Our blog contains the activity stream of Orchard Dojo: general news, new resources or tutorials are announced here.

Blazor guide for decoupled CMS, Workflow Trimming Task - This week in Orchard (06/09/2024)

Blazor guide for decoupled CMS, a new Workflow Trimming Task, and our renewed Orchard Dojo website are the topics for this week. You can still cast your votes for the Jean-Thierry Kéchichian Community Award! Only one week left until the Orchard Harvest conference! Let's see the news for this week!

Featured tags

IIS
API
All tags >

Orchard Harvest 2024 survey, Lombiq Login as Anybody for Orchard Core - This week in Orchard (09/02/2024)

Use the file name instead of the technical name in the Media Field, add Environment accessor in Liquid, a demo about our Login as Anybody module, and a survey about the upcoming Harvest conference! We have a lot to cover today, so let's get started! Orchard Core updates Use the file name instead of the technical name in the Media Field When selecting a file using the attached Media Field, it shows the technical name, which is not user-friendly. With this change, we use the uploaded file name if it exists. Let's try it out quickly! If you set up your site using the Blog recipe, it will create a predefined Blog Post content type. That content type has one Media Field called, Banner Image. We uploaded a new image to the Media Library (Content -> Media Library) and will use that for the predefined Blog Post content item. Once we select our file and click on it, you can see the Media Field displays the file name (Loki.jpg) instead of its technical name. Add Environment accessor in Liquid Currently, you can't check if you are in the Development or the Production environment in Liquid. This change introduces a new environment accessor in Liquid which represents the current hosting environment. The following properties are available on the Environment object as mentioned in the docs: IsDevelopment: Checks if the current hosting environment name is Development. IsStaging: Checks if the current hosting environment name is Staging. IsProduction: Checks if the current hosting environment name is Production. Name: Gets hosting environment name. Here, we have created a new template under Design -> Templates with the name Content__BlogPost. This template is called when displaying the Blog Post content item with the Detail display type, for instance, when accessed from its URL. We have one predefined Blog Post content item so we will use that one for testing purposes. The template itself is straightforward, we just print the name of the environment and two boolean values, as you can see in the screen below. Demos Lombiq Login as Anybody for Orchard Core This demo is about the Lombiq Login as Anybody module for administrators to be able to log in as any user. This feature is only available to site owners, thus it's no way to get around security. It's time to see this feature in action! The easiest way is to clone Lombiq's Open-Source Orchard Core Extensions solution. This Orchard Core Visual Studio solution contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries, containing the Lombiq Login as Anybody module too. Let's run the Open-Source Orchard Core Extensions solution and head to Configuration -> Features to enable the Lombiq Login as Anybody feature. After enabling the module you'll see a new button on the Security -> Users page. You can log in as any registered user there. This is useful if you want to see how your Orchard Core app behaves for certain users. Here you can see that we are logged in with the admin user, and the Log in as user button appears near the two other users on the list. Once you hit that button, you will be logged in as the selected user and will be redirected to the homepage of the site with a notification "Successfully logged in as {UserName}." If you want to see a short demo of this feature, don't forget to head to YouTube for a recording! News from the community Orchard Harvest 2024 survey For those too young to remember, we had Orchard conferences, called Orchard Harvest. And the conference website was available under orchardharvest.org, but unfortunately, it's not anymore. The last in-person one was in 2017 in New York. So, having another get-together is very much overdue. If you would like to see or get a feeling of how this looked like before, we have a couple of mood videos on the Orchard YouTube channel, like this one from the first conference. The point is that we should think about organizing the next in-person one, and we at Lombiq can take part in that or provide an organizing role with anybody who wants to take part. After last year, the Orchard Harvest Conference will be held again in 2024. Last year it was held online due to economic reasons. But first, we would like to assess the potential interest and what would be needed. You can fill in the questionnaire here, which should take about 5 minutes. Share your thoughts with us in the survey. We are curious about who we will meet in 2024! :) Work with Lombiq! Do you like developing apps with Orchard Core? Would you like to apply your skills to some of the most challenging Orchard Core apps out there, working with other OC experts? Then come work with us at Lombiq, the biggest Orchard Core team in the world! We've been contributors, supporters, and users of Orchard Core and Orchard 1 for more than a decade (Benedek Farkas and Zoltán Lehóczky, the two founders, for even more), with a huge open-source portfolio. There you can also check out the code we write, and some of the projects you could take part in. We do a lot. Ready for keywords? Open-source, Orchard Core CMS, .NET software development, ASP.NET Core MVC, distributed team, cloud-first, Microsoft Azure, self-funded R&D, Vue.js, jQuery, Bootstrap, SASS, training, hosting and operations, GitHub Actions, TeamCity, support, SaaS (the only Orchard CMS SaaS, DotNest), Selenium UI testing, xUnit, university courses. And also, greenfield experimental projects like Hastlayer, turning software into computer chips. Write to us at [email protected], and let's talk! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 479 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Azure AI Search feature, Lombiq Walkthroughs for Orchard Core - This week in Orchard (02/02/2024)

