Activities of "nhontran"

If you're creating a bug/problem report, please include followings:

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Our source code scan has got the following critical finding:

Description The application is found to be using outdated JavaScript libraries with known vulnerabilities over the web. Below is a list of libraries with known vulnerabilities over the web: jquery-form 4.3.0 - Cross-Site Scripting • https://security.snyk.io/vuln/SNYK-JS-JQUERYFORM-574783 - CVSS Score: 9.8 jquery-validate 1.19.2 - Regular Expression Denial of Service vulnerability • https://nvd.nist.gov/vuln/detail/CVE-2021-21252 – CVSS Score: 7.5 datatables 1.10.22 - Prototype Pollution • https://nvd.nist.gov/vuln/detail/CVE-2020-28458 – CVSS Score: 7.3 lodash 4.17.20 - Regular Expression Denial of Service (ReDoS) • https://nvd.nist.gov/vuln/detail/CVE-2020-28500 - CVSS Score: 5.3

Impact Successful exploitation of the vulnerabilities could result in the web application crashing or modification of the data stored by the application.

Recommendation • jQuery-form Latest version of the library still contains the security bug.

Qn - Is this affected library is still required? If so, can you confirm that the vulnerable functionality is not being used by the application? How can we fix this?

• jQuery-validate Update to the latest version v1.19.3. Qn - Any impact if we proceed to update?

• Datatables Update to the latest version v1.11.5 Qn - Any impact if we proceed to update?

• Lodash Update to the latest version v4.17.21 Qn - Any impact if we proceed to update?

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi, I am trying to understand the purpose of autoSave parameter in repository methods:

        // Parameters:
        //   autoSave:
        //     Set true to automatically save changes to database. This is useful for ORMs /
        //     database APIs those only save changes with an explicit method call, but you need
        //     to immediately save changes to the database.

from the coding comment above, I expect every time I set the autoSave = true, the record will be inserted immediately into database without waiting for the scope of method to be completed (UOW), but it does not work as expected, the item is not inserted into database whether I set it to true or false.

I can solve the problem by calling _unitOfWorkManager.Current.SaveChangesAsync(), but anyone can explain what the autoSave prameter trying to do?

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi, I got the license error when creating new project, below are the logs, could you please help me check?

C:\Users\Admin\source\repos\PB1>abp login nhontran
[12:37:36 INF] ABP CLI (https://abp.io)
[12:37:36 INF] Version 3.3.2 (Stable)
[12:37:39 WRN] ABP CLI has a newer stable version 5.1.1, please update to get the latest features and fixes.
[12:37:39 WRN]
[12:37:39 WRN] Update Command:
[12:37:39 WRN] dotnet tool update -g Volo.Abp.Cli
[12:37:39 WRN]
Password: [12:37:47 INF] Successfully logged in as 'nhontran'

C:\Users\Admin\source\repos\PB1>abp new TestingPB -csf -u angular -m none -t app-pro -v 3.3.2 --separate-identity-server
[12:37:52 INF] ABP CLI (https://abp.io)
[12:37:52 INF] Version 3.3.2 (Stable)
[12:37:54 WRN] ABP CLI has a newer stable version 5.1.1, please update to get the latest features and fixes.
[12:37:54 WRN]
[12:37:54 WRN] Update Command:
[12:37:54 WRN] dotnet tool update -g Volo.Abp.Cli
[12:37:54 WRN]
[12:37:54 INF] Creating your project...
[12:37:54 INF] Project name: TestingPB
[12:37:54 INF] Template: app-pro
[12:37:54 INF] Version: 3.3.2
[12:37:54 INF] UI Framework: Angular
[12:37:54 INF] Output folder: C:\Users\Admin\source\repos\PB1\TestingPB
[12:37:55 INF] Using cached template: app-pro, version: 3.3.2
[12:37:55 WRN] You do not have an active ABP Commercial license! If you have purchased it lately, you need to sign in again with the CLI command `abp login <username>`.
Volo.Abp.UserFriendlyException: You do not have an active ABP Commercial license! If you have purchased it lately, you need to sign in again with the CLI command `abp login <username>`.
   at Volo.Abp.Cli.ProjectBuilding.TemplateProjectBuilder.BuildAsync(ProjectBuildArgs args) in D:\ci\Jenkins\workspace\abp-framework-release\abp\framework\src\Volo.Abp.Cli.Core\Volo\Abp\Cli\ProjectBuilding\TemplateProjectBuilder.cs:line 100
   at Volo.Abp.Cli.Commands.NewCommand.ExecuteAsync(CommandLineArgs commandLineArgs) in D:\ci\Jenkins\workspace\abp-framework-release\abp\framework\src\Volo.Abp.Cli.Core\Volo\Abp\Cli\Commands\NewCommand.cs:line 134
   at Volo.Abp.Cli.CliService.RunAsync(String[] args) in D:\ci\Jenkins\workspace\abp-framework-release\abp\framework\src\Volo.Abp.Cli.Core\Volo\Abp\Cli\CliService.cs:line 59
[12:37:55 WRN] Code:
[12:37:55 WRN] Details:

