*** Jquery validation version is showing 1.17.0 , but we have got a security scan report which wants us to update to 1.19.5 for security patch
*** I want your help in upgrading the version asap. Thanks.
ABP Framework version: v3.0.0
UI Type: MVC
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes/no
Exception message and full stack trace:
Steps to reproduce the issue:
Im seeing administrator, settings in the error screen side menu, which i dont want.
How do i overide so that i only show status code.
Still is there anyway we can encrypt ?
I got an interesting case here... I could solve the above issue by writing extension to Identity EF core repository. No change in the calling function from the client application.
public class XSenseEfCoreIdentityUserRepository : EfCoreIdentityUserRepository, IXSenseIdentityUserRepository
{
public XSenseEfCoreIdentityUserRepository(
IDbContextProvider<IIdentityDbContext> dbContextProvider)
: base(dbContextProvider)
{
}
public virtual async Task<IdentityUser> GetIdentityUserDataAsync(Guid userId)
{
var dbContext = await GetDbContextAsync();
var usersData = await dbContext.Set<IdentityUser>().IncludeDetails(true).Where(u => u.Id == userId).FirstOrDefaultAsync();
return usersData;
}
}
Now i have different issue with
idenityUsermanger.UpdateAsync(user)
Below is the stack trace:
An unhandled exception has occurred while executing the request.
System.OperationCanceledException: The operation was canceled.
at System.Threading.CancellationToken.ThrowOperationCanceledException()
at System.Threading.CancellationToken.ThrowIfCancellationRequested()
at Volo.Abp.Identity.IdentityUserStore.GetSecurityStampAsync(IdentityUser user, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Identity.UserManager`1.GetSecurityStampAsync(TUser user)
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
at Microsoft.AspNetCore.Identity.UserManager`1.ValidateUserAsync(TUser user)
at Microsoft.AspNetCore.Identity.UserManager`1.UpdateUserAsync(TUser user)
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.ProceedAsync()
at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func`3 proceed)
at XSense.Controllers.ComputerController.GetAuthenticationCode(SendAuthenticationRequest request) in D:\Git_Sandbox\XSenseOne\src\XSense.HttpApi\Controllers\ComputerController.cs:line 1207
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Cotur.Abp.ApiKeyAuthorization.Http.ApiKeys.ApiKeyAuthorizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\Git_Sandbox\XSenseOne\modules\abp-api-key-authorization\src\Cotur.Abp.ApiKeyAuthorization.AspNetCore\ApiKeys\ApiKeyAuthorizationMiddleware.cs:line 50
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpOpenIddictMiddlewareExtension.<>c__DisplayClass0_0.<<UseAbpOpenIddictValidation>b__0>d.MoveNext() in D:\Git_Sandbox\XSenseOne\modules\Volo.OpenIddict.Pro\src\Volo.Abp.OpenIddict.AspNetCore\Microsoft\AspNetCore\Builder\ApplicationBuilderAbpOpenIddictMiddlewareExtension.cs:line 21
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Uow.AbpUnitOfWorkMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at XSense.Web.XSenseWebModule.<>c.<<OnApplicationInitialization>b__18_1>d.MoveNext() in D:\Git_Sandbox\XSenseOne\src\XSense.Web\XSenseWebModule.cs:line 562
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)
All the apis are working good earlier, but recently we have to flush the data and after that it seems we are having this issues. I couldnt guess what went wrong.
Hi,
Calling in golang application:
API : APIGetUser string = "/api/pc/get-user-info"
Libhandle is structure to handle the api & db configuration , Where is client is an http client implementationf for api calls.
type LibHandle struct {
db *adapter.Adapter
log logger.Logger
cfg *Config
c *Client
}
Calling Function :
func (h *LibHandle) getUser(userName string, localUser bool) (*UserCrdential, bool, error) {
uc, noLocalUser := h.getLocalUser(userName)
mr := make(map[string]interface{})
mr["UID"] = h.getUID()
mr["UserName"] = userName
``` req, err := h.getRequest("POST", APIGetUser, mr) ```
if err != nil {
h.log.Error("Failed to get user, failed to create API request", "err", err)
if noLocalUser {
return nil, false, err
}
return uc, true, nil
}
// q := req.URL.Query()
// q.Add("UID", h.getUID())
// q.Add("UserName", userName)
// req.URL.RawQuery = q.Encode()
```resp, err := h.c.Do(req) ```
if err != nil {
h.log.Error("Failed to get user, invalid response from the server", "err", err)
if noLocalUser {
return nil, false, err
}
return uc, true, nil
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
h.log.Error("Failed to get user, get user failed with status", "status", resp.StatusCode)
if noLocalUser {
return nil, false, err
}
return uc, true, nil
}
var ud UserDetials
err = jsonutil.DecodeJSONFromReader(resp.Body, &ud)
if err != nil {
h.log.Error("Failed to get user, failed to parse the json", "err", err)
if noLocalUser {
return nil, false, err
}
return uc, true, nil
}
}
Function : Common function to form a request based on the provided method,route and inputs >> h.getRequest("POST", APIGetUser, Mr)
func (h *LibHandle) getRequest(method string, path string, model interface{}) (*http.Request, error) {
req, err := h.c.JSONRequest(method, path, model)
if err != nil {
return nil, err
}
//req.Header.Add("XSENSE-APP-ID", h.cfg.AppID)
req.Header.Add("XSENSE-API-KEY", h.cfg.AppSecret)
return req, nil
}
func (c *Client) JSONRequest(method string, requestPath string, model interface{}) (*http.Request, error) {
var body *bytes.Buffer
if model != nil {
j, err := json.Marshal(model)
if err != nil {
return nil, err
}
body = bytes.NewBuffer(j)
} else {
body = bytes.NewBuffer(make([]byte, 0))
}
url := &url.URL{
Scheme: c.addr.Scheme,
Host: c.addr.Host,
User: c.addr.User,
Path: path.Join(c.addr.Path, requestPath),
}
req, err := http.NewRequest(method, url.RequestURI(), body)
req.Host = url.Host
req.URL.User = url.User
req.URL.Scheme = url.Scheme
req.URL.Host = url.Host
req.Header.Set("Content-Type", "application/json")
return req, err
}
Function : Common function to excute the request >> resp, err := h.c.Do(req)
func (c *Client) Do(req *http.Request, timeout ...time.Duration) (*http.Response, error) {
if timeout != nil {
c.hc.Timeout = timeout[0]
} else {
c.hc.Timeout = c.defaultTimeout
}
return c.hc.Do(req)
}
Hope this helps .
