Enabling Decorators Support in TypeScript 1.5, Visual Studio 2015

Finally installed VS2015, I got the following error in my TypeScript project:

Error    TS1219    Experimental support for decorators is a feature that is subject to change in a future release. Specify '--experimentalDecorators' to remove this warning.

Ok. So, how exactly do you do this if you're not the one invoking the TSC compile action? Visual Studio TypeScript plugin is invoking the compiler option. Hmm. tsconfig.json compiler config doens't seem to be picked up by the TypeScript plug-in.

To enable decorator support, unload your TypeScript project. Right click, Edit Project .csproj. Find the TypeScript compiler option section and add the following (Line 14 and 15):

Code Snippet
  1. <PropertyGroup Condition="'$(Configuration)' == 'Debug'">
  2.   <TypeScriptModuleKind>amd</TypeScriptModuleKind>
  3.   <TypeScriptCompileOnSaveEnabled>True</TypeScriptCompileOnSaveEnabled>
  4.   <TypeScriptTarget>ES5</TypeScriptTarget>
  5.   <TypeScriptNoImplicitAny>False</TypeScriptNoImplicitAny>
  6.   <TypeScriptRemoveComments>False</TypeScriptRemoveComments>
  7.   <TypeScriptOutFile />
  8.   <TypeScriptOutDir />
  9.   <TypeScriptGeneratesDeclarations>False</TypeScriptGeneratesDeclarations>
  10.   <TypeScriptNoEmitOnError>True</TypeScriptNoEmitOnError>
  11.   <TypeScriptSourceMap>True</TypeScriptSourceMap>
  12.   <TypeScriptMapRoot />
  13.   <TypeScriptSourceRoot />
  14.   <TypeScriptEmitDecoratorMetadata>True</TypeScriptEmitDecoratorMetadata>
  15.   <TypeScriptExperimentalDecorators>True</TypeScriptExperimentalDecorators>
  16. </PropertyGroup>

Also, seems like the TypeScript 1.5 RTM plugin will respect the decorator compile options when you use SAVE-ON-COMPILE. :)

Hope that helps,
Brian Chavez

Add Comment Filed Under [ ASP.NET ]
ASP.NET Identity, OAuth 2 Social Login, Web API 2, and MVC 5 SPAs

image Wow, that's a mouthful. I feel like that lady on the right sometimes.

So, I spent a few days studying SPA applications and how to use external social logins like Facebook and Google with Web API 2.

It's not for the faint of heart, especially when Microsoft's Web API template with VS 2013 is broken. Microsoft's template implementation is about 70% right.

Pile on top, all the inconsistent Web API login routes to think about. See this post for what's broken. I mostly agree to some extent. In addition, it seems like most "Web API" tutorials out there are outdated. Most of the tutorials have a user's browser parsing an obscure "auth_token" somewhere along the OAuth login flow. Surprise! In MVC5 + WebAPI2 + Social Login, there is no auth token homie! Now, it's all handled by the middleware. LoL. Eh, well, whatever, I didn't want to expose a scary sensitive auth token to the user's browser anyway. But I digress.

Before we begin, some articles & references that will help you

Distilled down to a single blog post, I present to you, ASP.NET Identity's OAuth2 Social Login flow with Web API 2:

So it begins, a new user arrives

Figure A:


Figure A, the user arrives and hits your MVC app. Your MVC app sends down your SPA. The user navigates to a login page and Figure B happens.

Figure B:


Your SPA app consumes the JSON from ExternalLogins call and renders some choices. In Figure B, Google and Facebook are configured on the server's OWIN middleware. Cool.

Figure C:


The user decides to login with "Facebook". In Figure C, it's a full-page navigation to the URL of /ExternalLogin?provider=Facebook. Not an AJAX call.

