Hello,

we have set up login via ADFS, for initial login it works correctly. But when trying to access root of the website in new tab (with active session) we receive 403 error 

 

DefaultDocument is set as described here

version 7.14

 

Could you suggest what is the issue here? 

Thanks in advance 

Like 0

Like

2 comments

Update: when we performed error tracing, there is no actual error in the report

Hello Iuliia Diakiv,

 

It only means that there is a problem with the Web.config file located in the root application directory (loader config). Also this error message doesn't really mean that the problem is with SSO settings in the Web.config file, but with its content in general. You need to check for comment symbols or opening tags, closing tags and check if they are needed there or not.

 

You can also take an out-of-the-box Web.config file and Web.config file of your app and compare them using some comparining tools like Araxis Merge.

 

Best regards,

Oscar

Show all comments

Dear community,

Using FileApiService, we are able to rename the attachment. This posses a challenge because an attacker can upload any malicious file, even though we have a logic to allow only certain file types to get uploaded.

 

For example, ABC.bat can be renamed as ABC.txt. After uploading this file, the attacker can change the name of file to ABC.bat.

 

We have locked the fields of attchment detail on UI, but it is not much of help if the file is renamed through FileApiService.

 

Any method to restrict renaming using this API would be appreciated.

 

Thanks

 

Like 0

Like

4 comments

Hello Shivani,

 

Unfortunately, there are no methods available that can restrict file renaming. But we are planning to release the filter that will check the file extension directly from the file and not from its name. As a result, there won't be a possibility of changing the filly type by means of renaming.

We will post that information in Release Notes as soon as the feature will be added to the product.

 

Best regards,

Bogdan

Bogdan Spasibov,

 

Thanks Bogdan. Also now that you have mentioned about using file signatures (please correct me if I am wrong), I am curious to know how text and csv files can be checked. The challenge we have with our custom logic to allow only 'whitelisted' file types is that csv and txt files do not have file sigfnatures. Is there a way to verify that the attached file is really csv or txt and not a disguise?

 

Thanks

Shivani Lakshman,

 

We confirmed the information with R&D regarding your request and unfortunately, it's not possible to verify the real extension of the file if it is not specified in the file signature. In this case, the application checks the extension.

 

Best regards,

Bogdan S.

Bogdan Spasibov,

Thanks Bogdan. A possible solution would be to restrict file name change. Once file is uploaded, name change can be prohibited. Hence, a file ABC.bat that has been renamed to ABC.txt to pass filter, can never be renamed to ABC.bat :)

Show all comments

Dear team,

 

we need to return some user-friendly result from anonymous service method, not Json or Xml. Use case is as follows: end user receives email with link, which is opened in browser. So we need to return some Html page from the method, or link to static content that will inform user about result of his action. Something in a way, as is implemented for the case-rating (see screenshot)

Is there a suggested method to implement such behavior? 

 

Thanks!

Like 0

Like

7 comments

Hi Iuliia, 

 

Alas, this is an unsafe approach to use an anonymous web-service to return an HTML-page. This may do harm to the user's data and safety. Could you please specify if an anonymous web-service is the only preferable method for you? 

 

Here is also an option to perform your task using a configuration web-service. Please find the instruction by the link below:

 

https://academy.creatio.com/documents/technic-sdk/7-16/creating-configu…

 

Please let us know if you need any additional assistence. 

 

Regards, 

Anastasiia

Anastasiia Markina,

for the task at hand it's preferable for us to use anonymous web-service. It will have limited endpoints for sure, and with action validation. Simplified business flow is that internal user receives some question with yes/no selection (two links, with user-specific id's for each case), clicks on one of them => application receives this answer and returns some message to the user that will notify him/her that the answer was stored successfully or not. We want to use anonymous web-service to improve user experience - not to force them to login to system for such actions. 

Thanks for you suggestion, but unfortunately I can't seem to the answer for my question here.  In example there is  ResponseFormat = WebMessageFormat.Json (or Xml) which is not suitable for task at hand - they are parsed in not user-friendly response by browser. 

