Open Closed

SAAS Module on Blazor Server APP #5103


User avatar
0
david.hurtado created

The login page of the authority's module is not validating that the selected tenant has been deleting or its expiration period has expired. Therefore, it allows me to login with non-existent tenants. If a user switches tenants and tries to select one that is deleted or has already expired, it performs the validation, but when the tenant is cached, it allows the login to proceed.

  • ABP Framework version: v7.0.1
  • UI type: Blazor Server
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Allows login with tenants deleted or expired period.
  • Steps to reproduce the issue:"
  • Create a new tenant, make a login.
  • With other browser erase that tenant, login with cached user a let get in into deleted tenant.

What we could do to validate this situation?


1 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    With other browser erase that tenant,

    There should be an exception page if the current tenant is deleted or disabled.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15