Use PagerAsync and PagerSlimAsync instead of using the dynamic New, new Azure AI Search feature and a demo about our Walkthroughs module for Orchard Core! Let's see the details! Orchard Core updates Use PagerAsync and PagerSlimAsync instead of using dynamic New Since we have nice extensions for the pager, it is better to use them to reduce the dynamic calls in the code. It's faster to use these PagerAsync and PagerSlimAsync extension methods instead of having dynamic calls to render the Pager and the PagerSlim shapes. Azure AI Search feature Azure AI Search, an AI-powered information retrieval platform, helps developers build rich search experiences and generative AI apps that combine large language models with enterprise data. Implement search functionality for any mobile or search application within your organization or as part of the software as a service (SaaS) apps. And from now on, Orchard Core supports Azure AI Search! Let's see how you can utilize this feature! First of all, you need to enable the Azure AI Search feature under Configuration -> Features. But before enabling the service, you'll need to configure the connection to the server. By default, you can navigate to Configurations -> Settings -> Azure AI Search and provide the Azure Search AI service info. Now, we can create a new index for the Article content type (that is a predefined content type created by the Blog recipe). When creating, resetting, or rebuilding an index, we trigger a job in the background that will upload all existing content items to the Azure AI Search index so the data will become searchable shortly after the action. You can create an Azure AI Search Index under Search -> Indexing -> Azure AI Indices. In this demo, we enabled the Search module to enable frontend search. Then, we used the previously created articles index as the default search index. Head to Search -> Settings -> Azure AI Search and select the articles index. Make sure that the default search provider is the Azure AI Search in the Content tab. If you head back to the default search form URL (~/search) and type something in it to search for the predefined article content item, you will get back the article content item. If you navigate to the Microsoft Azure portal to check out your search service, you will find that the articles index has one document, and the field names are coming from Orchard Core. It was just a quick demonstration of this feature, head to the documentation page of Orchard Core to learn more about it! Demos Lombiq Walkthroughs for Orchard Core This demo is about the Orchard Core Walkthroughs module for teaching Orchard Core fundamentals by guiding the user in step-by-step guides. This walkthrough covers key Orchard Core features, such as content management, user roles, and theme selection, and points users to further learning resources. Now it's time to try out this feature and see it in action! The easiest way is to clone Lombiq's Open-Source Orchard Core Extensions solution. This Orchard Core Visual Studio solution contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries, containing the Lombiq Walkthroughs module too. So, let's run this solution and enable the Lombiq Walkthroughs feature under Configuration -> Features. Now, if you head back to the site's homepage, you will see the first welcoming modal. The module uses shepherd.js, for the walkthroughs, and these modals are rendered by this library. Let's see it in action! As always, if you prefer videos, you can head to YouTube for a recording! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 481 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Update Lucene docs with recipe steps, .NET Foundation most active community projects 2023 - This week in Orchard (26/01/2024)

