Activities of "SamirBoutazzout"

Answer

Hi,

You can configure the Polling interval

https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks?tab=readme-ov-file#ui-polling-interval

Perfect. Thank you very much.

Question

Hello guys, I have been trying for a while to find where the configuration of the interval for logging the healthchecks but I couldn't find it anywhere in the source code. The current configuration (which is the default) logs the healthcheck status every 10 seconds which pollutes my log files. I would like to set the interval for logging to a higher interval instead of 10 seconds.

  • ABP Framework version: v6.0.2
  • UI Type: Angular
  • Database System: EF Core PostgreSQL
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Do you mean the stacktrace of the exception? Nothing is logged in the log file when the test throws the exception.

Hello everyone,

I would like to get some information regarding mocking the CurrentUser instance for tests. I have tried this implementation that I found on google:

protected override void AfterAddApplication(IServiceCollection services) { currentUser = Substitute.For<ICurrentUser>(); services.AddSingleton(currentUser); }

I put this in my test class and when I debug it seems to work, but when the executing code reaches the CurrentUser instance in my application service, it throws null exception as shown below.!

  • ABP Framework version: v6.0.2 Commercial
  • UI Type: Angular
  • Database System: EF Core (PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: System.NullReferenceException: 'Object reference not set to an instance of an object.'
  • Steps to reproduce the issue:
Answer

Thank you very much liangshiwei. That solved the issue.

Answer

Hi,

It works for me

Thanks liangshiwei, That's exactly what I did and the same result I got but the JWT access token still gets renewed after expiry even though the refresh token is not there. In your case, if you for example set the JWT token expiry time in 10mins, does the app send a new request for a new one and gets it?

Question

Hi everyone, I am trying to disable the refresh token and offline access in my app. I have followed multiple steps either here on this forum or on the internet but I haven't been successful. What I have done so far is I disabled the refresh token on the frontend (Angular) in the OpenId section and I removed the "offline_access" from the scope in the .env file. I have looked in the backend but I couldn't find anywhere to remove the refresh token in the AuthServer. Once I have done these steps, I no longer have the refresh token stored in localStorage, but the behaviour still persists. I have lowered the validation duration of the access token to 10mins, but once it expires, the app automatically gets a new one and the user's session is extended. Basically what i'm stuck with is a never ending user session which is not desirable in our case.

Am I missing a step in the backend? is there anyway to force the user to re-authenticate after the session access token is expired?

  • ABP Framework version: v6.0.1
  • UI Type: Angular
  • Database System: EF Core (PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): Auth Server Separated (for Angular)

Hi

yes you can override the controller
see examples of how you can do it here

https://docs.abp.io/en/abp/latest/Customizing-Application-Modules-Overriding-Services

https://github.com/abpframework/abp/blob/99806b7621fdc10cf2c6e6f4d994612656bda870/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationConfigurations/AbpApplicationConfigurationController.cs#L9

you can override this controller and add the authorize attribute to the controller class.

but i think it will create bugs as it needs the application configurations like languages and other information from backend.

you can modify the code inside

overriding this service

https://github.com/abpframework/abp/blob/99806b7621fdc10cf2c6e6f4d994612656bda870/framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/ApplicationConfigurations/AbpApplicationConfigurationAppService.cs#L28

Thank you very much. This worked but as you mentioned it broke the app unfortunately. The endpoint is not supposed to be authorized.

Hello Anjali, Thank you very much indeed for your help. Unfortunately the suggestions provided in the github issue link didn't solve my problem. Is it possible to download the source code for the ApplicationConfiguration in my solution or override it somewhere? Just adding the Authorize attribute will solve it for me but i'm not sure if that's going to introduce any bugs or breaking changes to the system.

Off-topic, we found a high risk XSS vulnerability on Angular project, specifically in the Language Management section when editing Language Texts. Where I can report it?

Hello everyone,

I would like to inquire whether it is possible to secure the following endpoint: api/abp/application-configuration We are preparing to pass on production and the security audit run on the application raised the issue of this endpoint being non-secure and can be accessed by anyone, especially that it contains app and user information. I tried looking in the solution for this endpoint but I couldn't find it. Is there a way to secure it with the Authorize attribute or at least remove it if that's not going to affect the api?

  • ABP Framework version: v6.0.2
  • UI Type: Angular
  • Database System: EF Core (PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): Auth Server Separated
Showing 1 to 10 of 16 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35