AuthController.cs (originally AccountController.cs from the original template) sees this request, and processing goes up to a ChallengeResult:

// GET api/auth/ExternalLogin
[Route("ExternalLogin", Name = "ExternalLogin")]
public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
    if( error != null )
        return Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error));

    //ANONYMOUS will always get trapped here.
    if( !User.Identity.IsAuthenticated )
        return new ChallengeResult(provider, this);

A ChallengeResult is returned to the anonymous user. A ChallengeResult looks like:

public class ChallengeResult : IHttpActionResult
    public ChallengeResult(string loginProvider, ApiController controller)
        LoginProvider = loginProvider;
        Request = controller.Request;
    public string LoginProvider { get; set; }
    public HttpRequestMessage Request { get; set; }

    public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
        var response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
            RequestMessage = Request
        return Task.FromResult(response);

ChallengeResult has an HTTP Status Code of Unauthorized. When MVC is executing the ChallengeResult, MVC notifies the OWIN middleware of an Authentication.Challenge("Facebook"). The unauthorized status code triggers the OWIN middleware to wake up and process the pending Authorization.Challenge, and transform the unauthorized status into a 302 redirect to an off-site login provider (Facebook in this case) for authorization as shown in Step 7 in Figure C above. Take note, in particular, the 302 redirect to Facebook has "redirect_uri=http://webapp.com/signin-facebook". This is a callback into the middleware that the user's browser will hit after they are finished authenticating and authorizing your web app on Facebook. In addition, take 2nd note, the middleware has instructed the browser to set a Correlation.Facebook cookie in Step 7 in Figure C above.

The user's browser follows the redirect as shown in Figure D below:

Figure D:


In Figure D Step 8 above, the user authenticates with Facebook and authorizes WebApp.

Then, Figure D Step 9, Facebook issues a 302 redirect to the user's browser back on the OWIN middleware endpoint /signin-facebook. The browser follows the redirect shown in Figure E Step 10 below:

Figure E:


Side Note: When the middleware receives the /signin-facebook callback, the middleware needs to check if the current callback originated from the WebApp to prevent a CSRF attack. The Facebook middleware inspects Correlation.Facebook cookie and matches the cookie with some encrypted state inside the callback that was part of the query string on the way out to Facebook and on the way back in from Facebook. Hewf. Stay with me now...

Next, the OWIN middleware uses the code query string to setup a backchannel with Facebook. The code=AQABC... from Figure E, Step 10, is a code to get a real access_token. The access token is then used to query Facebook's Open Graph to get some claims about the user, like their Name, picture, email, etc ... Step 11 and Step 12 in Figure E.

Finally, the OWIN middleware has enough information to create a ClaimsIdentity of an external login, and does so by granting an AuthenticationTicket associated with an ExternalCookie authentication type. The Facebook middleware packs all the claims from the Facebook backchannel into this cookie called .AspNet.ExternalCookie as shown in Step 13 in Figure E.

Lastly, the OWIN middleware redirects the user's browser *back* into the MVC layer (remember our old URL that originally kicked off the process? /api/auth/ExternalLogin). Yep. I know. But, this time, we're going to get past the original ChallengeResult because were coming back as an externally authenticated user with the help of [OverrideAuthentication]+ [HostAuthentication(ExternalCookie)], which sets up the User.Identity.IsAuthenticated to return true skipping the challenge as shown below:

// GET api/auth/ExternalLogin
[Route("ExternalLogin", Name = "ExternalLogin")]
public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
    if( error != null )
        return Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error));

    //ANONYMOUS will always get trapped here.
    if( !User.Identity.IsAuthenticated )
        return new ChallengeResult(provider, this);

    var externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);

    if( externalLogin == null )
        return InternalServerError();

    if( externalLogin.LoginProvider != provider )
        return new ChallengeResult(provider, this);

    var user = await this.UserManager.FindAsync(new UserLoginInfo(externalLogin.LoginProvider, externalLogin.ProviderKey));

    var hasRegistered = user != null;

    if( hasRegistered )

        var oAuthIdentity = await this.UserManager.GenerateUserIdentityAsync(user, OAuthDefaults.AuthenticationType);
        var cookieIdentity = await this.UserManager.GenerateUserIdentityAsync(user, CookieAuthenticationDefaults.AuthenticationType);

        var properties = this.UserManager.CreateProperties(user);

        Authentication.SignIn(properties, oAuthIdentity, cookieIdentity);
        return Redirect(Url.Content("~/app#home"));

    //so even if we get here, ANONYMOUS will never get this far.
    //The browser has been authorized by an external provider.
    //The next step is for the browser to call /RegisterExternal
    //to register an account. We'll throw up an authorized splash to confirm.

    return Redirect(Url.Content("~/app#/authorized"));

This time, we hit the bottom of the /api/ExternalLogin call.  This is the part where you can customize the login process. The OWIN middleware has already done the hard work for you. In the case where the user has never registered on WebApp, you have a small window of time to use the ExternalCookie login information for purposes of registration. We redirect the user's browser to ~/app#/authorized, where we throw up a screen and ask for a username. The user clicks "Register" which then calls our Web API endpoint /api/auth/RegisterExternal.

