Merge pull request #15849 from abpframework/auto-merge/rel-7-1/1767

Merge branch dev with rel-7.1

framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy/AbpAspNetCoreMultiTenancyOptions.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Globalization;
 using System.Net;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
@@ -42,8 +43,8 @@ public class AbpAspNetCoreMultiTenancyOptions
             var message = exception.Message;
             var details = exception is BusinessException businessException ? businessException.Details : string.Empty;
 
-            await context.Response.WriteAsync($"<html lang=\"{CultureInfo.CurrentCulture.Name}\"><body>\r\n");
-            await context.Response.WriteAsync($"<h3>{message}</h3>{details}<br>\r\n");
+            await context.Response.WriteAsync($"<html lang=\"{HtmlEncoder.Default.Encode(CultureInfo.CurrentCulture.Name)}\"><body>\r\n");
+            await context.Response.WriteAsync($"<h3>{HtmlEncoder.Default.Encode(message)}</h3>{HtmlEncoder.Default.Encode(details)}<br>\r\n");
             await context.Response.WriteAsync("</body></html>\r\n");
 
             // Note the 500 spaces are to work around an IE 'feature'

framework/test/Volo.Abp.AspNetCore.MultiTenancy.Tests/Volo/Abp/AspNetCore/MultiTenancy/AspNetCoreMultiTenancy_MultiTenancyMiddlewareErrorPageBuilder_Tests.cs

@@ -0,0 +1,26 @@
+using System.Collections.Generic;
+using System.Net;
+using System.Threading.Tasks;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using Shouldly;
+using Xunit;
+
+namespace Volo.Abp.AspNetCore.MultiTenancy;
+
+public class AspNetCoreMultiTenancy_MultiTenancyMiddlewareErrorPageBuilder_Tests : AspNetCoreMultiTenancyTestBase
+{
+    private readonly AbpAspNetCoreMultiTenancyOptions _options;
+
+    public AspNetCoreMultiTenancy_MultiTenancyMiddlewareErrorPageBuilder_Tests()
+    {
+        _options = ServiceProvider.GetRequiredService<IOptions<AbpAspNetCoreMultiTenancyOptions>>().Value;
+    }
+
+    [Fact]
+    public async Task MultiTenancyMiddlewareErrorPageBuilder()
+    {
+        var result = await GetResponseAsStringAsync($"http://abp.io?{_options.TenantKey}=<script>alert(hi)</script>", HttpStatusCode.NotFound);
+        result.ShouldNotContain("<script>alert(hi)</script>");
+    }
+}

npm/ng-packs/package.json

@@ -38,7 +38,8 @@
     "debug:schematics-dist": "./node_modules/.bin/ng g ./dist/packages/schematics/collection.json:proxy-add --module __default --apiName __default --source __default --target __default --url http://localhost:4300 --service-type application",
     "ci": "yarn affected:lint && yarn affected:build && yarn affected:test",
     "lerna": "lerna",
-    "migrate-nx": "yarn nx migrate --run-migrations"
+    "migrate-nx": "yarn nx migrate --run-migrations",
+    "copy-to:app": "cd scripts && yarn && yarn copy-to-templates -t app"
   },
   "private": true,
   "devDependencies": {

npm/ng-packs/packages/core/src/lib/abstracts/auth-response.model.ts

@@ -0,0 +1,10 @@
+export interface AbpAuthResponse {
+  access_token: string;
+  id_token: string;
+  token_type: string;
+  expires_in: number;
+  refresh_token: string;
+  scope: string;
+  state?: string;
+  tenant_domain?: string;
+}

npm/ng-packs/packages/core/src/lib/abstracts/auth.service.ts

@@ -1,7 +1,9 @@
+import { HttpHeaders } from '@angular/common/http';
 import { Injectable } from '@angular/core';
 import { Params } from '@angular/router';
 import { Observable, of } from 'rxjs';
 import { LoginParams } from '../models/auth';
+import { AbpAuthResponse } from './auth-response.model';
 
 /**
  * Abstract service for Authentication.
@@ -10,8 +12,6 @@ import { LoginParams } from '../models/auth';
   providedIn: 'root',
 })
 export class AuthService implements IAuthService {
-  constructor() {}
-
   private warningMessage() {
     console.error('You should add @abp/ng-oauth packages or create your own auth packages.');
   }
@@ -42,6 +42,15 @@ export class AuthService implements IAuthService {
     this.warningMessage();
     return false;
   }
+
+  loginUsingGrant(
+    grantType: string,
+    parameters: object,
+    headers?: HttpHeaders,
+  ): Promise<AbpAuthResponse> {
+    console.log({ grantType, parameters, headers });
+    return Promise.reject(new Error('not implemented'));
+  }
 }
 
 export interface IAuthService {
@@ -56,4 +65,10 @@ export interface IAuthService {
   navigateToLogin(queryParams?: Params): void;
 
   login(params: LoginParams): Observable<any>;
+
+  loginUsingGrant(
+    grantType: string,
+    parameters: object,
+    headers?: HttpHeaders,
+  ): Promise<AbpAuthResponse>;
 }