Update ResourceManager to better handle resources that don't specify a version, update Lucene docs with recipe steps, and Orchard Core is in the top 10 of the list of .NET Foundation's most active community projects of 2023! Without any further ado, let's get started! Orchard Core updates Update Lucene docs The Lucene module allows you to manage Lucene indices. This module contains a Lucene Worker feature, which creates a background task that will keep the local file system index synchronized with other instances that could have their local index. It is recommended to use it only if you are running the same tenant on multiple instances (farm) and using a Lucene file system index. The module also provides a management UI and APIs for querying Lucene data using ElasticSearch Queries. And of course, Lucene indices can be created during recipe execution using the ElasticIndexSettings step. The documentation of this module has been updated with these recipe steps to describe how to set the default search settings, how to restart the indexing process from the beginning to update current content items, or how to rebuild a Lucene index. Update ResourceManager to better handle resources that don't specify a version Let's say we have two scripts defined. A "default" version that doesn't specify a version. In another module, we define an override of that resource by defining a resource with the same name and specifying a version number. When we run the site, the script resources fail to load due to an ArgumentNullException. The issue lies in ResourceManager.FindMatchingResource, because when evaluating the second match, resource.Version is null, which causes a new Version(resource.Version) to throw the ArgumentNullException. Note that earlier in the method, the code takes care to avoid the ArgumentNullException by checking for null. A workaround for this issue is to just make sure that all resources specify a version, but since the version is not required by the API, it should handle null gracefully. You can reproduce this issue by following these steps: In an IConfigureOptions<ResourceManagementOptions>, register a new resource. For example, a script called "MyScript". Don't specify a version. Additionally, register a second resource with the same name, and this time also call SetVersion with a valid version number. For example, "MyScript" with a version of "1.0.0". Require the resource. For example, in Layout.cshtml, use the script tag helper to require "MyScript" and don't specify a version. Run the site and notice that the script doesn't load (in fact, no scripts load). Also, notice that you receive an ArgumentNullException in the log. The expectation would be that version 1.0.0 of the resource to be loaded on the page (winning out over the one without a version, and not throwing an error). So, this change is about updating the ResourceManager.cs to better handle resources that don't specify a version. News from the community .NET Foundation most active community projects 2023 Shaun Walker shared this image on X that contains the most active community projects based on the number of pull requests, the number of commits, and the number of new contributors. As you can see, Orchard has 1136 pull requests in 2023, which is great. Orchard has 854 commits, which is weird. Why do we have more pull requests than commits? Do we close that many pull requests? The reason for that could be that we have some mini PRs created by Dependabot. And we haven't talked about which projects are using squash and merge and which aren't. But it's still a nice thing to be able to see Orchard in the top 10 again! And don't forget about the fact that Orchard Core recently reached 7000 stars on GitHub! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 481 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Orchard Core 1.8.2, migrate the OpenID module to OpenIddict 5 - This week in Orchard (19/01/2024)

Migrate the OpenID module to OpenIddict 5, fixing FormatException when the login screen is posted with values other than true/false for RememberMe, and announcing Orchard Core 1.8.2! Without any further ado, let's get started! Orchard Core updates Migrate the OpenID module to OpenIddict 5 This is about updating the OpenID module to use OpenIddict 5.0, which shipped in December. With OpenIddict 5.0 being now generally available, the previous version, OpenIddict 4.0, stops being supported and won't receive bug fixes or security updates. As such, it is recommended to migrate to OpenIddict 5.0 to continue receiving bug and security fixes. So, this change reacts to the breaking changes introduced by this new major version by adding new store methods are updating the ones whose signature has changed. Note that while OpenIddict 5.0 supports new features, this change doesn't expose them via the Orchard Core admin UI. If you want to know more about the latest version of OpenIddict, check out this great post from Kévin Chalet! Fixing FormatException when the login screen is posted with values other than true/false for RememberMe If on the login screen, any non-boolean value (e.g., "1", "cicaisahungarianword") is set for the RememberMe input field, then you'll get an exception. This is of course not what a normal user would do, but is surfaced by the pentest attacks of Zed Attack Proxy (ZAP). This is a very popular open-source project, which is a security scanner. It can check your application for security issues. If you don't know ZAP and would like to know more about it, check out our post from last month, where you can learn more about it. So, adding input validation here would be necessary to avoid 500s. And you can easily reproduce this issue by following these steps: Go to /Login. Set the value attribute of RememberMe to anything but "true" or "false" from e.g., the Dev Tools of Google Chrome. Tick the checkbox. Click Log in. See the HTTP 500 error page. From now on, a validation error appears instead of a 5xxx one. News from the community Orchard Core 1.8.2 Orchard Core 1.8.2 was released a few days after the 1.8.1 one to address two issues of the 1.8.1 release. The first issue was that the admin language switcher (admin culture picker) was not working. It stayed in the same language regardless of what you chose. The second is about fixing the display name of the content fields. Let's just add a boolean field to a content type as follows. Let's use the name MyBooleanField as the technical name and My Boolean Field as the display name. As you can see in the screen below, the Display Name was equal to the Technical Name. If you open up nuget.org and search for the OrchardCore.Application.Cms.Targets package, you will find the newest released version of Orchard Core! Upgrade your solution to 1.8.2 now! Feel free to drop on the dedicated Gitter chat or use the Discussions on GitHub and ask questions! As we mentioned, Orchard Core is available as a NuGet package which you can easily add to your ASP.NET Core solution. Here's how you can get started with Orchard Core. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 480 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Orchard Core 1.8, add a way to provide a custom Elasticsearch query - This week in Orchard (12/01/2024)