Task was cancelled &
t Microsoft.EntityFrameworkCore.Storage.RelationalCommand.<ExecuteReaderAsync>d__19.MoveNext() at
Microsoft.EntityFrameworkCore.Storage.RelationalCommand.<ExecuteReaderAsync>d__19.MoveNext() at
Microsoft.EntityFrameworkCore.Query.RelationalShapedQueryCompilingExpressionVisitor.ShaperProcessingExpressionVisitor.<<PopulateSplitIncludeCollectionAsync>g__InitializeReaderAsync|27_0>d`2.MoveNext() at
Microsoft.EntityFrameworkCore.SqlServer.Storage.Internal.SqlServerExecutionStrategy.<ExecuteAsync>d__7`2.MoveNext() at Microsoft.EntityFrameworkCore.Query.RelationalShapedQueryCompilingExpressionVisitor.ShaperProcessingExpressionVisitor.<PopulateSplitIncludeCollectionAsync>d__27`2.MoveNext() at
Microsoft.EntityFrameworkCore.Query.RelationalShapedQueryCompilingExpressionVisitor.ShaperProcessingExpressionVisitor.<TaskAwaiter>d__37.MoveNext() at
Microsoft.EntityFrameworkCore.Query.Internal.SplitQueryingEnumerable`1.AsyncEnumerator.<MoveNextAsync>d__21.MoveNext() at
Microsoft.EntityFrameworkCore.Query.ShapedQueryCompilingExpressionVisitor.<SingleOrDefaultAsync>d__15`1.MoveNext() at
Microsoft.EntityFrameworkCore.Query.ShapedQueryCompilingExpressionVisitor.<SingleOrDefaultAsync>d__15`1.MoveNext() at
Volo.Abp.Domain.Repositories.EntityFrameworkCore.EfCoreRepository`3.<FindAsync>d__2.MoveNext() at
Castle.DynamicProxy.AsyncInterceptorBase.<ProceedAsynchronous>d__14`1.MoveNext() at
Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue`1.<ProceedAsync>d__7.MoveNext() at Volo.Abp.Uow.UnitOfWorkInterceptor.<InterceptAsync>d__2.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter`1.<InterceptAsync>d__3`1.MoveNext() at XSense.Controllers.ComputerController.<GetUserInfo>d__58.MoveNext() in
In the GetUserInfo api > I see an exception at >>>>> var userinfo = await identityrepository.FindAsync("userid");
Im getting the above exception when i call this api from APP, but it works fine with postman. I have checked the parameters and all are same.
Can you please let me know the possible cause.
If i have to give the updated files after install libs, what are the minimum file i need to share from the publish folder to client.
Thank you for prompt response . Will check and update you.
We have created a dotnet project with earlier versions of ABP framework on dotnet 3 and later upgraded the dotnet version to 5 and lepton theme with ABP framwork 5.
Now the issue is our client has raised a black box pointer regarding the datatables.net version of the jquery.
*** The below POC describes that Application is using vulnerable version of datatables.net v1.10.22 below mentioned is the cve id for it: jquery datatables.net v1.10.22 :- CVE-2020-28458,CVE-2021-2344 ***
I need to updagrade the jquery& datatable.net version with out disturbing any other things as the application in production. I need to make sure resolve the pointer in the best way possible. attaching here with the screenshots for your reference.
I do see the follwing in the yarn.lock file :
"@abp/datatables.net-bs4@~3.3.2": version "3.3.2" resolved "https://registry.yarnpkg.com/@abp/datatables.net-bs4/-/datatables.net-bs4-3.3.2.tgz#8f55957f2d9e1558ebef2e42e2661573d7d76447" integrity sha512-oERUHVPldaVL5z4CJX6cFkSBoa5IQUEYyyxGiV8zJ/mzZ7uiV2+hMrSP90R9J4625op9rU2+OJpDoZaj6wsULQ== dependencies: "@abp/datatables.net" "~3.3.2" datatables.net-bs4 "^1.10.21"
"@abp/datatables.net@~3.3.2": version "3.3.2" resolved "https://registry.yarnpkg.com/@abp/datatables.net/-/datatables.net-3.3.2.tgz#7a396dd06f4c7cddae534a59f9b21036b26d234a" integrity sha512-huB1A8aXDpS1CdE4t2NukZxTZnOuGy+8nRGlKVI3kMDD4tRveX5ITfgPEAY/CckcbSwjFP2zqbmFZiuqim7FaQ== dependencies: "@abp/jquery" "~3.3.2" datatables.net "^1.10.21"
Thanks & Appreciate your response ASAP.