// POST api/auth/RegisterExternal
public async Task<IHttpActionResult> RegisterExternal(RegisterExternalBindingModel model)
    if( !ModelState.IsValid )
        return BadRequest(ModelState);

    var info = await Authentication.GetExternalLoginInfoAsync();
    if( info == null )
        return InternalServerError();

    var user = await this.UserManager.FindAsync(info.Login);
    var hasRegistered = user != null;
    if( hasRegistered )
        return BadRequest("External user already registered.");

    user = new User() { UserName = model.Email, Email = model.Email };

    var result = await this.UserManager.CreateAsync(user);
    if( !result.Succeeded )
        return GetErrorResult(result);

    result = await this.UserManager.AddLoginAsync(user.Id, info.Login);
    if( !result.Succeeded )
        return GetErrorResult(result);
    return Ok();

And our user now has a local account.

Next blog post I'll will show how to transform the ExternalCookie AuthenticationType into a local usable access_token for Token Barer Authentication for Web API during the life time of the SPA application.

Brian Chavez

Add Comment Filed Under [ ASP.NET C# ]
Newbies Guide to Aurelia and TypeScript

npxbj[1] So, after about 24 hours trying to understand and establish a workflow for a new JS framework called Aurelia and TypeScript, I think I've finally forged a path to use both in harmony in Visual Studio 2013.

First, some important concepts

Aurelia is written in ES6/ES7. Aurelia is distributed through jspm. The Aurelia distribution through jspm is ES5 code. Aurelia ES5 via jspm is runnable inside your browser.

If you plan on writing view models in TypeScrypt then all you need to be concerned about is transpiling your App.ts (*.ts) View Models into ES5 code.

Get the Tools

To get setup, you're going to need:



Be sure you can access git and npm from the command line before continuing.

Setup the Framework

Next, in a command prompt make sure you have the following installed:

npm install jspm -g

npm install tsd -g

At this point, you should go to your github account and create an access token for jspm because jspm will hit a lot of github repos when resolving dependencies. This means you can run up against an anonymous rate limit rather quickly. I did! Also, ensure the token you generate also has "public_repo" permission with it; otherwise you'll run up against the same rate limit as an anonymous user and jspm requests will get 404s & projects not found. Do not skip this step.

Use the following command to configure jspm and github:

jspm registry config github

Create a working folder for your project, and:

tsd init

jspm install aurelia-framework

jspm install aurelia-bootstrapper

Copy all the *.d.ts type definitions inside "jspm_packages\github\aurelia" into a new folder "\typings\aurelia".

Then run in the root of your project folder:

tsd rebundle

>> added:
    - aurelia/aurelia-binding.d.ts
    - aurelia/aurelia-dependency-injection.d.ts
    - aurelia/aurelia-event-aggregator.d.ts
    - aurelia/aurelia-framework.d.ts
    - aurelia/aurelia-history-browser.d.ts
    - aurelia/aurelia-history.d.ts
    - aurelia/aurelia-loader-default.d.ts
    - aurelia/aurelia-loader.d.ts
    - aurelia/aurelia-logging-console.d.ts
    - aurelia/aurelia-logging.d.ts
    - aurelia/aurelia-metadata.d.ts
    - aurelia/aurelia-path.d.ts
    - aurelia/aurelia-route-recognizer.d.ts
    - aurelia/aurelia-router.d.ts
    - aurelia/aurelia-task-queue.d.ts
    - aurelia/aurelia-templating-binding.d.ts
    - aurelia/aurelia-templating.d.ts

Your "typings\tsd.d.ts" file should have all the necessary references now.

Note: There is a TypeScript bug in "aurelia/aurelia-binding.d.ts", see Issue 124 for the fix.

