When the cookie security stamp is refreshed during a /connect/authorize
request, OpenIddictClaimsPrincipalContributor stamps the ambient request's
client_id onto the principal that is written back to the interactive
authentication cookie. From then on ICurrentClient.Id resolves to that client
for every later cookie-authenticated request, corrupting audit-log client
attribution.
The contributor cannot tell whether the principal it contributes to is destined
for a token (correct) or for the cookie being refreshed (wrong), so strip
client_id at the only point where the cookie is actually re-written: the
security-stamp OnRefreshingPrincipal callback. This never runs for token
issuance, so the token path is untouched, and chaining the removal after the
existing AbpSecurityStampValidatorCallback.UpdatePrincipal lets already-corrupted
cookies self-heal on their next refresh.
Adds Volo.Abp.OpenIddict.AspNetCore.Tests covering the removal and the callback
composition order.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add an ITimezoneProvider.ConvertUnspecifiedToUtc helper that computes the
UTC ticks and keeps boundary values unchanged instead of throwing, then use
it in the System.Text.Json and Newtonsoft converters and the MVC model
binder. Normalize the Volo.Docs commit date filters to UTC for consistency.
AbpDateTimeConverterBase.Normalize converts an Unspecified DateTime to UTC via
`new DateTimeOffset(value, offset).UtcDateTime` when the clock is UTC and a user
timezone is set. For values within the timezone offset distance of
DateTime.MinValue/MaxValue (most notably the DateTime.MinValue placeholder), this
throws ArgumentOutOfRangeException. The exception was swallowed and logged as
"Could not convert DateTime with unspecified Kind using timezone '...'." on every
serialization, flooding logs for positive-offset users (e.g. Asia/Shanghai +08:00).
Catch the boundary ArgumentOutOfRangeException explicitly, keep the value unchanged,
and log it at Debug level instead of Warning so it stays traceable without polluting
production logs. Other unexpected failures still log a warning.
Also make Volo.Docs GitHubDocumentSource return a Utc-kind placeholder
(DateTime.SpecifyKind(DateTime.MinValue, Utc)) and use Author.Date.UtcDateTime, so it
no longer emits Unspecified placeholders in the first place.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>