Activities of "DanielAndreasen"
Hello!
I have noticed that logs of user logouts in the abpscuritylogs table sometimes doesn't register which user actually logged out. I would like to use this information of which user logged out of the system, so its important that the value is never null.
Project is using abp 3.1.0
Hello @alper,
In the example I included in my previous post, it was neither of the 2 scenarios you described that resulted in "userid" and "UserName" getting a Null value in my database table. The issue seems to occur randomly in a session where I repeatedly login/logout (for the purpose of testing).
I also find it it problematic that a UserId might not be logged if the user accidently presses the logout button twice. Is this intentional?
I have been following the guide on how to customize the app modules with the intention of extending module entities with new properties and exposing these with a modified service/controller.
AppUser.cs I have extended IdentityUser from a module through AppUser.cs (which was already created in the startup template) with the following properties:
Added columns in AbpUsers (MySql table) I then mapped these new properties to the same database table as IdentityUser by updating DbContext.OnModelCreating and EfCoreEntityExtensionMappings and created a database-migration:
Exposing new properties with CRUD operations I now wish to expose these new properties with CRUD operations in the API but I don't think the guide on overriding services covers this subject.
I understand that I can override the virtual methods defined in application services, controllers and interfaces that originates from the module where the IdentityUser type exists, however I find that the return value of these methods will always be of this type (either IdentityUser or IdentityUserDTO). In other words, the returned object doesn't have the custom properties i defined.
For example: Overriding the GetAsync() method from the IdentityUserAppService will always map from a IdentityUser object because that is the type Usermanager.GetByIdAsync() returns. Custom properties defined in the new UserDto class will never get mapped to because they don't exist in IndentityUser. UserDto has the same custom properties as the AppUser class mentioned above.
Calling ".../api/identity/users/" will return the following:
Summary
To summarize, I wish to achieve the following:
- Query Users from the database and receive an object like UserDto with the custom properties
- Update values of custom properties in AppUser
- Use the value of custom properties in AppUser with the properties originating from IdentityUser in business logic
How do I override methods from applications services and controllers in a way that enables me to meet the requirements I listed above?
- ABP Framework version: v3.1.0
- UI type: Angular
- Tiered (MVC) or Identity Server Seperated (Angular): No
Sometimes when a user logs out of the system the UserId and Username will not be logged in the abpscuritylogs table.
Example:
It has previously been noted that the issue will occur in the following scenarios:
- the user might click the logout twice (browser sends both actions and the second one will be without UserId)
- or the user clicks the Logout link from a bookmark or copy-paste the logout URL to the browser.
However has also occured randomly for me outside of these scenarios in a session where I repeatedly login/logout (for the purpose of testing). I also find it it problematic that a UserId might not be logged if the user accidently presses the logout button twice.
Using the ObjectExtensionManager in [ProjectName]ModuleExtensionConfigurator (in Domain.Shared) I have added the following:
However when I attempt to call the GetAsync method with a http client, I get an exception stating that IdentityUserDto can't be mapped to UserDto:
For reference, take a look at the App Service and UserDto class:
IdentityUser App service override
IdentityUser Dto override
Exposed Plaintext passwords in GUI and Database
Setting a new password from the web GUI (in Administration --> Identity management --> Users) will log the password in plain text.
After setting the new password for a user, I am able to see it in the details of an audit log:
This log will of course also be present in the corresponding database table:
I consider this a critical security flaw - user passwords should never be stored as plaintext even if it is just in a log.
<br>
ABP Framework version: v3.1.0 UI type: Angular Tiered (MVC) or Identity Server Seperated (Angular): No
When adding a new sub unit to a organization tree, an error will occur that prevents the action from succeeding:
Adding a new root unit to the organization tree will solve the issue momentarily until a user has re-entered the "Organization unit" page.
ABP Framework version: v3.1.0 UI type: Angular Browser: Chrome Tiered (MVC) or Identity Server Seperated (Angular): No
Thank you, that solves this part of my issue. I do find it a little odd though that the extended properties will be serialized into children of "ExtraProperties". That would suggest that these properties are stored as json in the database even though that is not the case.
Additionally, with my extended entity of Organization unit, which is related to the IdentityUser entity class, I also have a few navigation properties like below:
These navigation properties should be handled in a corresponding EF core repository class which of course already exist (EfCoreOrganizationUnitRepository) in the identity module. What is the procedure for overriding a repository class from the identity module and then using it in an overridden app service? I don't think the documentation covers this.