Almost there ...

Get corejs.d.ts and es6.d.ts from this repo and add both into "typings\". You will need to reference these in your *.ts files.

At this point, you can create an empty MVC project inside your working folder at root level. Configure your routes and add a simple view with (no layout). IE: Your .csproj file should be in the same directory with your proejct.json and config.js file.

If you're using Visual Studio, make sure your TypeScript compiler "Module system" is set to AMD. Project > Properties > TypeScript Build: Module system


Create an app.ts file in the root project folder:

/// <reference path="typings/tsd.d.ts" />
/// <reference path="typings/es6.d.ts" />
/// <reference path="typings/core-js.d.ts" />

import {Router} from 'aurelia-router';

export class App {
    constructor() {
        this.message = "Hello World";


console.log("THIS APP RAN!");

SAVE. Your app.ts -> app.js should have AMD module layout.

Create an app.html view in the root project folder:

    <h2>My App</h2>



Create an index.cshtml file (Razor / No Shared Layout) or plain html file (without ~ src paths):

<!DOCTYPE html>

    <meta name="viewport" content="width=device-width" />
    <script src="~/jspm_packages/system.js"></script>
    <script src="~/config.js"></script>
<body aurelia-app>


Run the app, make a request for the application index and poof!


Much success. :)


PRO TIP: Going the extra mile to get decorators working with Dependency Injection


SEE UPDATE: Using TypeScript 1.5 RTM and VS2015

If you're using Gulp, this is really easy, use a tsconfig.json  and enable emitDecoratorMetadata CompilerOptions flag. If you're using gulp-typescript pass a configure options object with emitDecoratorMetadata : true.

If you're using Visual Studio 2013, unload your .csproj, and edit the configuration. Locate the following MSBuild props and add TypeScriptAdditionalFlags:

<PropertyGroup Condition="'$(Configuration)' == 'Debug'">
    <TypeScriptAdditionalFlags> $(TypeScriptAdditionalFlags) --emitDecoratorMetadata </TypeScriptAdditionalFlags>

SAVE. Reload the project. Restart Visual Studio to make sure these changes really take effect. Hit the "Rebuild" on your project and you should now see your decorators working. How? You should see __metadata in the output:


Unfortunately, modifying your .csproj will only work with "MSBuild" invocations like "Build/Rebuild". This will not work with compile-on-SAVE option inside VS. If you want a workflow of compile-on-SAVE, you'll ultimately need to use gulp. I really tried hunting for the compiler options VS uses for compiling-on-SAVE but I couldn't find the hook point. I suspect it's somewhere deep inside Microsoft's closed-source TypeScript plug-in for VS2013. TypeScriptAdditionalFlags is simply not picked up by the VS 2013 TypeScript plug-in. Hopefully, this changes in TypeScript 1.5 RTM.

If you decide to use gulp for compile-on-SAVE ensure you DISABLE compile-on-save inside Visual Studio your project options:


Otherwise, both gulp and VS will overwrite each other.

PRO TIP: Using jspm to use packages that are not "officially" in the global registry

Credits to @grofit for the tip:

jspm's global register is rather limited compared to something like bower.io. For example, toastr isn't inside the jspm registry, but you could do this:

jspm install github:CodeSeven/toastr

     Looking up github:CodeSeven/toastr
     Updating registry cache...
     Downloading github:CodeSeven/toastr@2.1.1
ok   Installed CodeSeven/toastr as github:CodeSeven/toastr@^2.1.1 (2.1.1)
ok   Install tree has no forks.

ok   Install complete.

PRO TIP: Using jQuery Plugins with Aurelia


PRO TIP: Careful using SystemJS + CSS bundling

Currently, if you use Aurelia's bundling and SystemJS CSS loading; the result bundle may have CSS files in wrong order.

PRO TIP: Careful of camelCase names in View Models


Has to do with hyphenations and DOM elements:


* Since it's a dom attribute it's not valid html so Aurelia will automatically hyphenate and try match an attribute.

* Simply put when you have a name that camel case you need to separate it with -


Have fun :)

Brian Chavez

Date Recurrence Library for .NET/C#


It's quite unfortunate stackoverflow is closing down questions like this:

Actually, I wish they changed this policy since the field of "what's best" is constantly changing. Normally, I'd contribute to the question and others would vote on that suggestion. The best answer usually bubbles up to the top and *that* is useful. New libraries are created all the time.

