Activities of "LW"

Hi, we have used and trusted Abp Framework for several years now. You provide an awesome framework which makes our lives so much easier. Thank you for this! However our trust is lost on the abp nuget server to function at all times. This is a critical service for us who deploy multiple times a day to production. If the nuget server is down, our production pipeline will halt. We need a way to mitigate this problem! My hope, as I have previously proposed, would be to be able to download all the nuget packages programmatically from the server. I first asked about this in here: https://support.abp.io/QA/Questions/5549/A-way-to-list-all-nuget-packages-from-Abp-nuget-server. I provided this solution because we use Azure Artifacts, which does not support custom nuget feeds. This way we could download the packages and push them to an Azure Artifacts feed separately.

• ABP Framework version: v7.3.2
• UI Type: Angular
• Database System: EF Core (SQL Server)
• Tiered (for MVC) or Auth Server Separated (for Angular): Separated

One of our tenant wants to have roles with a different language. We tried to do this by changing the role names in that tenant's database, leaving the normalised name intact. We need to leave the normalised name intact so we can still seed role permissions normally. This did not work, however, because permission grants reference the role table with the role name, not the normalised name or id. Why is that, and can this be changed, in order to support the role name localisation?

Is there a way to list and download all the nuget packages from the nuget server (https://nuget.abp.io/ID/v3/index.json) programmatically? I would like the cache the packages since there has been incidents where some of the package sources has been down.

• ABP Framework version: v7.1.0
• UI type: Angula
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

Hey, we have a pretty urgent issue where we cannot login into our host side in one of our production environments after Abp 7 update. For some reason the login page now shows this for host side login. Tenant side logins work normally

Can you give us pointers on what affects this. I know there is a Abp.Account.EnableLocalLogin -setting that for some reason was in False for our host, but I think that value has not changed in the Abp 7 update. I switched to True in database and tried to refresh the cache but that did not fix the issue.

• ABP Framework version: v7.0.2
• UI type: Angular /
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes / no

We have a big problem with our backend unit tests after we migrated from the 5.3.1 version to the most current (7.0.2) version. Now some of the tests are hanging in execution indefinitely when running large batches of tests at once. The same thing happens whether we run the tests from VS or through the "dotnet test" via cmd. From my investigation, this might be due to using synchronization with async-methods.https://github.com/abpframework/abp/issues/2075#issuecomment-561582158. One obvious place where this is done is the common data seeding in the test base.

private static void SeedTestData(ApplicationInitializationContext context)
{
    if (context == null)
    {
    throw new ArgumentNullException(nameof(context));
    }

    AsyncHelper.RunSync(async () =>
    {
    using (var scope = context.ServiceProvider.CreateScope())
    {
    	await scope.ServiceProvider
    		.GetRequiredService<IDataSeeder>()
    		.SeedAsync();
    }
    });
}

For validation, I created a structure that does the seeding through IAsyncLifetime initialization so the seeding is done properly through the asynchronous call stack. That seemed to mitigate the problem alot but there were still some tests that were left hanging. After that, I disabled the parallel test execution. With these changes, I can get larger batches of tests to finish execution. Forcing non-parallel execution is not ideal, however. Have you seen this problem occur previously? And what can be done to fix the issue? I checked that, we don't use synchronous calls for async methods in our own code.

• ABP Framework version: v5.1.4
• UI type: Angular / MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

When we deploy identity server to azure app service the login page logs an exception about missing assets:

• Exception message and stack trace: 404 Not Found on GET /Themes/Lepton/Global/assets/fonts/OpenSans-Bold.ttf for example.

I cannot find any information on how to include those assets to identity server deployment package. Gulpfile-scripts does not seem to copy anything to identity server side. So is there a desingned way to make sure the assets are copied to the Identity Server deployment package.

• ABP Framework version: v5.1.4
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes / no We would like to enable our customers to create and edit users by themselves inside a tenant. However, we have an admin role and user per every tenant that is and needs to remain in our control. We have come to a situation where we cannot give our clients the permissions to edit or create users since they could either set users as admin or remove the admin role from our admin user. Is there a way to disable the editing of a specific user and disable permissions to add or remove a specific role to a user?