What I was asking,  if there is a possibility to return any user-friendly response from the service method(could be as well redirection link to some statically stored image which will hold the message that user should receive). 

 

Best regards, Iuliia

Iuliia Diakiv,

 

We strongly discourage you from using an anonymous web-service to return any data as this may threaten the safety of the whole system. 

 

To show a user any readable page (HTML or an image), you can easily store it at the directory of your instance and call it from there as usual. 

 

Regards, 

Anastasiia

Anastasiia Markina,

ok, I got your consern about using anonymous web service. But how can I return link to html page from general service, which you've suggested to use in your first comment? I can't seem to find the solution myself

 

Regards, Iuliia

Iuliia Diakiv,

 

We have been looking for the correct solution for your purpose. The best way to return the HTML-page without authentication and without threatening to system safety, at the same time, is to create a static HTML page.

 

Please put it to your root project directory: Terrasoft.WebApp > Nui

Then, a user will be able to open it as a standard HTML web page.

 

Regards, 

Anastasiia

Hi Anastasiia Markina,

 

Could you please let me know how to call/ return the HTML page from the anonymous service?



Edit : Adding below code worked.

 

WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Redirect;

WebOperationContext.Current.OutgoingResponse.Headers.Add("Location", "http://localhost:97/0/Nui/ThankYouPage.html" );

Shivani Lakshman,

 

According to Anastasiia explanation we don't have practical examples of such implementation.

 

https://academy.creatio.com/documents/technic-sdk/7-16/creating-anonymo…

 

As mentioned in this article you may use couple of web services.

 

Alternatively, OData will be the most flexible to achieve most of required scenarios:

 

https://documenter.getpostman.com/view/10204500/SztHX5Qb?version=latest

 

As for example check this article how to get some data like files and you may change it according to your needed: 

 

https://community.creatio.com/questions/how-download-attachments-section

 

Hopefully it will be useful for you!

 

Regards, 

 

Bogdan L.

Show all comments

Dear team,

 

could you please explain how the page validation select's which field  is shown in warning pop-up if there are more than 1 required fields missing? 

We constantly receive such issues: pop up shows not the first field, this is confusing for users (please, see simplified example)

 

Regards, Iuliia

Like 0

Like

1 comments

Hello!

 

By default, the page validation pop-up notification "selects" the field in alphabetical order. In your case, it is the "Approver" field that starts from the "A" letter.

 

We will register the idea for our R&D team to review this logic in further releases according to the field position on the page. 

 

Thank you for helping us become better!

 

Best regards, 

Olga. 

Show all comments

Dear team, 

we are preparing to upgrade to version 7.16.x, and as stated in update guide before update to versions 7.16.1 and 7.16.2 we are tryin to remove any customization using the MailBee library and the Terrasoft.Mail.SmtpClient class.

I am following the guide to set up email sending using explicit account credentials but receive errors when trying to compile the process

Using of Terrasoft.Mail.Sender and Terrasoft.Core.Factories

Could you please, help me? Which namespase\class should I additionally include?

 

Best regards, Iuliia

Like 0

Like

8 comments

Hello Iuliia,

 

Please also get sure that you are using System.Linq along with Terrasoft.Mail.Sender and Terrasoft.Core.Factories. Also please provide us with your code since the code from the article you've sent works correctly and the process can be published.

 

Best regards,

Oscar

Oscar, thanks for your reply. Yes, I did include System.Linq, and code that I am using is exact copy of the code in example, no deviations. Please, note my current version is 7.14.0 - could this be an issue? I noticed that this guide is not available for documentation for 7.14

Regards, Iuliia

Iuliia Diakiv,

 

Yes, you are right, we've reproduced the same publishing error in the clean 7.14.0 version and double-checked with the developers and this approach is acceptable for 7.15.* versions applications and higher. This approach won't work in 7.14.0 and please update your app to 7.16.4 version so to implement the functionality described in the article.