EvemtTypes- OrganizationUnitEventTypesLink
The properties (Geofences, Users, MonitoredObjects and EventTypes) I mentioned in my previous reply is part of my extension of the enitity OrganizationUnit which originates from the abp Identity Module, and act as navigation properties.
Repository extension - EfCoreOrganizationUnitRepository I wish to extend the EfCoreOrganizationUnitRepository that originates from the abp Identity Module and keep all of the methods implemented in the module but also extend the repository with some of my own like shown below (GetCustomersAsync and GetEventTypesAsync):
I expected that I could simply inherit from the module repository, inject my project's dbcontext and then use this in my own methods to get all EventTypes related to the specific OrganizationUnit for example.
AppService extension - OrganizationUnitAppService
However when I attempt to make use of this repository I am not able to call any of the methods I defined because they are not defined in the IOrganizationUnitRepository from the Identity Module.
I would like to know how to extend the existing OrganizationUnitRepository in a way that makes it possible to use it in a AppService with the methods it already defines and those I have defined myself.
I have implemented the following based on the solution you suggested:
public interface IAppOrganizationUnitRepository : IOrganizationUnitRepository
{
public Task<List<MonitoredObject>> GetMonitoredObjectsAsync(Guid organizationUnitId, CancellationToken cancellationToken = default);
}
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(EfCoreOrganizationUnitRepository), typeof(IAppOrganizationUnitRepository))]
public class EfCoreAppOrganizationUnitRepository : EfCoreOrganizationUnitRepository, IAppOrganizationUnitRepository
{
private readonly IDbContextProvider<StellaDbContext> _stellaDBContext;
public EfCoreAppOrganizationUnitRepository(IDbContextProvider<IIdentityDbContext> dbContextProvider, IDbContextProvider<StellaDbContext> stellaDbContext)
: base(dbContextProvider)
{
_stellaDBContext = stellaDbContext;
}
public async Task<List<MonitoredObject>> GetMonitoredObjectsAsync(
Guid organizationUnitId, CancellationToken cancellationToken = default)
{
var query = from organizationUnitMonitoredObjectLink in _stellaDBContext.GetDbContext().OrganizationUnitMonitoredObjectLinks
join monitoredObject in _stellaDBContext.GetDbContext().MonitoredObjects on organizationUnitMonitoredObjectLink.MonitoredObjectId equals monitoredObject.Id
where organizationUnitMonitoredObjectLink.MonitoredObjectId == organizationUnitId
select monitoredObject;
return await query.ToListAsync(GetCancellationToken(cancellationToken));
}
}
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(OrganizationUnitManager),typeof(IAppOrganizationUnitAppService))]
public class OrganizationUnitsAppService : OrganizationUnitAppService, IAppOrganizationUnitAppService
{
public OrganizationUnitsAppService(OrganizationUnitManager organizationUnitManager,
IdentityUserManager userManager,
IOrganizationUnitRepository organizationUnitRepository,
IIdentityUserRepository identityUserRepository,
IIdentityRoleRepository identityRoleRepository)
: base(organizationUnitManager, userManager, organizationUnitRepository, identityUserRepository, identityRoleRepository)
{
}
public async Task<List<MonitoredObjectDto>> GetMonitoredObjectsAsync(Guid id)
{
var monitoredObjects = await ((IAppOrganizationUnitRepository)OrganizationUnitRepository).GetMonitoredObjectsAsync(id);
return ObjectMapper.Map<List<MonitoredObject>,List<MonitoredObjectDto>>(monitoredObjects);
}
}
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(OrganizationUnitController),typeof(IAppOrganizationUnitAppService))]
public class AppOrganizationUnitController : OrganizationUnitController, IAppOrganizationUnitAppService
{
public AppOrganizationUnitController(IOrganizationUnitAppService organizationUnitAppService)
: base(organizationUnitAppService)
{
}
[HttpGet]
[Route("{id}/monitoredObjects")]
public Task<List<MonitoredObjectDto>> GetMonitoredObjectsAsync(Guid id)
{
return ((IAppOrganizationUnitAppService)OrganizationUnitAppService).GetMonitoredObjectsAsync(id);
}
}
However when I attempt to start the HttpApi.Host project I now get the following exception:
