tsai/abp - abp - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
maliming	b344bcc334	Address Copilot review feedback	2 weeks ago
maliming	5bb367e520	Address Copilot review feedback	2 weeks ago
maliming	d85d7101ed	Address Copilot review feedback	2 weeks ago
maliming	77bc52ed28	Address Copilot review feedback	2 weeks ago
maliming	ecb23b626d	Add unit tests for shared user covering shared and separate database	2 weeks ago
maliming	e9ddf3a6d3	address copilot review: drop unused using; make GetTokenName protected	2 weeks ago
maliming	14027a9075	address copilot review: treat expiration boundary as inclusive	2 weeks ago
maliming	b00a142f0e	test(identity): rename persistence test to match encrypted storage	2 weeks ago
maliming	517fccc2dd	refactor: simplify error handling in AbpTwoFactorTokenProvider	2 weeks ago
maliming	b6584cdc3b	address copilot review: narrow catch to ConcurrencyFailure; doc CodeLength range	2 weeks ago
maliming	367057f5d5	feat(identity): add single-use Email/Phone 2FA token providers Replaces the TOTP-based Email/Phone 2FA providers under TokenOptions.DefaultEmailProvider / DefaultPhoneProvider with DataProtector-backed single-use equivalents. - Encrypt the 6-digit code via IDataProtector (purpose chain isolated per provider + token purpose), store ciphertext + absolute UTC expiration (unix seconds) in the user token table - Remove the stored entry on successful validation (true single-use) - Concurrency race (ConcurrencyStamp failure) returns false instead of 500 - Configurable TokenLifespan (default 3 minutes) via Options AbpSingleActiveTokenProvider.GenerateAsync now checks the IdentityResult from UserManager.UpdateAsync so a silent persistence failure no longer returns a token that was not saved. Related to #25314.	2 weeks ago
maliming	212811d97b	Add update and host-tenant uniqueness tests for AbpIdentityUserValidator	2 weeks ago
maliming	a613e8899c	Reuse two-factor cookie helper in shared test	2 weeks ago
Ma Liming	41a0b1236f	Update modules/identity/test/Volo.Abp.Identity.AspNetCore.Tests/Volo/Abp/Identity/AspNetCore/GetTwoFactorAuthenticationUser_Tests.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2 weeks ago
Ma Liming	1b2906fdec	Update modules/identity/test/Volo.Abp.Identity.AspNetCore.Tests/Volo/Abp/Identity/AspNetCore/Shared_SignIn_Tests.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2 weeks ago
Ma Liming	5c883f373d	Update modules/identity/test/Volo.Abp.Identity.AspNetCore.Tests/Volo/Abp/Identity/AspNetCore/Isolated_TwoFactor_Tests.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2 weeks ago
maliming	8b48eb7f98	Add shared-user 2FA integration tests	2 weeks ago
maliming	ca9c2723f0	Apply tenant identity options before base password sign-in Switching CurrentTenant to user.TenantId in PasswordSignInAsync without refreshing IdentityOptions meant that lockout, password policy and other tenant-scoped options used host values during the base sign-in call. Call IdentityOptions.SetAsync inside the tenant switch so downstream checks use the user's tenant configuration.	2 weeks ago
maliming	8ea6b9f025	Make 2FA flows tenant-aware and enforce pre-checks	2 weeks ago
maliming	db07204b7a	Make UserManager.FindByIdAsync shared-aware by default - Override IdentityUserManager.FindByIdAsync to fall back to a cross-tenant lookup in shared user sharing strategy so any caller that hits FindByIdAsync from a non-matching tenant context (including base SignInManager internals for TwoFactorSignInAsync and TwoFactorRecoveryCodeSignInAsync) can still resolve a tenant user by id - Drop the now-redundant AbpSignInManager.GetTwoFactorAuthenticationUserAsync override; the base implementation works automatically through the new FindByIdAsync behavior - Cover the new FindByIdAsync behavior with unit tests	2 weeks ago
maliming	7fd2d44dd7	Add contract test covering login-then-two-factor lookup chain Guards against regressing the data-access contract behind the 2FA redirect bug: login must find a tenant user by user name from a host context, and the 2FA mid-flow must then resolve the same tenant user by id from the same host context.	2 weeks ago
maliming	cb5c17b124	Add integration test for GetTwoFactorAuthenticationUserAsync in shared mode Exercises the full cookie round-trip: writes a TwoFactorUserId cookie carrying a tenant user id, then verifies that AbpSignInManager.GetTwoFactorAuthenticationUserAsync returns the tenant user when CurrentTenant is null.	2 weeks ago
