Activities of "codescientists"
https://github.com/aspnetboilerplate/module-zero-core-template/blob/master/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Core/Authentication/External/ExternalAuthManager.cs
From the Extensions menu in VS you can manage extensions and disable auto-updates.
Since it already auto-updated for me (as far as I know it can't be downgraded although surely there is a way in VS?), I was forced to upgrade our AspNetZero to 10.2 since I was in the middle of something heavily depending on the "radtool" and it suddenly stopped working. I'm very concerned to see that the extension would actually do this, especially without developers' control/awareness as to the timing of the update.
Still occurs. But apparently it comes from Microsoft.Extensions.Identity.Core.UserManager base class.
The line where the "new" code is generated is from TokenAuthController.SendTwoFactorAuthCode():
cacheItem.Code = await _userManager.GenerateTwoFactorTokenAsync(user, model.Provider);
I don't understand why it is the same number but it often is, perhaps depending on timing? Indeed responses here suggest it is (I assume aspnetcore equivalents came out of MVC). Also implies possibly some way to change it. Could just randomly generate a code some other way since it is generated & checked against a cache.
https://stackoverflow.com/questions/42369268/how-to-prevent-generation-of-the-same-otps-in-mvc-2fa
Db update after deleting database doesn't seem to produce any differences. I also generated a migration but it was empty. I always get 2 admin users, one with Tenant ID == null, one with Tenant ID == 1. The Angular UI code suggests TenantID > 0 is what makes something multi-tenant. I can only login with the multi-tenant version of 'admin' (email address = [email protected], and TenantID == 1).
Once we turn off multi-tenancy, should new entities we create still need a TenantID? If so, should it be null, or 0, or 1? How do I login with the true 'admin'? How do I access settings such as hostSettings.userManagement.smsVerificationEnabled which cannot be edited from the UI for the 'tenant' side? What kinds of settings are going to remain conceptually divided between 'tenant' and 'host'? The whole idea is that we should not have to write an API client that knows or cares about 'tenant' because there is only one host/tenant and that is the API as a whole. How can we properly work around, cover up, and step over this concept with as little complexity as possible?
Sorry, I can't post a new post because the forum posting seems to be broken for me. I'm not sure if I can even reply on this thread.