We are thrilled to announce that Orchard Core 1.8 is now available! Check out this post to know everything about the latest release of Orchard Core. In the upcoming weeks, we will check out the newest features and additions of Orchard Core 1.8. Let's get started! Orchard Core updates Fix an exception when creating content type without any content part Let's assume the scenario where you create a new content type with a name but you are not adding any content parts to it. If you hit Save without any added content parts, you will get a NullReferenceException. The fix here is to check if the partNames array is null. The same check applies to the fieldNames array as well. Add a way to provide a custom Elasticsearch query In the search module, the only available option to conduct a search is using query-string or multi-match query by providing a list of default fields to search. What if we want to customize the query, for example, by using fuzziness or other options? Currently, there is no simple way to configure the default search to use advanced search options. This is a new feature such that you can define what is sent to Elasticsearch when you type some terms in the search box. As you can see in the following screencast; you can define the following custom query to perform advanced operations like fuzziness. { "query": { "match": { "Content.ContentItem.FullText": { "query": "{{ term }}", "fuzziness": "AUTO", "analyzer": "whitespace" } } }} The documentation page of the Elasticsearch module has also been updated, and the example for setting the default search settings accepts a SearchType option where you can use 'custom' for a custom query in DefaultQuery and 'query_string' for a Query String Query search. Leave it blank for the default, which is a Multi-Match Query search. News from the community Orchard Core 1.8 and Orchard Core 1.8.1 The community recently released the latest 1.8 version of Orchard Core with several new features and additions! In this update, we've introduced several significant changes that may require your attention before upgrading. Additionally, performance-related enhancements have been implemented to optimize your app's scalability, especially when dealing with a large number of tenants. The Admin Theme was upgraded to Bootstrap 5, and from now on, the theme mode is set to auto, which allows us to use the default device color preference, which could be dark or light. A new option for restarting a specific Workflow instance has been incorporated, involving adjustments to both the IActivity and IWorkflowManager interfaces, and the HTTP error views are now in the form of shapes. The upper navigation bar has been transformed into a customizable shape (Navbar shape), allowing for easy integration of items. As an enhancement for the Elasticssearch feature, we introduced a new option that permits the definition of a custom query for the default search. And we have a lot more to cover! Here are all the details of the release. Note that this release removes support for net6.0 and net7.0. Only net8.0 is supported. Orchard Core 1.8.1 was released a few days after the 1.8 one to address some issues of the 1.8 release. If you open up nuget.org and search for the OrchardCore.Application.Cms.Targets package, you will find the newest released version of Orchard Core! Upgrade your solution to 1.8.1 now! Feel free to drop on the dedicated Gitter chat or use the Discussions on GitHub and ask questions! As we mentioned, Orchard Core is available as a NuGet package which you can easily add to your ASP.NET Core solution. Here's how you can get started with Orchard Core. Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 480 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

In honor of Jean-Thierry Kéchichian - This week in Orchard (05/01/2024)

In honor of Jean-Thierry Kéchichian With a heavy heart, we share in the sorrow as we remember our good friend, Jean-Thierry Kéchichian, a truly extraordinary member of our community who unexpectedly passed away on December 24, 2023. Let us recall the moments that brought smiles to our faces, the wisdom he shared, and the profound impact he had on us all. Let us express our sorrow and collectively pay tribute, to our Jean-Thierry. As we reflect on his life, please let us extend our love and support to his family. This issue is dedicated to sharing the stories, thoughts, and memories that touch our hearts. If you like to recall the moments that he brought smiles to your face, the wisdom he shared with you, or the profound impact he had on you, please leave your comment there. You can find a new page in the Orchard Core documentation called Honorable Members in honor of Jean-Thierry Kéchichian. Rest peacefully Jean Thierry Kéchichian. Your memory will forever inspire us.