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi, I am using the module project template, I have created a separate database for the new tenant:

Below is the connection strings from HttpApi.Host:

  "ConnectionStrings": {
    "Default": "Server=localhost;Database=PartnersBuddy_Main;Trusted_Connection=True;MultipleActiveResultSets=true",
    "PartnersBuddy": "Server=localhost;Database=PartnersBuddy_Module;Trusted_Connection=True;MultipleActiveResultSets=true"
  },

I have created a new tenant with the below connection string:

"Server=localhost;Database=PartnersBuddy_Module_TenantA;Trusted_Connection=True;MultipleActiveResultSets=true"

When I tried to login to the new tenant, I got the below error, I guess it was trying to query the Identity Server Client from the new tenant connection string, but I only created new database for the module only, and there is no place for me to put the connection string for the "Main" when creating the new tenant:

[16:47:02 ERR] An exception occurred while iterating over the results of a query for context type 'Volo.Abp.IdentityServer.EntityFrameworkCore.IdentityServerDbContext'.
Microsoft.Data.SqlClient.SqlException (0x80131904): Invalid object name 'IdentityServerClientCorsOrigins'.
   at Microsoft.Data.SqlClient.SqlCommand.<>c.<ExecuteDbDataReaderAsync>b__164_0(Task`1 result)
   at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location where exception was thrown ---
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(DbContext _, Boolean result, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.SqlServer.Storage.Internal.SqlServerExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
ClientConnectionId:b2bab897-dbe1-4985-bc79-3e208f9d407d

Any help would be greatly appreciated!

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi, I have a scenario that user from another tenancy want to have their own login page with different look & feel. Currently, when calling the identity server authorize endpoint, it redirects to the ABP default login page, is there a way I can pass an extra parameter and configure to the the other custom login page?

If you're creating a bug/problem report, please include followings:

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi, I am trying to figure out how to inject a service in AutoMapper profile, I have tried the IMappingAction method from the link below: https://docs.automapper.org/en/stable/Before-and-after-map-actions.html

but got this exception:

[21:31:09 ERR] Error mapping types.
Mapping types:
Object -> List`1
System.Object -> System.Collections.Generic.List`1[[TestA, TestProject.Application.Contracts, Version=0.1.0.0, Culture=neutral, PublicKeyToken=null]]
AutoMapper.AutoMapperMappingException: Error mapping types.
Mapping types:
Object -> List`1
System.Object -> System.Collections.Generic.List`1[[TestA, TestProject.Application.Contracts, Version=0.1.0.0, Culture=neutral, PublicKeyToken=null]]
 ---> System.MissingMethodException: No parameterless constructor defined for type 'TestProject.TestMappingAction'.
   at System.RuntimeType.CreateInstanceDefaultCtorSlow(Boolean publicOnly, Boolean wrapExceptions, Boolean fillCache)
   at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, Boolean wrapExceptions)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic, Boolean wrapExceptions)
   at System.Activator.CreateInstance(Type type)
   at AutoMapper.Configuration.MappingExpressionBase`3.<AfterMap>g__AfterFunction|11_0[TMappingAction](TSource src, TDestination dest, ResolutionContext ctxt)
   at lambda_method(Closure , Object , List`1 , ResolutionContext )
   --- End of inner exception stack trace ---
   at lambda_method(Closure , Object , List`1 , ResolutionContext )
   at Volo.Abp.AutoMapper.AutoMapperAutoObjectMappingProvider.Map[TSource,TDestination](Object source)
   at Volo.Abp.ObjectMapping.DefaultObjectMapper.AutoMap[TSource,TDestination](Object source)
   at Volo.Abp.ObjectMapping.DefaultObjectMapper.Map[TSource,TDestination](TSource source)

What did I miss in my configuration? Any help would be greatly appreciated.

