuck with is a never ending user session which is not desirable in our case.
Am I missing a step in the backend? is there anyway to force the user to re-authenticate after the session access token is expired?
Hi
yes you can override the controller
see examples of how you can do it herehttps://docs.abp.io/en/abp/latest/Customizing-Application-Modules-Overriding-Services
https://github.com/abpframework/abp/blob/99806b7621fdc10cf2c6e6f4d994612656bda870/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationConfigurations/AbpApplicationConfigurationController.cs#L9
you can override this controller and add the authorize attribute to the controller class.
but i think it will create bugs as it needs the application configurations like languages and other information from backend.
you can modify the code inside
overriding this service
https://github.com/abpframework/abp/blob/99806b7621fdc10cf2c6e6f4d994612656bda870/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationConfigurations/AbpApplicationConfigurationAppService.cs#L28
Thank you very much. This worked but as you mentioned it broke the app unfortunately. The endpoint is not supposed to be authorized.
Hello Anjali, Thank you very much indeed for your help. Unfortunately the suggestions provided in the github issue link didn't solve my problem. Is it possible to download the source code for the ApplicationConfiguration in my solution or override it somewhere? Just adding the Authorize attribute will solve it for me but i'm not sure if that's going to introduce any bugs or breaking changes to the system.
Off-topic, we found a high risk XSS vulnerability on Angular project, specifically in the Language Management section when editing Language Texts. Where I can report it?
Hello everyone,
I would like to inquire whether it is possible to secure the following endpoint: api/abp/application-configuration We are preparing to pass on production and the security audit run on the application raised the issue of this endpoint being non-secure and can be accessed by anyone, especially that it contains app and user information. I tried looking in the solution for this endpoint but I couldn't find it. Is there a way to secure it with the Authorize attribute or at least remove it if that's not going to affect the api?