Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserId/UserName not present in some AbpSecurityLogs #5120

Closed
olicooper opened this issue Aug 19, 2020 · 4 comments · Fixed by #5121 or #5127
Closed

UserId/UserName not present in some AbpSecurityLogs #5120

olicooper opened this issue Aug 19, 2020 · 4 comments · Fixed by #5121 or #5127
Assignees
@maliming
Milestone
3.1

Comments

@olicooper
Copy link
Contributor

I think this record was a host admin logging in (through the angular client) so I don't expect the tenant information to be present. But I expected to at least see the UserId/UserName filled in? Is this a bug or intentional?

image

We're on ABP v3.1.0-preview20200813
@maliming
Copy link
Member

  • Steps needed to reproduce the problem.

@olicooper
Copy link
Contributor Author

olicooper commented Aug 19, 2020
edited
Loading

Okay, I don't have much to go on but I will see what I can do. So do you think these fields should always be populated?

  1. All users have passwords, they are not external logins.
  2. They may have already had a valid access_token and not actually 'logged in' as such?
  3. Using the password flow to submit login, with Angular 10 and angular-oauth2-oidc v10

@maliming maliming self-assigned this Aug 19, 2020
@maliming maliming added this to the 3.1 milestone Aug 19, 2020
maliming added a commit that referenced this issue Aug 19, 2020
@maliming
Add UserName in SetSuccessResultAsync method.
3e05d01 
Resolve #5120
@maliming maliming mentioned this issue Aug 19, 2020
Merged
@olicooper
Copy link
Contributor Author

olicooper commented Aug 19, 2020
edited
Loading

It looks like the normal password flow causes this issue to occur for me. I simply logged in on the angular client.
I noticed your fix #5121 - could we also populate the UserName field for UserLoginFailureEvent too?
Is it also possible to populate the ClientId like with the Logout Actions?

It might also be possible to populate the UserId field for the LoginSucceeded event because the UserId is already fetched in the code:

abp/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AspNetIdentity/AbpResourceOwnerPasswordValidator.cs

Line 74 in 3e05d01

var sub = await UserManager.GetUserIdAsync(user);

@maliming
Copy link
Member

hi @olicooper

I will recheck this function today. : )

@maliming maliming reopened this Aug 20, 2020
maliming added a commit that referenced this issue Aug 20, 2020
@maliming
Add UserName & ClientId to the security log.
b35cead 
Resolve #5120
@maliming maliming mentioned this issue Aug 20, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maliming maliming

Labels
None yet
Projects
None yet
Milestone
3.1
2 participants
@maliming @olicooper