npm/ng-packs/packages/core/src/lib/abstracts/index.ts

@@ -1,3 +1,4 @@
 export * from './ng-model.component';
 export * from './auth.guard';
 export * from './auth.service';
+export * from './auth-response.model';

npm/ng-packs/packages/oauth/src/lib/services/oauth.service.ts

@@ -2,23 +2,27 @@ import { Injectable, Injector } from '@angular/core';
 import { Params } from '@angular/router';
 import { from, Observable, lastValueFrom } from 'rxjs';
 import { filter, map, switchMap, take, tap } from 'rxjs/operators';
-import { IAuthService, LoginParams } from '@abp/ng.core';
+import { AbpAuthResponse, IAuthService, LoginParams } from '@abp/ng.core';
 import { AuthFlowStrategy } from '../strategies';
 import { EnvironmentService } from '@abp/ng.core';
 import { AUTH_FLOW_STRATEGY } from '../tokens/auth-flow-strategy';
-import { AuthConfig, OAuthService } from "angular-oauth2-oidc";
+import { OAuthService } from 'angular-oauth2-oidc';
+import { HttpHeaders } from '@angular/common/http';
 
 @Injectable({
   providedIn: 'root',
 })
 export class AbpOAuthService implements IAuthService {
   private strategy!: AuthFlowStrategy;
+  private readonly oAuthService: OAuthService;
 
   get isInternalAuth() {
     return this.strategy.isInternalAuth;
   }
 
-  constructor(protected injector: Injector, private oAuthService: OAuthService) {}
+  constructor(protected injector: Injector) {
+    this.oAuthService = this.injector.get(OAuthService);
+  }
 
   async init() {
     const environmentService = this.injector.get(EnvironmentService);
@@ -54,4 +58,25 @@ export class AbpOAuthService implements IAuthService {
   get isAuthenticated(): boolean {
     return this.oAuthService.hasValidAccessToken();
   }
+
+  loginUsingGrant(
+    grantType: string,
+    parameters: object,
+    headers?: HttpHeaders,
+  ): Promise<AbpAuthResponse> {
+    const { clientId: client_id, dummyClientSecret: client_secret } = this.oAuthService;
+    const access_token = this.oAuthService.getAccessToken();
+    const p = {
+      access_token,
+      grant_type: grantType,
+      client_id,
+      ...parameters,
+    };
+
+    if (client_secret) {
+      p['client_secret'] = client_secret;
+    }
+
+    return this.oAuthService.fetchTokenUsingGrant(grantType, p, headers);
+  }
 }

npm/ng-packs/scripts/copy-packages-to-templates.ts

@@ -1,7 +1,7 @@
-import execa from 'execa';
-import fse from 'fs-extra';
-import fs from 'fs';
-import program from 'commander';
+import execa from "execa";
+import fse from "fs-extra";
+import fs from "fs";
+import program from "commander";
 
 const defaultTemplates = ['app', 'app-nolayers', 'module'];
 const defaultTemplatePath = '../../../templates';
@@ -17,21 +17,32 @@ const packageMap = {
   'tenant-management': 'ng.tenant-management',
   'theme-basic': 'ng.theme.basic',
   'theme-shared': 'ng.theme.shared',
-  'schematics':'ng.schematics',
-   oauth:'ng.oauth'
+  schematics: 'ng.schematics',
+  oauth: 'ng.oauth',
 };
 program.option('-t, --templates  <templates>', 'template dirs', false);
 program.option('-p, --template-path <templatePath>', 'root template path', false);
+program.option(
+  '-e, --use-existing-build <useExistingBuild>',
+  "don't build packages if dist folder exists",
+  false,
+);
+program.option('-i, --noInstall', 'skip package installation', false);
+program.option('-a, --absolute-dir <absoluteDir>', 'Absolute angular directory', false);
 program.parse(process.argv);
 const templates = program.templates ? program.templates.split(',') : defaultTemplates;
 const templateRootPath = program.templatePath ? program.templatePath : defaultTemplatePath;
 (async () => {
-  await execa('yarn', ['build:all'], {
-    stdout: 'inherit',
-    cwd:'../'
-  });
+  if (!program.useExistingBuild) {
+    await execa('yarn', ['build:all'], {
+      stdout: 'inherit',
+      cwd: '../',
+    });
+  }
 
-  await installPackages();
+  if (!program.noInstall) {
+    await installPackages();
+  }
 
   await removeAbpPackages();
 
@@ -41,11 +52,17 @@ const templateRootPath = program.templatePath ? program.templatePath : defaultTe
 async function runEachTemplate(
   handler: (template: string, templatePath?: string) => void | Promise<any>,
 ) {
-  for (var template of templates) {
-    const templatePath = `${templateRootPath}/${template}/angular`;
-    const result = handler(template, templatePath);
+  if (program.absoluteDir) {
+    const result = handler('', program.absoluteDir);
     result instanceof Promise ? await result : result;
+  } else {
+    for (var template of templates) {
+      const templatePath = `${templateRootPath}/${template}/angular`;
+      const result = handler(template, templatePath);
+      result instanceof Promise ? await result : result;
+    }
   }
+
 }
 
 async function installPackages() {