 

Best regards,

Oscar

Oscar Dylan,

Thanks for clarification. One last question: in the update guide it says 

"Before you update to versions 7.16.1 and 7.16.2 make sure you do not have any customization using the MailBee library and the Terrasoft.Mail.SmtpClient class", so does it mean that in versions 7.16.x using mentioned classes is impossible (e.g. they are removed) or just deprecated? 

I am just wondering whether I will receive error upon trying to update to higher version with the current logic implemented, if those classes were removed completely.

 

Regards, IUliia

Iuliia Diakiv,

 

you need to remove this process from the system since the system compiles itself once it is updated so as a result you will receive a compilation error and the update process will be unsuccessful. To make sure that the update is correct you need to remove the process and compile the app after that. In case you receive no errors (warnings are acceptable) then you can process with an update.

 

Best regards,

Oscar

Oscar Dylan,

sorry, I did not understand your last response. What i am asking is this: are  MailBee library and the Terrasoft.Mail.SmtpClient class completely deleted or just deprecated starting from version 7.16.1?

If they are deleted, I need to delete my currently working code that uses them before version update and then re-setup all processes for email sending from scratch? - this will be really inconvenient.

 

Best wishes, Iuliia

 

Iuliia Diakiv,

 

They were completely removed so that's why the update guide tells to remove using this library and class. You can use the SQL script provided there to find all the processes where they are used and modify all the processes according to the articles that are mentioned there.

 

Best regards,

Oscar

Oscar Dylan,

thank you very much for clarification!

Show all comments

Hello,

I want to add custom button to add new record of case. I added custom button to contact edit page, made onClick event handler and using this function to open add record page of case:

 

_contactObject.openCardInChain({
	"schemaName": "CasePage",
	"operation": "add",
	"defaultValues": [{
		"name": "Contact",
		"value": _contactObject.get("Id"),
		"displayValue": _contactObject.get("Name")
	}]});

It works only when I am on Contact edit page, reload page and clicked my button. or if I entered directly on Contact edit page using url.

 

But if I entered from Contact list page, this function is not working. It shows infinite loader and never stops. If I reload page while loader, it loads add record page of case, exactly what I want.

 

Unfortunately, it doesn't shows any error in console. I tried to debug this function and trace how it works, but at the and, it fires event and I can't understand why its handler not handling it.

 

We are using Bpm Online 7.14.1.935

Like 0

Like

3 comments

Dear Luka,

 

Looks like the issue is related to combined mode Please, try this approach of adding logic to the section and to the page - https://academy.creatio.com/documents/technic-sdk/7-16/how-add-button-edit-page-combined-mode.

 

Best regards,

Angela

Angela Reyes,

we had that problem, but now we added button on ContactPage, so its button and onClick handler works fine. also that function openCardInChain is executed, but there is no result. 

Resolved:

I added property in config param which is passing to openCardInChain function. param is moduleId.

Show all comments

Hi support team :)  

 

I just found out that when I can't login on UI because of the Error

 

  I still can login via authentication service by doing Post request and receive all the cookies needed (like it is described here https://academy.creatio.com/documents/technic-sdk/7-16/executing-odata-…). And only when I perform second request as so called  "logged in user" I am interrupted with the the Error:

licManagerException.message = 'Unable to log in: insufficient number of licenses to access the objects used on the portal. A system administrator can modify the list of objects available to portal users';

 

Thus I do wonder why I am not receiving  'Unable to log in..' error message when I do authentication Post request ? I must be receiving this error message no matter how I am logging in.

 

Thank you

Looking forward to your reply

Like 0

Like

1 comments

Hello!

 

The issue is being resolved within a regular support case. We will post the solution for this issue once it is resolved on the Community as well. 

 

Thank you for bringing up this issue!

 

Best regards,

Olga. 