maliming	fa9e4f13cf	Support shared mode lookup by id for two-factor authentication user - Add IdentityUserManager.FindSharedUserByIdAsync to resolve a user by id across tenants in shared user sharing strategy - Override AbpSignInManager.GetTwoFactorAuthenticationUserAsync to use it so the 2FA mid-flow can still find a tenant-scoped user when CurrentTenant is host - Cover the new method with unit tests	2 weeks ago
maliming	7bf7efd64b	Add AbpUiResource as base for AbpFeatureManagementResource in Web module	3 weeks ago
maliming	c43237403c	Add batch feature checking support with RequireFeaturesSimpleBatchStateChecker	3 weeks ago
voloagent	27a5583fa0	Update_NPM_Packages	3 weeks ago
voloagent	1bd111d307	Update_NPM_Packages	3 weeks ago
maliming	42dff100fb	Use fail instead of always to avoid clearing busy state too early	3 weeks ago
maliming	194b967aa4	Replace ajaxSubmit with abp.ajax in CmsKit Pages and BlogPosts	3 weeks ago
maliming	7ddd7556da	fix: correct namespace reference for BlazorStandardBundles in MudBlazorBasicThemeModule	4 weeks ago
maliming	c3b461aa7c	feat: update MudBlazor bundling and enhance email settings UI components	4 weeks ago
maliming	d5149b2088	Refactor permission cache key extraction methods for improved clarity and performance	4 weeks ago
maliming	67ebd58f22	Improve performance for application-configuration with large number of permissions - Replace FormattedStringValueExtracter.Extract with LastIndexOf in PermissionGrantCacheItem and ResourcePermissionGrantCacheItem to eliminate repeated string tokenization and object allocations on every cache key parse (~12,000 calls per request with 4000+ permissions) - Add fast-path in SimpleStateCheckerManager.InternalIsEnabledAsync to skip DI scope creation when both StateCheckers and GlobalStateCheckers are empty, avoiding thousands of unnecessary scope allocations - Optimize PermissionChecker.IsGrantedAsync(string[]) and ResourcePermissionChecker.IsGrantedAsync(string[], resourceName, resourceKey) to load all permission definitions once via GetPermissionsAsync / GetResourcePermissionsAsync instead of N individual GetOrNullAsync calls, and use batch StateCheckerManager.IsEnabledAsync for state checking - Optimize AbpApplicationConfigurationAppService.GetAuthConfigAsync to pre-load all permission names into a HashSet for O(1) lookup instead of N async GetOrNullAsync calls inside the loop - Fix GetResourcePermissionsAsync to deduplicate by (ResourceName, Name) instead of Name only, matching the actual uniqueness constraint of resource permissions defined in PermissionDefinitionContext Production impact (customer with 4000+ permissions): 10s+ -> ~682ms	4 weeks ago
voloagent	a61e76c456	Update_NPM_Packages	4 weeks ago
maliming	e0d7c81d21	feat: implement culture-aware login redirection and update login URL handling	4 weeks ago
maliming	59f102d1c6	feat: add Culture parameter to multiple management pages for localization support	4 weeks ago
maliming	41bc2821fe	feat: add culture-specific routing for account, authentication, role, user, setting, and tenant management pages	4 weeks ago
maliming	e686ed3300	fix: update feature style margin property for improved layout consistency	4 weeks ago
maliming	27f644dabd	feat: standardize dialog options across various components for consistency	4 weeks ago
maliming	6b16452b72	fix: update MudCheckBox color to primary for better visibility across various components	4 weeks ago
Ahmet Çelik	f6f1996b8c	Require delete permission for blog posts Remove the ownership-based fallback that allowed post creators to delete their own posts in Detail.cshtml. Deletion now strictly requires BloggingPermissions.Posts.Delete, centralizing authorization on explicit permissions to enforce consistent access control.	1 month ago
maliming	e6c8ac64f3	fix: update MudMenu components in LanguageSwitch and LoginDisplay for improved UI consistency and interaction	1 month ago
maliming	15e99a0adf	Refactor Index.razor pages to use MudBlazor components for improved UI consistency and responsiveness; updated links and content for better user engagement.	1 month ago
maliming	c98a08bd13	feat: Implement route-based culture handling with new helpers and tests	1 month ago
maliming	6895d24d5a	feat: Enhance URL-based culture handling with new interfaces and async methods	1 month ago
maliming	420c860b08	feat: Implement URL-based culture handling in Blazor and MVC requests	1 month ago
voloagent	a81f360ae4	Update_NPM_Packages	1 month ago
maliming	555959657a	feat: Implement route-based culture navigation helper for improved localization handling	1 month ago
voloagent	91e99c9a63	Update_NPM_Packages	1 month ago
maliming	815335152c	Use HttpPost for PermissionIntegrationController.IsGrantedAsync	1 month ago

1 2 3 4 5 ...

8685 Commits (8673c4320c5c330241be590550e5dce8f87ff540)