GDPR Pro Module issue #8915

elie.khadij created 12 days ago

ABP Framework version: v8.2.1
UI Type: Angular /
Database System: EF Core (PostgreSQL)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue:
We are using GDPR Pro module with its default configuration. The thing is we are calling DELETE /api/gdpr/requests since as per documentation it will delete user data and delete permanently the account. Based on our traces, nothing is going wrong the endpoint returning 204 and showing in log Get dynamic claims of the account in hand retrieved from cache. When the request is finished, im going to redis and search for a key that has the user Guid im still able to retrieve the permission grants of the user and when i query the database i still find the user in AbpUsers table and can login normally. To bypass the issue i created an event handler https://abp.io/community/articles/abp-commercial-gdpr-module-overview-kvmsm3ku in order to hard delete the user, apparently there is something competing with my event handler since it requires me multiple request to catch the event in my handler. any idea?

EngincanV created 12 days ago

Support Team .NET Developer

Hi, in GDPR module, when you request to delete your account, in the identity pro module an event handler works to delete the user. So, the GDPR module doesn't specifically delete the user rather publish an event to let identity pro to delete the user (soft-delete) and anonymize user data.

So, in your database, the user should be there, but it should be soft deleted in the application and you should be able to see the user's record with IsDeleted field as true.

Regards.

elie.khadij created 12 days ago

Hello, The thing is that the user is not being deleted. IsDeleted is false and im able to login. To note that when we send the delete request and receive 204 we are performing a logout operation. Do you think that this is causing the issue?

EngincanV created 12 days ago

Support Team .NET Developer

Hello, The thing is that the user is not being deleted. IsDeleted is false and im able to login. To note that when we send the delete request and receive 204 we are performing a logout operation. Do you think that this is causing the issue?

Actually, this shouldn't affect it but it might be. I'll check this scenario.

elie.khadij created 12 days ago

Is there also anyway to perform a hard delete on it ? since GDPR requires removing all the data from our database. To note that why i do still permission grants in my cache while clearing the data?

elie.khadij created 12 days ago

I removed the log out thing, still same issue. I believe that the Identity Module Pro is capturing the user normally but not deleting it.

EngincanV created 12 days ago

Support Team .NET Developer

I removed the log out thing, still same issue. I believe that the Identity Module Pro is capturing the user normally but not deleting it.

Hi, there might be a problem as you stated. Our qa team will test this scenario and I'll let you know.

Regards.

elie.khadij created 12 days ago

Ok thank you waiting for your feedback.

EngincanV created 12 days ago

Support Team .NET Developer

Ok thank you waiting for your feedback.

Our QA team will test it today and I will write you back asap. Thanks for understanding.

elie.khadij created 9 days ago

Hello, hope you are doing well, any updates?

EngincanV created 9 days ago

Support Team .NET Developer

Hello, hope you are doing well, any updates?

Hi, sorry for the late response. Our QA team tested your situation but unfortunately they could not reproduce the problem. They created an angular application with the separate auth server option in the relevant version. Did you override any service of the GDPR module or make any customizations that may affect the normal behaviour?

Or by any chance, can you share your solution via email to support@abp.io (with the ticket number), so I can better assist you?

Regards.

elie.khadij created 8 days ago

Hello, thank you for your reply, unfortunately, I can't share my solution since I have an NDA, but we can go on a teams meeting if you want.

EngincanV created 8 days ago

Support Team .NET Developer

Hi again, there is an IdentityGdprEventHandler.cs class in the Volo.Abp.Identity.Pro.Domain project, and it's responsible for subscribing to the published deletion event and make the anonymization for the user and soft deleting it. Do you have any logs that indicate and error occurred in that class?

Can you check your logs please? And if you see the related log, please share it so, we can better investigate it.

