- ABP Framework version: v4.4.4
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Exception message and stack trace:
- Steps to reproduce the issue:"
Today we faced a really critical problem, all logged in user's in the system (belongs to different tenants) started to be behave like logged in via same tenant and user like XTenant\XUser to the system. Angular side was showing this same tenant and user in top of the right (profile) area. In thi situation we opened Linked Accounts and screen was like below. The problem has been solved after restarting service (app). This problem occured second time. Because of the user's belongs to different tenants see the unrelated (unauthorized) data, this problem is really critical for us. We need urgent support for this.
We are not sure if related with problem, but want to share as an extra information, we realised below error on logs approximately same time:
Invalid extension grant{"error":"TheTargetUserIsNotLinkedToYou"}, details: {"ClientId":"MyApp_App","ClientName":"MyApp_App","GrantType":"LinkLogin","Scopes":"XProject offline_access","AuthorizationCode":"********","RefreshToken":"********","UserName":null,"AuthenticationContextReferenceClasses":null,"Tenant":null,"IdP":null,"Raw":{"grant_type":"LinkLogin","LinkUserId":"39fb9b1b-1ccc-51d0-f52a-964600e6ed13","access_token":"**","client_id":"MyApp_App","client_secret":"***REDACTED***","scope":"offline_access XProject","LinkTenantId":"3a031155-0c87-72e8-5057-48a94e23fce3"},"$type":"TokenRequestValidationLog"}
Note:There are 162 rows in AbpLinkUsers table
14 Answer(s)
-
0
hi
Did you make any changes? Is the cache server data correct?
Can you share a username and password for me to check it online?
liming.ma@volosoft.com
-
0
we changed nothing. we sent connection information to your email.
-
0
hi
Can I check the website online first?
-
0
Hi maliming,
We send username and password to your mail.
-
0
-
0
As we wrote at first message after restart service the problem lost for now. And i created a host user to you, but the problem occurs under all tenants. And the problem is, the users who see another tenant and account data has not linked account. But the system was behaving like all users has logged in with a specific account (which has linked users and has account under all tenants). Which kind of user you want to see to understand or trace the problem?
-
0
I need to be able to reproduce the problem. then I can start troubleshooting.
-
0
After restarting service problem lost. But we have faced with this problem 2 times. We have this problem on production environment and may cause data leaks. So we cannot wait in a stuation like this. We can share log file with you, or any other thing you want. But as i said it is not possible to wait in stiuation for troubleshooting. How can we find another way to understand the problem?
-
0
We can share log file with you
OK, Please share the full logs.
-
0
Shared the log file via email. We think problem starts on 2022-06-09 09:48:37 on logs
-
0
hi
If this is urgent for you, you can temporarily disable this feature by overriding methods in
IdentityLinkUserController
, returning an empty list, etc., until we find out why.In the meantime, you can deploy a version in another environment to try to reproduce the problem.
-
0
I would check the code of the module based on your logs.
-
0
We have a seperate test environment, we did not faced with this problem yet on test env. We will add some linked users and try to cause same problem in test environment to reproducte the problem.
Also remove all linkedAccounts does the same thing with your suggestion?
I could not understand what you mean with
I would check the code of the module based on your logs.
I send log file to you, is enough or do you expect anything from our side? -
0
hi
I will check the code of the module, you just need to find a way to reproduce the problem.