Activities of "balessi75"

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi We have a javascript implementation that will auto logout a user after a certain period of inactivity in the browser which works great.

We'd like to enhance security by providing a server level timeout. Currently if a logged in user closes the browser tab. The user is perpetually still logged in when navigating back to the app.

Is there a way to configure an ABP Blazor Server solution to auto logout/expire a session after a certain period of inactivity at the server level?

Thanks in advance.

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi,

Our custom SettingComponentContributor is defined as below. What we are finding is that the ConfigureAsync method executes, but the CheckPermissionsAsync method never executes. The group shows in the UI without the permission check. Is there something we are misunderstanding when it comes to only showing a settings group if the current user has a certain permission?

Thanks in advance.

namespace FM.nVision.Blazor.Settings
{
    public class NotificationSettingComponentContributor : ISettingComponentContributor
    {
        public Task ConfigureAsync(SettingComponentCreationContext context)
        {
            context.Groups.Add(
                new SettingComponentGroup(
                    "FM.nVision.Settings",
                    "Email Notifications",
                    typeof(NotificationSettingGroupComponent), order: 8888
                )
            );

            return Task.CompletedTask;
        }

        public async Task<bool> CheckPermissionsAsync(SettingComponentCreationContext context)
        {
            // check the permissions here
            var authService = context.ServiceProvider.GetRequiredService<IAuthorizationService>();

            if (await authService.IsGrantedAsync(nVisionPermissions.Notifications.Settings))
            {

                return true;

            }
            return false;

        }
    }

}

ConfigureServices

        Configure<SettingManagementComponentOptions>(options =>
        {

            options.Contributors.Add(new NotificationSettingComponentContributor());
            options.Contributors.Add(new AboutSettingComponentContributor());
        });

Abp Commercial 7.4.2/ Blazor Server / EF Core / Non-tiered

Hi,

We reported the following with version 5.2.0 and, 2 years later, on version 7.4.2, we are still experiencing this problem https://abp.io/support/questions/2886/Bug-with-Extended-Properties-being-controlled-in-the-UI-for-Dependent-Modules

Please advise and let us know of any possible workaround while this gets fixed.

Thanks

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi, We have extended identityuser to include several new properties to determine if certain application specific email notifications are turned on for the users 'my account' area.

We then successfully added a new 'Email Notifications' profile group under the 'my account' area (see last image below).

A new model NotificationsInfoModel is declared in our GroupViewComponent for notifications and this model is used in our default.cshtml page for notifications.

Our default.cshtml page is defined as follows...

@model FM.nVision.Blazor.Pages.Account.Components.ProfileManagementGroup.Notifications.AccountProfileNotificationsGroupViewComponent.NotificationsInfoModel

<form id="NotificationsForm">

    <div class="mb-3">

        <h4 class="pt-2 pb-3">@L["Time Off Requests"]</h4>

        <abp-row class="pb-4">
            <abp-column>
                <div>Submit Confirmation</div>
                <div class="text-subtle">Occurs every time you submit a time off request</div>
            </abp-column>
            <abp-column>
                <div class="form-switch ps-2">
                    <abp-input asp-for="NotifyTimeOffRequestSubmit" class="mb-4" />
                </div>
                    
            </abp-column>

        </abp-row>

	...

    </div>
    <abp-button type="submit" button-type="Primary" text="@L["Submit"].Value" />
</form>

Our question is how do we handle the server side action that is performed when the submit button is clicked? We looked at the abp implementation of 'Personal Info', 'Change Password', etc. but we can't determine what gets executed when the submit button gets clicked. What makes that determination? We are not that familiar with MVC as we are building a Blazor Server application.

We essentially want to call an new method to an overridden ProfileAppService that contains a new method to save email notification preferences.

Any guidance is greatly appreciated. Thank you.

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi,

We recently had our ABP application penetration tested by an established security firm. The testers noted the following...

The application allows users to authenticate with a multi-factor authentication code sent via email or cellphone. There are two primary issues with the MFA authentication workflow: -There are no limits to the number of MFA guesses a user can make as long as guesses are made using the API -MFA tokens only expire after the time limit of 6 minutes has elapsed, not when a new MFA token is generated or when the token is used to login Together these misconfigurations can make it so that an MFA bypass is statistically probable....

They end with the following recommendation...

Ensure that MFA codes are invalidated after being used to authenticate a user. Furthermore, ensure that a user can only guess the MFA code a small number of times (5-10) before a lockout

How can we override/adjust the application to expire the security code/token as soon as it is used to login? Additionally, how can we make it such that after x failed attempts, the security code/token is expired?

Any suggestions/guidance is greatly appreciated as we need to have the application certified by this security firm.

Regards,

Brian

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme:

Hi,

We have a client in production that is getting the following ABP error when attempting to change their password.

We cannot replicate the issue in our QA environment.

Please advise and let us know of any troubleshooting steps we can take.

Thank you.

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi,

Our entire user base will always be located in the same time zone which is different than UTC and we would like the end user to always see their local time (East US).

We've read https://docs.abp.io/en/abp/latest/Timing and still are unsure of how to handle the following scenario...

In local development, we can convert ABP stored UTC values as pages load and everything works correctly, however this approach doesn't work when we deploy to Azure.

This is because the environments running in Azure have a local time of UTC. So we can't use CreationDateTime.ToLocalTime()as it will always return a UTC time instead of East US.

Is there anyway around this or a certain recommended approach?

Thanks in advance.

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi, We have successfully overridden the Change Password UI (see solution structure below). The problem is that we need to reference a new javascript file in the overridden page to augment it's functionality.

In Pages/Account/Components/ProfileManagementGroup/Password/Default.cshtml, we attempted to add the following and at runtime but the page never includes the javascript reference.

This didn't work:

@section scripts
{
   <script type="text/javascript" src="/Pages/Account/PasswordStrength.js"></script>

}

and this didn't work

@section scripts
{
    <abp-script-bundle name="@typeof(ManageModel).FullName">
        <abp-script src="/Pages/Account/PasswordStrength.js" />
    </abp-script-bundle>

 }

Is there something different that needs to be done with these view components (password, personalinfo, profilepicture, etc)?

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi, We found that when a page is not authorized for a particular user, and that user attempts to access the page's URL in the browser address bar, (while logged in) the page still loads, but it's contents are empty.

In ABP, what's the best approach to redirect the user to an Access Denied page?

Thanks in advance!

ABP Commercial 7.4.2 / Blazor Server / EF / Non tiered / Separate Host and Tenant DBs / Lepton Theme

Hi, We found that that the 2FA option for using an Authenticator App is being presented to the user when logging in even if they have not setup 2FA on their account.

We recently upgraded to 7.4.2 which includes the Authenticator feature and when a user sets it up, it works perfectly.

What we noticed, however, is that if a user never sets it up, and simply saves something on their 'My Account' area (not related to 2fa or authenticator) the new 2fa option is now presented to the user when logging in - even though they never set it up and can't use it.

Please advise. Any workarounds are greatly appreciated.

Thanks