Anyway, for those of you looking for a date recurrence library, I'd like to recommend:

There are others, but I've used this before and works really well. The main class you'll need to work with is the Recurrence  in the EWSoftware.PDI name space. For example:

public void test()
    var r = new Recurrence();

    var starting = DateTime.Today;
    var ending = DateTime.Today.AddDays(7);

    var dates = r.InstancesBetween(starting, ending);
    foreach( var occurrence in dates )


5/25/2015 12:00:00 AM
5/27/2015 12:00:00 AM
5/29/2015 12:00:00 AM
5/31/2015 12:00:00 AM

Also, if you find it useful, consider making a donation to him. I actually bought a license to his PDI library way back when before he open-sourced it. He's also the author of the VS2013 spell checker plug-in. Legit.

RethinkDB Gems

After idling in the RethinkDB freenode IRC chat, I think I'm going to start a collection of very good Q/A that I see:

<dubcanada> One more question, is there an easy way to duplicate all the content in the DB
<dubcanada> I'm trying to fill it up with a ton of records for testing but it seems to be taking forever lol
<AtnNn> dubcanada: you can do something like r.table('foo').insert(r.table('foo').without('id'))

Search for documents without field:

<nicklovescode> what's the best way to search for documents without a field? I tried .filter({ foo: undefined }) but that got an error
<srh_> nicklovescode: you can use .filter(r.row.hasFields('foo').not())

How to implement failover:

20:20 <bg__> i also have a question regarding failovers
20:22 <bg__> until #223 is resolved, is there a suggestion regarding how I should handle failovers? Meaning, if i have services that are using my rethinkdb, and I have tables that have replicas, how can I ensure I'm not trafficing requests to an unresponsive node?
20:23 <neumino> You need to have a connection opened to the server
20:23 <neumino> If the connection is dropped
20:23 <neumino> You can try to connect to another server
20:23 <bg__> okay. so lets say i have web1 and web2 which are nodejs web servers
20:24 <bg__> and they handle requests that require them connecting to rethinkdb and reading from one table
20:24 <bg__> and because im afraid of one serving dying in the middle of the night, i have two rethinkdb servers, rethink1 and rethink2
20:25 <bg__> what connection string do I use to have web1 and web2 connect to rethink1 and rethink2 that protects me if rethink1 or rethink 2 goes down
20:25 <bg__> i only have web1 and rethink1 right now. web1 explicitly connects to rethink1
20:25 <bg__> but I'm reaching a point where that is not safe
20:26 <neumino> Hum
20:26 <bg__> did that make sense?
20:27 <neumino> bg__, if the master of your table fails, you won't be able to write until you declare the master dead
20:27 <neumino> We currently don't have a nice way to do it, but the coreos folks did it that way:
20:27 <neumino> They fetch `http://server:8080/ajax`
20:27 <neumino> They fetch `http://server:8080/ajax/issues`
20:27 <neumino> If there is a dead machine
20:28 <neumino> They start a script that is going to kill it using `rethinkdb admin`
20:29 <bg__> ah ha.
20:29 <bg__> i did not know about those two end points
20:30 <bg__> i was going to have a script that polled the server
20:30 <bg__> i just wasnt sure what endpoint to use
20:30 <bg__> those seem to do the trick
20:31 <bg__> thanks@!
20:31 <bg__> is there any documentation about that?
20:32 <neumino> Hum not really :/
20:32 <neumino> If you start `rethinkdb admin`
20:32 <neumino> And then send `help`, you should get the docs for `rethinkdb admin`
20:32 <neumino> For `ajax/issues`, there is no doc for now
20:33 <neumino> Try to kill a server and you will see the error you get
20:33 <bg__> i meant /ajax and /ajax/issues
20:33 <neumino> It's something like "DEAD_MACHINE" I think
20:33 <neumino> Oh
20:33 <bg__> both seem very important to someone trying to use rethinkdb as a distributed system
20:33 <bg__> getting around this isn't difficult now that i know about those
20:42 <bg__> just out of curiousity, when you say 'the way the coreos folks did it' what do you mean?
20:45 <neumino> Oh, the engineers at coreos needed to set up a kind of failover with rethinkdb
20:45 <neumino> and that's what they did
20:45 <neumino> It's kind of the only solution now ^^
20:45 <neumino> (well you could skip `rethinkdb admin` and craft post request like the web interface do
20:46 <bg__> oh, got it.
20:46 <bg__> its a great solution for now.