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi, I got tenant Id not found error when working on a module project:

[21:13:26 INF] Request starting HTTP/2.0 OPTIONS https://localhost:44343/api/partners-buddy/category-groups?skipCount=0&maxResultCount=10  
[21:13:26 INF] CORS policy execution successful.
[21:13:26 INF] Request finished in 3.2625ms 204 
[21:13:26 INF] Request starting HTTP/2.0 GET https://localhost:44343/api/partners-buddy/category-groups?skipCount=0&maxResultCount=10  
[21:13:26 INF] CORS policy execution successful.
[21:13:26 INF] Successfully validated the token.
[21:13:26 ERR] Connection ID "18230571301796315688", Request ID "80000229-0002-fd00-b63f-84710c7967bb": An unhandled exception was thrown by the application.
Volo.Abp.BusinessException: Tenant not found!
   at Volo.Abp.MultiTenancy.TenantConfigurationProvider.GetAsync(Boolean saveResolveResult)
   at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Volo.Abp.AspNetCore.Security.Claims.AbpClaimsMapMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
   at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass5_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync()
[21:13:26 INF] Request finished in 10.4021ms 500 

Steps to reproduces:

1. Create a module project template
2. Create a list with Abp Suite
3. set the Multi-Tenancy to true
4. create a new tenant and login to that tenant
5. Access the list view just created above

    public static class MultiTenancyConsts
    {
        /* Enable/disable multi-tenancy in a single point
         * to test your module with multi-tenancy.
         */
        public const bool IsEnabled = true;
    }

I also tried login with incognito mode, got the same issue, so cache/cookies is not the root cause

Could you please help us take a look?

If you're creating a bug/problem report, please include followings:

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi, I am working on my corporate laptop with have limit on the internet access, we have our own npm registry, what should I do to be able to run the abp generate-proxy without internet access, so far I got the error below:

[13:42:20 INF] ABP CLI (https://abp.io)
[13:42:21 INF] Version 3.3.2 (Stable)
[13:42:22 WRN] 1. HTTP request attempt failed to https://abp.io/api/app/nugetPackage/proPackageNames with an error: 403-Forbidden. Waiting 2 secs for the next try...
[13:42:25 WRN] 2. HTTP request attempt failed to https://abp.io/api/app/nugetPackage/proPackageNames with an error: 403-Forbidden. Waiting 4 secs for the next try...
[13:42:29 WRN] 3. HTTP request attempt failed to https://abp.io/api/app/nugetPackage/proPackageNames with an error: 403-Forbidden. Waiting 7 secs for the next try...
[13:42:36 ERR] Remote server returns '403-Forbidden'.
[13:42:37 WRN] 1. HTTP request attempt failed to https://api.nuget.org/v3-flatcontainer/volo.abp.cli/index.json with an error: 403-Forbidden. Waiting 2 secs for the next try...
[13:42:39 WRN] 2. HTTP request attempt failed to https://api.nuget.org/v3-flatcontainer/volo.abp.cli/index.json with an error: 403-Forbidden. Waiting 4 secs for the next try...
[13:42:43 WRN] 3. HTTP request attempt failed to https://api.nuget.org/v3-flatcontainer/volo.abp.cli/index.json with an error: 403-Forbidden. Waiting 7 secs for the next try...
[13:42:51 WRN] Unable to retrieve the latest version
[13:42:51 WRN] Remote server returns '403-Forbidden'.
[13:42:51 WRN] Couldn't determinate version of "@abp/ng.schematics" package.
[API Not Available] Please double-check the URL in the source project environment and make sure your application is up and running.

Thank you.

• ABP Framework version: v3.3.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace:
• Steps to reproduce the issue:"

Hi, I have overridden the CreateAsync method in IdentityUserAppService, and added an extra property named "isActiveDirectory":

public override async Task<IdentityUserDto> CreateAsync(IdentityUserCreateDto input)
{
    ...
    user.SetProperty(IsActiveDirectoryPropertyName, isActiveDirectory);
    ...
}

the extra property has been added successfully in db:

However, when we retrieve the mapping userDto, the ExtraProperties returned null

var userDto = ObjectMapper.Map<IdentityUser, IdentityUserDto>(user);
user.MapExtraPropertiesTo(userDto);
return userDto;

Could you please help me check?

Thank you.

Hi, my corporate laptop has limited internet connection, it only allows to browse the internet using "virtual browser", the other tools such as cmd, powershell.... have been restricted to the internet connection which I could not login to abp using abp cli

I can access the abp openid using browser but could not with cmd:

Now I got stuck at license check and unable to launch the application using Visual Studio:

Is there any workaround to resolve this issue?

Thank you.