• ABP Framework version: v5.1.3
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes
• Exception message and stack trace: core.mjs:6461 ERROR NullInjectorError: R3InjectorError(ConsumptionForecastModule)[ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective]: NullInjectorError: No provider for ValidationGroupDirective! at NullInjector.get (core.mjs:11095:1) at R3Injector.get (core.mjs:11262:1) at R3Injector.get (core.mjs:11262:1) at R3Injector.get (core.mjs:11262:1) at NgModuleRef.get (core.mjs:21807:1) at R3Injector.get (core.mjs:11262:1) at NgModuleRef.get (core.mjs:21807:1) at R3Injector.get (core.mjs:11262:1) at NgModuleRef.get (core.mjs:21807:1) at Object.get (core.mjs:21484:1) defaultErrorLogger @ core.mjs:6461 handleError @ core.mjs:6508 (anonymous) @ core.mjs:26428 invoke @ zone.js:372 run @ zone.js:134 runOutsideAngular @ core.mjs:25356 tick @ core.mjs:26428 (anonymous) @ core.mjs:26273 invoke @ zone.js:372 onInvoke @ core.mjs:25457 invoke @ zone.js:371 run @ zone.js:134 run @ core.mjs:25311 next @ core.mjs:26272 __tryOrUnsub @ Subscriber.js:183 next @ Subscriber.js:122 _next @ Subscriber.js:72 next @ Subscriber.js:49 next @ Subject.js:39 emit @ core.mjs:22402 checkStable @ core.mjs:25379 onLeave @ core.mjs:25507 onInvokeTask @ core.mjs:25451 invokeTask @ zone.js:405 runTask @ zone.js:178 invokeTask @ zone.js:487 invokeTask @ zone.js:1648 globalCallback @ zone.js:1679 globalZoneAwareCallback @ zone.js:1712

We have an issue with NgxValidateCoreModule that emerges after it is imported to a module that has a component in which we have the following: The component is a view that has KendoTreeList in which we use kendoTreeListCellTemplate to be able to render our own custom FormControl of choice to its table cells. Kendo rows/cells have “edit mode” which means Kendo renders the form control with the form group when an editable cell or whole row is clicked. There is kendoTreeListEditTemplate for the edit mode content, but in our case, we have a custom form control that has two functionalities in one so we need to use kendoTreeListCellTemplate. This means that the content (form control) is there 100% of the time, not only in the cell’s edit mode like things are with kendo’s own editable cells. The edit mode means that when the user clicks a cell in the tree list table, it transforms to a form control with a form group. So, with the cell template with our custom form control being rendered there straight away when initing the KendoTreeList and it’s there without any surrounding form group. The control is given to it in the template definition via [formControl] directive from the the collection of form groups that represent the tree list table rows (e.g. this.formGroups[rowIndex].controls[col.field]). When we import the NgxValidateCoreModule, the following error is given <customCellTemplateWithOurFormControlCount> times:

core.mjs:6461 ERROR NullInjectorError: R3InjectorError(ConsumptionForecastModule)[ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective -> ValidationGroupDirective]:
  NullInjectorError: No provider for ValidationGroupDirective!
    at NullInjector.get (core.mjs:11095:1)
    at R3Injector.get (core.mjs:11262:1)
    at R3Injector.get (core.mjs:11262:1)
    at R3Injector.get (core.mjs:11262:1)
    at NgModuleRef.get (core.mjs:21807:1)
    at R3Injector.get (core.mjs:11262:1)
    at NgModuleRef.get (core.mjs:21807:1)
    at R3Injector.get (core.mjs:11262:1)
    at NgModuleRef.get (core.mjs:21807:1)
    at Object.get (core.mjs:21484:1)
defaultErrorLogger @ core.mjs:6461
handleError @ core.mjs:6508
(anonymous) @ core.mjs:26428
invoke @ zone.js:372
run @ zone.js:134
runOutsideAngular @ core.mjs:25356
tick @ core.mjs:26428
(anonymous) @ core.mjs:26273
invoke @ zone.js:372
onInvoke @ core.mjs:25457
invoke @ zone.js:371
run @ zone.js:134
run @ core.mjs:25311
next @ core.mjs:26272
__tryOrUnsub @ Subscriber.js:183
next @ Subscriber.js:122
_next @ Subscriber.js:72
next @ Subscriber.js:49
next @ Subject.js:39
emit @ core.mjs:22402
checkStable @ core.mjs:25379
onLeave @ core.mjs:25507
onInvokeTask @ core.mjs:25451
invokeTask @ zone.js:405
runTask @ zone.js:178
invokeTask @ zone.js:487
invokeTask @ zone.js:1648
globalCallback @ zone.js:1679
globalZoneAwareCallback @ zone.js:1712

So the questions are:

1. Is this a bug that NgxValidate requires a form group wrapper for form controls or am I missing something? Isn’t it fully legit to have form controls without a surrounding form group to begin with?
2. If this is fully intended and avoidable, how to fix this issue for our use case and ignore the required formGroup?