Performance filtering:

<thelinuxlich> something that is bugging me these days
<thelinuxlich> is it more performant to do a filter before or after a eqJoin ?
<AtnNn> if your filter only needs fields from the left table, it is better to filter before the join
<AtnNn> thelinuxlich: ^
<thelinuxlich> AtnNn: what if it uses a single field on the right side, should I filter before eqJoin on the left and after eqJoin on the right?
<AtnNn> yes, if you can independently filter from both tables
<thelinuxlich> this is a bit confusing

Convert Unix Endings to DOS/Windows using Cygwin/TCSH

Small note for me, which converts all *.cs files recursively in a directory:

find ./**/*.cs -type f -exec unix2dos {} \;

Happy coding,
Brian Chavez

Visual Studio 2013 Loading Splash Screen Slow

I recently experienced Visual Studio 2013 loading very slowly at the splash screen. It was noticeable since I'm on a very fast dev box and accustomed to VS 2013 loading very fast (normally under 10 seconds).

So, something defiantly changed.

Problem turns out that I had recently opened a project under Git source control located on a remote share.

The remote share was no longer available, yet, the Team Foundation Git Source Control provider was still probing the network share which took up a significant part of the loading time. I suppose the Git provider was waiting for a network timeout.

Anyway, to resolve the issue simply remove the offending network shares under Git source control located here:


Under the Repositories key, you'll find a stash of GUIDs for each project the Git provider keeps track of. Locate the offending GUID keys that contain the network shares you want to remove and remove the entire GUID entry (along with the contents) -- and all should be well.

Happy coding,
Brian Chavez

@functions "This is not a valid location for a breakpoint" in Visual Studio 2013

Working with Visual Studio 2013 and I tried to set a breakpoint in "@fucntions" bout got back an error message that read:

This is not a valid location for a breakpoint.


That's funny, because it works in Visual Studio 2012. See:


Oh well, as a work around, move the @functions block up to the beginning of the cshtml razor view, and you should be able to once again set breakpoints:


Why? Who knows. :/


Installing Freelan on Windows Server 2012

So, I was trying out Windows Server 2012. I tried installing freelan (http://www.freelan.org) as a service. If you know me, I'm a big fan of freelan, but for some reason, after every cold boot, there was no connectivity to the node over VPN. Specifically, this problem was only occurring on Windows Server 2012.

Generally speaking, I think it has to do with the freelan acquiring the OpenVPN TAP adapter. Changes in the operating system driver infrastructure in Windows Server 2012 somehow goofs up the freelan application as it tries to initialize itself and the driver.

Turns out, you need to force the TAP adapter to a connection state of "Always Connected". Somehow, when the TAP adapter is set to "Always Connected", Windows then makes the TAP adapter available to the OS networking infrastructure. So when freelan tries to initialize it, it's available for use. Network problem solved.

Here's how to do it. First, open the TAP adapter status, then click Properties.


Next, click Configure.


Set the Media Status to Always Connected.

This probably has a lot to do with people generally using OpenVPN's TAP adapter on Windows 8 or 8.1 too. Or, maybe freelan is just packaged with an old out-dated OpenVPN TAP adapter.



Clicking Outlook links open Blank/Empty Page in Chrome

Quick Note

google-chrome-about-crash Under the following conditions:

  • Google Chrome set as the default browser.
  • Microsoft Outlook running in "Windows XP" compatibility mode.

Clicking on links inside emails (or any hyperlink even inside contacts), Google Chrome will open up in a blank "Untitled" tab. UI menus and the ominibox are completely unresponsive.

Turns out, running Microsoft Outlook in "Windows XP" compatibility mode will cause Google Chrome to fail to open links in Outlook.

So, disable "compatibility mode" and all should be well.


Hope that helps,
Brian Chavez