Keyed services, Hastlayer.com is running on Orchard Core - This week in Orchard (29/12/2023)

Adding helpful methods for ContentPart, ContentType builders, and ContentItemExtensions, introducing keyed services, and a case study about modernizing and migrating Hastlayer.com to Orchard Core are the topics for the last week of this year. Let's check them out in detail! Orchard Core updates Adding helpful methods for ContentPart, ContentType builders and ContentItemExtensions This is about introducing several new useful methods and extension methods for Orchard Core to make the developer's life easier. Let's see the changes! New methods in ContentPartDefinitionBuilder ContentPartDefinitionBuilder WithField<TField>(string fieldName) ContentPartDefinitionBuilder WithField<TField>(string fieldName, Action<ContentPartFieldDefinitionBuilder> configuration) Task<ContentPartDefinitionBuilder> WithFieldAsync<TField>(string fieldName, Func<ContentPartFieldDefinitionBuilder, Task> configuration) New methods in ContentTypeDefinitionBuilder ContentTypeDefinitionBuilder WithPart<TPart>() ContentTypeDefinitionBuilder WithPart<TPart>(string name) ContentTypeDefinitionBuilder WithPart<TPart>(string name, Action<ContentTypePartDefinitionBuilder> configuration) New extension methods in ContentItemExtensions bool TryGet<TPart>(this ContentItem contentItem, out TPart part) bool TryGet<TPart>(this ContentItem contentItem, string name, out TPart part) bool TryGet(this ContentItem contentItem, Type contentElementType, string name, out ContentElement part) New extension method in EntityExtensions bool TryGet<T>(this IEntity entity, out T aspect) But let's not just list these here, see a little example too! On this screen, you can see the migration of the SeoMetaPart where we configured this part and added some fields to it. You can see that this part contains a field called DefaultSocialImage and by using the OfType method, we can set the type of the field (MediaField in this case). But by using one of the new overloads of the WithField method, we don't need to use the OfType method, we can pass a typed value, the type of the field itself. Keyed services The recently released .NET 8 introduces keyed service dependency injection container support. Currently, we don't support it in Orchard Core and the goal of this feature is to allow us to use keyed services in Orchard. Here you can see that in this CloneSingleton extension method, we need to understand whether is it a keyed service or not, and based on the ServiceKey object (which gives the key of the services, if applicable) of the ServiceDescriptor (which describes the service with its service type, implementation, and lifetime) we can decide which overload of the ClonedSingletonDescriptor method do we need to call to add our service to the ServiceCollection. News from the community Case study: Hastlayer.com is running on Orchard Core The new website for Hastlayer, the .NET hardware accelerator originally built on Orchard 1, now runs on Orchard Core! Check out our case study here about the migration! We are happy with the results and the additions to our open-source modules, and stay tuned, as we keep the migrations rolling. This is an excellent time if you're considering migrating your Orchard 1 website to Orchard Core. Should you have any questions or encounter challenges, don't hesitate to reach out to us. We're always ready to bring our expertise to your unique project needs. Contact us today, and let's start making your Orchard Core website even better! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 484 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Introducing ConfigureAsync method, Security scanning with ZAP in the Lombiq UI Testing Toolbox - This week in Orchard (22/12/2023)