Show all comments

Hello,

 

i've set up anonymous web service on my local env following these instructions https://academy.creatio.com/documents/technic-sdk/7-14/creating-anonymous-web-service. It worked great. But when I try to set it on test env, there is next  issue:

Do you know, what could be the issue here? Test env is configured for https, my local env - for http.

 

Thanks

Like 0

Like

1 comments

Dear Iuliia,

 

Please check that you configured the anonymous web-service for https protocols. Please take a look at the third paragraph from the article by the link below:

 

https://academy.creatio.com/documents/technic-sdk/7-14/creating-anonymous-web-service?_ga=2.77383253.1346360870.1597151673-495406565.1597151673

 

Best regards,

Norton

Show all comments

Dear team, 

 

we receive the next error when GenerateAnniversaryRemindings process is run:

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> Terrasoft.Common.DublicateDataException: Duplicates data in object "Reminding". at Terrasoft.Core.Entities.Entity.Load(Select select, IDictionary`2 columnMap) at Terrasoft.Core.Entities.Entity.InternalFetchFromDB(IEnumerable`1 columnsToFetch, IDictionary`2 conditions, Boolean useDisplayValues, Boolean performValuesCleanup) at Terrasoft.Core.Entities.Entity.FetchFromDB(EntitySchemaColumn conditionColumn, Object conditionValue, Boolean useDisplayValues) at Terrasoft.Configuration.BaseAnniversaryReminding.DeleteNotActualAnniversaryRemindings(String anniversarySchemaName) at Terrasoft.Configuration.BaseAnniversaryReminding.GenerateRemindings(Select select, String anniversarySchemaName) at Terrasoft.Configuration.BaseAnniversaryReminding.ExecuteQueries() --- End of inner exception stack trace --- at Terrasoft.Core.Process.GenerateAnniversaryRemindingsMethodsWrapper.GenerateRemindingExecute(ProcessExecutingContext context) at Terrasoft.Core.Process.ProcessFlowElement.Execute(ProcessExecutingContext context)

 

Please advise, what columns are taken into accounts when selecting data from dbo.Reminding and how to fix this issue? 

 

Thanks, Iuliia

Like 0

Like

5 comments

Is GenerateAnniversaryRemindings an out of the box process?

Julius,

 

yes.

Can you please check if there are any duplicate ids in Reminding table? 

Use this query: 

 

SELECT ID,

    COUNT(*) occurrences

FROM Reminding

GROUP BY id

HAVING 

    COUNT(*) > 1;

    

Best regards,

Angela

Angela Reyes,

specified by you query returns 0 results. But grouping by 

ContactId, Subjectid, Remindtime or different combinations of these columns returns non-empty list. I didn't check all the columns of the table Reminding as it's a cumbersome task, especially taking into account different combinations.

Iuliia Diakiv,

 

Unfortunately, it is impossible to determine the root cause of the issue without having access to the application and the database. Therefore, please contact technical support in order to resolve the issue.

 

Please do not forget to provide the support team with a backup of the database.

 

Best regards,

Norton

Show all comments

Hi All,



We have implemented IFrame in our creatio instance to connect with third-party applications. The process is executing successfully. But we get an issue in the network, we could see the call is made twice in the network always one gets failed and the other one we could get a successful response. 

But we have no idea why the other call is made.





Kindly help me with this !



Regards,

Adharsh S

Like 0

Like

2 comments

Dear Adharsh,

 

All controls (including Terrasoft.IframeControl) inherit from the “Terrasoft.Component” class that is located in the “component.js” file. The “Terrasoft.Component” class is designed in such way that on “reRender” function it inserts html content of the control into DOM twice https://prnt.sc/tl2f68. The old “wrapEl” object is destroyed and replaced by the new one - https://prnt.sc/tl2tnu.

 

In order to fix this behavior, it is necessary to perform a very detailed analysis of how it can be done differently. Moreover, take into account the regression since this is the basic mechanism for all controls.

 

Please note that we notified the development team about your request.

 

Best regards,

Norton

Norton Lingard,



Thanks!

Show all comments