elie.khadij created 8 days ago

Hello

this is the log of the request

`[11:37:14 INF] Request starting HTTP/2 DELETE https://localhost:44384/api/gdpr/requests - null null
[11:37:14 INF] CORS policy execution successful.
[11:37:14 DBG] Get dynamic claims cache for user: 6b5b0ce7-2743-47b7-aa6e-38c87c0d7966
[11:37:14 INF] Executing endpoint 'Volo.Abp.Gdpr.GdprRequestController.DeleteUserDataAsync (Volo.Abp.Gdpr.HttpApi)'
[11:37:14 INF] Route matched with {area = "gdpr", controller = "GdprRequest", action = "DeleteUserData"}. Executing controller action with signature System.Threading.Tasks.Task DeleteUserDataAsync() on controller Volo.Abp.Gdpr.GdprRequestController (Volo.Abp.Gdpr.HttpApi).
[11:37:14 DBG] Added 0 entity changes to the current audit log
[11:37:14 INF] Executed action Volo.Abp.Gdpr.GdprRequestController.DeleteUserDataAsync (Volo.Abp.Gdpr.HttpApi) in 27.298ms
[11:37:14 INF] Executed endpoint 'Volo.Abp.Gdpr.GdprRequestController.DeleteUserDataAsync (Volo.Abp.Gdpr.HttpApi)'
[11:37:14 DBG] Added 0 entity changes to the current audit log
[11:37:14 DBG] Added 0 entity changes to the current audit log
[11:37:14 DBG] Added 0 entity changes to the current audit log
[11:37:15 INF] Request finished HTTP/2 DELETE https://localhost:44384/api/gdpr/requests - 204 null null 959.9198ms

[11:37:28 DBG] Get dynamic claims cache for user: 6b5b0ce7-2743-47b7-aa6e-38c87c0d7966
[11:37:28 WRN] The operation was canceled.
System.OperationCanceledException: The operation was canceled.
at System.Threading.CancellationToken.ThrowOperationCanceledException()
at Microsoft.Extensions.Caching.StackExchangeRedis.RedisCache.GetAsync(String key, CancellationToken token)
at Volo.Abp.Caching.DistributedCache2.GetAsync(TCacheKey key, Nullable1 hideErrors, Boolean considerUow, CancellationToken token)`

This is the only log there thus the event you re stating I can't access its class or anything. to note in my breakpoints in visual studio there is one on GdprDeleteEventHandler on line 26

EngincanV created 8 days ago

Support Team .NET Developer

Hello

this is the log of the request

`[11:37:14 INF] Request starting HTTP/2 DELETE https://localhost:44384/api/gdpr/requests - null null
[11:37:14 INF] CORS policy execution successful.
[11:37:14 DBG] Get dynamic claims cache for user: 6b5b0ce7-2743-47b7-aa6e-38c87c0d7966
[11:37:14 INF] Executing endpoint 'Volo.Abp.Gdpr.GdprRequestController.DeleteUserDataAsync (Volo.Abp.Gdpr.HttpApi)'
[11:37:14 INF] Route matched with {area = "gdpr", controller = "GdprRequest", action = "DeleteUserData"}. Executing controller action with signature System.Threading.Tasks.Task DeleteUserDataAsync() on controller Volo.Abp.Gdpr.GdprRequestController (Volo.Abp.Gdpr.HttpApi).
[11:37:14 DBG] Added 0 entity changes to the current audit log
[11:37:14 INF] Executed action Volo.Abp.Gdpr.GdprRequestController.DeleteUserDataAsync (Volo.Abp.Gdpr.HttpApi) in 27.298ms
[11:37:14 INF] Executed endpoint 'Volo.Abp.Gdpr.GdprRequestController.DeleteUserDataAsync (Volo.Abp.Gdpr.HttpApi)'
[11:37:14 DBG] Added 0 entity changes to the current audit log
[11:37:14 DBG] Added 0 entity changes to the current audit log
[11:37:14 DBG] Added 0 entity changes to the current audit log
[11:37:15 INF] Request finished HTTP/2 DELETE https://localhost:44384/api/gdpr/requests - 204 null null 959.9198ms

[11:37:28 DBG] Get dynamic claims cache for user: 6b5b0ce7-2743-47b7-aa6e-38c87c0d7966
[11:37:28 WRN] The operation was canceled.
System.OperationCanceledException: The operation was canceled.
at System.Threading.CancellationToken.ThrowOperationCanceledException()
at Microsoft.Extensions.Caching.StackExchangeRedis.RedisCache.GetAsync(String key, CancellationToken token)
at Volo.Abp.Caching.DistributedCache2.GetAsync(TCacheKey key, Nullable1 hideErrors, Boolean considerUow, CancellationToken token)`

This is the only log there thus the event you re stating I can't access its class or anything. to note in my breakpoints in visual studio there is one on GdprDeleteEventHandler on line 26

Hi, it seems your redis server is not up and running. This might be the reason for your problem. Redis is needed to obtain a distributed lock. By any chance, can you run redis and retry again, and let me know about the status?

Regards.