Introducing ConfigureAsync method and the IAsyncConfigureOptions interface, demo about Security scanning with ZAP in the Lombiq UI Testing Toolbox, and some photos of our Christmas event! Let's see the details! Orchard Core updates Introducing ConfigureAsync method In the Startup files, you can use the Configure method to configure the tenant pipeline. Now, if you implement the IAsyncStartup interface, you will be able to configure the tenant pipeline asynchronously by using the new ConfigureAsync method. This means the initialization of the tenants will be much faster in the future in a SaaS environment. Here, you can see an example of how to use this method in the Startup file of the Localization module, where we don't need to call the GetAwaiter() and the GetResult() methods when getting the default culture and the supported cultures. IAsyncConfigureOptions interface In this PR, Jean-Thierry Kéchichian introduced the IAsyncOptions and IAsyncConfigureOptions<TOptions> interfaces that can be used globally across your Orchard Core solution. The IAsyncConfigureOptions can be used to configure asynchronously a type of options just after a tenant container is created, and the IAsyncOptions marks a type of option intended to be registered as a singleton and configured asynchronously by an IAsyncConfigureOptions<TOptions> just after a tenant container is created. For example, here the BlobOptions will be registered once as a singleton and configured asynchronously once by BlobOptionsSetup.ConfigureAsync() just after a tenant container is created using this single line of code: services.Configure<BlobOptions, BlobOptionsSetup>(). Demos Security scanning with ZAP in the Lombiq UI Testing Toolbox Maybe you have already heard about the Lombiq UI Testing Toolbox, our web UI testing toolbox mostly for Orchard Core applications. Everything you need to do UI testing with Selenium for an Orchard app is here. We wrote about it several times here as well, first when we open-sourced it, when we added some Orchard Core Features tests to it when we added the automated monkey testing feature to it, and when we introduced the Visual verification testing. At the end of last year, we showed you the latest updates about integrating UI testing into Orchard Core and the way you can use WebApplicationFactory, a fake video capture source, or the interactive mode. This time, we will check out a slightly different topic, security scanning! Of course, security is important, you don't want your web app to be used for spamming or cryptocurrency mining, or you don't want your users' data to be lost or get into the hands of others. So, you want to secure your application. There are many layers to that, and many layers to enforcing or ensuring your application is secure including manual reviews and static code analysis. Another layer is penetration testing. It means that somebody going to your application and trying to break it in some way, get into it in a way that they shouldn't be able to. Pen testers use some tools, and one of the most widely used tools is the Zed Attack Proxy (ZAP). This is a very popular open-source project, which is a security scanner. It can check your application for security issues. This is a JAVA application, and it checks web apps for general web application security issues. It can do generally dangerous attacks, it can do that actively and passively, so let's see that in action and see how to automate those scans! The easiest way is to clone Lombiq's Open-Source Orchard Core Extensions solution. This Orchard Core Visual Studio solution contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries, containing our UI Testing Toolbox for Orchard Core, which contains a feature for ZAP. Here you can see quite detailed documentation about this but what's more important we also have some samples. Here, you can run ZAP with a DotNet API. It's just a simple scan but you can utilize the DotNet API more if you add some more configuration as you can see on the screen. This SecurityScanWithCustomConfigurationShouldPass method adds some configuration, like you can exclude URLs from the scan, disable rules for just a given URL, can authenticate and while we are talking about testing, you can also assert on the results. The results are not just available on a human-readable HTML report but also as a sarif-json which is a standard way of sharing such scan results. Do you want to know more about how to do an automated security scan of your Orchard Core app with ZAP? Check out our post in Orchard Dojo about it, and don't forget to head to YouTube for a recording to see how you can run these tests from Visual Studio! News from the community Christmas in Lombiq Sometimes we do stuff. Together. Not (just) in front of computer screens. These are some usual events in Lombiq that are all announced and arranged in advance. We periodically have an event called RnDay: this is a few hour-long event where we share what we recently worked on and what we plan to do. E.g., If we recently finished a project, then the project's team members demo what they've done. We had our last RnDay for this year in the Loffice, which is a coworking and event space where we held this event. And at the end of the day, we visited a nearby restaurant to have dinner together. We would like to thank you all for reading our posts and making the Orchard community stronger together with us! We hope that we can give you valuable news and demos about the happenings around Orchard and Orchard Core from time to time by reading our posts and of course the This week in Orchard newsletter. We would like to wish everyone a Merry Christmas with some photos of our latest event! Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 486 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Add a way to Remove User from a Role, Lombiq Hosting - Tenants Email Quota Management - This week in Orchard (15/12/2023)