• ABP Framework version: v5.1.2
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

How should the Redis cache be configured between different instances of the application? We have planned to use four deployment stages (UAT, QA, Canary Production and Production). Can we share the Redis cache server between some of the stages or will there be a problem of data mixing between the stages?

Actually, I have now tested this and at least the redirect URL configuration gets mixed up between the stages. Is there a way to define instance-specific key through configuration so the values won't mix up in the cache?

• ABP Framework version: 5.1.4
• UI type: Angular
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular): yes

Hello, we are deploying our project build on top of ABP to Azure. After the deployment, we found that some of the requests are blocked by the OWASP scanner in the Azure Application Gateway Firewall. The first block comes from the authentication call:

requestUri_s /connect/authorize?response_type=code\u0026client_id=OUR_APP_App\u0026state=UXB5Zmh6VWFST3BLVUZTbXVkdEt3dWpfdWF3dy56XzFFMDNyNURESlFRQnNi\u0026redirect_uri=https%3A%2F%2FOUR_APP-qa.lw.app\u0026scope=offline_access%20openid%20profile%20role%20email%20phone%20OUR_APP\u0026code_challenge=JG1J3rF5kFDd-kQNWu5Bi7ji-zOCKWuJ4b_zK0yADjA\u0026code_challenge_method=S256\u0026nonce=UXB5Zmh6VWFST3BLVUZTbXVkdEt3dWpfdWF3dy56XzFFMDNyNURESlFRQnNi\u0026culture=en\u0026ui-culture=en

Message Detects basic SQL authentication bypass attempts 3/3

ruleSetVersion_s 3.2

ruleGroup_s REQUEST-942-APPLICATION-ATTACK-SQLI

details_message_s Pattern match (?i:(?:["'](?:\\s*?(?:is\\s*?(?:[\\d.]+\\s*?\\W.*?[\"']|\d.+["']?\\w)|\\d\\s*?(?:--|#))|(?:\\W+[\\w+-]+\\s*?=\\s*?\\d\\W+|\\|?[\\w-]{3,}[^\\w\\s.,]+)[\"']|[\%\u0026\u003c\u003e^=]+\d\s*?(?:between|like|x?or|and|div|=))|(?i:n?and|x?x?or|div|like|between|not|\|\||\\u0026\\u0026)\s+[\s\w+]+(?:sounds\s+like\s*?["'`]|regexp\s*?\(|[=\d]+x)|in\s*?\(+\s*?select)) at REQUEST_COOKIES.

details_data_s Matched Data: "uuid":" found within REQUEST_COOKIES:twk_uuid_6272619db0d10b6f3e709056: %7B%22uuid%22%3A%221.DECWNFunxcnpgYWrV82YSGHozzios3WMXMuV6utignc1kwKN9BEe3TVjnjGCKBM2TCtxVLGqUFfGNaX8VCZSQkz0Wb2xdIjkmk7pyyl343KA437h7YKdoYt6PKa2VEcY8hVOatTY%22%2C%22version%22%3A3%2C%22domain%22%3A%22lw.app%22%2C%22ts%22%3A1653031469585%7D

details_file_s REQUEST-942-APPLICATION-ATTACK-SQLI.conf

If we disable that rule, we encounter a couple of similar blocks where the pattern matching founds illegal characters in the request cookies: requestUri_s /api/app/***

Message SQL Comment Sequence Detected.

ruleSetVersion_s 3.2

ruleGroup_s REQUEST-942-APPLICATION-ATTACK-SQLI

details_message_s Pattern match (?:/\!?|\/|[';]--|--[\s\r\n\v\f]|--[^-]?-|[^\u0026-]#.?[\s\r\n\v\f]|;?\x00) at REQUEST_COOKIES.

details_data_s Matched Data: --F5xL1NDlpZthOfOfsLDkvkV1sMEefcR9Pd3u7i6Ap_m8rZALmz3YaT5tiyGccQvL1jexkpbFic8v_TNqzyp9Ke- found within REQUEST_COOKIES:XSRF-TOKEN: CfDJ8G_9tIpyArtNlo7jZliI7olinWNezAaJOZPmYgGvad_rNtd1Ia9uNi0eqRUNAs7--F5xL1NDlpZthOfOfsLDkvkV1sMEefcR9Pd3u7i6Ap_m8rZALmz3YaT5tiyGccQvL1jexkpbFic8v_TNqzyp9Ke-p2fz-iSA0WigEIeo13N67-TJ3LYX3rphCGyhx_zKSQ

details_file_s REQUEST-942-APPLICATION-ATTACK-SQLI.conf

I know this is only partially or not directly an ABP issue, but I'm looking for information if we can affect the token characters in some way in ABP. I suppose we cannot change the uuid- existence in the authorize call?