New Get users by roles and Unassign users from roles activities, add async methods to ContentDefinitionManager to prevent possible thread starvation, and a demo about Lombiq's Tenants Email Quota Management module! Let's get started! Orchard Core updates Add a way to Remove a User from a Role This change introduces two new activities that you can utilize when working with workflows. The first one is called Get users by roles. Here you can easily choose the roles to identify users by using the Roles check boxes. You can see that you can provide a key (Output Key Name) that will be used to store the user's ID in a list that you can use in an upcoming activity in your workflow. The second activity is the Unassign user from roles one. The Roles check box works the same and the UserName text box can be used to provide the user name of the user who you want to update. Here in this silly example, we hard-coded the admin user name but of course, you can use Liquid to have a flexible activity. Add Async method to ContentDefinitionManager to prevent possible thread starvation The idea here is to make all the IContentDefinitionManager methods async to prevent possible thread starvation. To avoid a breaking change, the old ones were marked as obsolete. Here is a list of interfaces that were modified: IStereotypeService IStereotypesProvider IRouteableContentTypeProvider IRouteableContentTypeCoordinator IContentDefinitionService IContentDefinitionManager IContentDefinitionService On this screen, you can see the updated IContentDefinitionManager interface, where the non-async methods were marked as obsolete with a warning message that these methods will be removed in the upcoming releases. So, when you update your solution to the latest Orchard Core version, don't be surprised when you see some warnings after you build your solution. Demos Lombiq Hosting - Tenants Email Quota Management This demo will be about a new Orchard Core module, part of our Hosting Tenants repository, that helps you manage email quotas. Hence the name Email quota management, which could be useful if you have a SaaS provider (like our SaaS provider, DotNest) and you would like to restrict the number of emails sent out per month per tenant only if the tenant is using your SMTP provider. Of course, you don't want to restrict those tenants who are using their own SMTP provider. To set the quota you can use the appsettings.json file or an environment variable. The default value here is 1000 emails per month. Now it's time to try out this project and see it in action! The easiest way is to clone Lombiq's Open-Source Orchard Core Extensions solution. This Orchard Core Visual Studio solution contains most of Lombiq's open-source Orchard modules and themes, as well as related utilities and libraries, containing the Email quota management module too. First of all, you need to enable the Lombiq Hosting - Tenants Email Quota Management module under Configuration -> Features. After that, let's navigate to Configuration -> Settings -> Email. And wow, you can see that we have already sent 997 emails out of 1000 this month. Yeah, we cheated a little bit and we already sent out some emails using workflows. In this case, the users who have site owner permission will receive an email when the tenant reaches 80% of the available email quota for this month. They will get another email if you exceed 90% of the email quota. When you reach your quota for this month, you will get a red notification that can be seen on every page in the admin UI. It means that you will not be able to send out more emails until next month. As always, if you would like to know more about this module, head to YouTube for a recording! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 487 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!

Azure Email Communication Services feature, Shortcode for cache busting - This week in Orchard (08/12/2023)

Shortcode for cache busing, update the Admin Dashboard documentation, and a demo about the upcoming Azure Email Communication Services feature! Let's get started! Orchard Core updates Update the Admin Dashboard documentation The documentation page for the Admin Dashboard has been updated with details about how to create custom widgets that you can add to the Admin Dashboard. You can also read about the customizable settings of these widgets and the options that you can use if you wish to modify the look of your widgets. Shortcode for cache busting There was no option to add a Shortcode for cache busting. For reference, you can add cache busting in a cshtml file like this: @Orchard.AssetUrl(assetPath: path, appendVersion: true). So, if somebody used an image in (for example) an HTML Body part, there was no way to add cache busting with a Shortcode. The goal of this improvement was to add a Shortcode that allows cache busting. The Shortcodes page of the documentation lists the available Shortcodes in Orchard Core. This contains the Demos Azure Email Communication Services feature Azure now has a new set of resources under the Communication Services (ACS) umbrella, Email Communication Services being one of them. This is a cheaper, Azure-native alternative to SendGrid. The primary way to use it is not through traditional SMTP-server configuration, but a connection string (of two components, endpoint, and access key) provided by the ACS resource, which allows access to the specific communication service resources attached to it (for example, an Email Communication Services instance). This requires a custom implementation to send emails using the corresponding SDK. OrchardCore.Email doesn't seem to support this scenario at its current state and needs a bit of refactoring (can take inspiration from the structure in O1 for better extensibility). Now let's see the current state of this feature that you can also check out in this PR! First, we need to enable the Azure Email Communication Services feature that configures email settings and a default email service based on (ACS) under the Configuration -> Features option from the admin UI. After that, you will find a new option under Configuration -> Settings -> Email, called Azure Email Settings. Here, you can see the Default Sender and the Connection String values. The Default Sender can be set up under the Email Settings menu item or use the appsettings.json file. The Connection String can be set up using the appsettings.json file. And if you are interested in how to use this feature from code, you can see a unit test for this in the AzureEmailServiceTests class. As always, if you would like to know more about this upcoming feature, head to YouTube for a recording! News from the community Orchard Dojo Newsletter Lombiq's Orchard Dojo Newsletter has 487 subscribers! We have started this newsletter to inform the community around Orchard of the latest news about the platform. By subscribing to this newsletter, you will get an e-mail whenever a new post is published to Orchard Dojo, including This week in Orchard of course. Do you know of other Orchard enthusiasts who would like to read our weekly articles? Tell them to subscribe here! If you are interested in more news about Orchard and the details of the topics above, don't forget to check out the recording of this Orchard meeting!