Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-23971

If a user is removed while logged in, session for that user will throw an exception

    Details

      Description

      if user that is currently logged in is removed, the session/tab where the user is navigating will throw an exception

      Could not find 'Content' with identifier 'array (
      'id' => '32469',
      'languages' => NULL,
      'versionNo' => NULL,
      )'
      500 Internal Server Error - NotFoundException
      1 linked Exception: NotFoundException 
      

      steps to reproduce
      1) Create a new user: user_001
      2) Open a private window, log into the frontend using a siteaccess in legacy mode with user_001
      3) in the the backend, delete user_001
      4) Go to the logged user_001 session and navigate to any link. You will get the error above.

      note: using a Sf siteaccess, the error is a "403 Forbidden - AccessDeniedHttpException"

      in the documentation, there is a warning that users should not be removed, here:
      https://doc.ez.no/eZ-Publish/User-manual/4.x/Daily-tasks/Managing-users

      however, when user_001 is deleted in admin, the user's browser has no information of the event, and keeps sending session data that the server accepts as valid. this is not the same case as access to an object created by a removed user (such as an old comment)

      1. delete_user_error.log
        22 kB
        Eduardo Fernandes
      2. delete_user_error.pdf
        222 kB
        Eduardo Fernandes

        Issue Links

          Activity

          Hide
          Gunnstein Lye added a comment -

          Thanks, I confirm this behaviour ("Could not find 'Content' with identifier....") when testing on the admin backend, git master.

          Show
          Gunnstein Lye added a comment - Thanks, I confirm this behaviour ("Could not find 'Content' with identifier....") when testing on the admin backend, git master.
          Hide
          Gunnstein Lye added a comment - - edited

          PR: https://github.com/ezsystems/LegacyBridge/pull/11
          Edit: Feedback says this isn't the way to go either.

          Show
          Gunnstein Lye added a comment - - edited PR: https://github.com/ezsystems/LegacyBridge/pull/11 Edit: Feedback says this isn't the way to go either.
          Show
          Jérôme Vieilledent (Inactive) added a comment - PRs: LegacyBridge: https://github.com/ezsystems/LegacyBridge/pull/12 ezpublish-kernel: https://github.com/ezsystems/ezpublish-kernel/pull/1188
          Show
          Jérôme Vieilledent (Inactive) added a comment - Fixed in: ezpublish-kernel master: https://github.com/ezsystems/ezpublish-kernel/commit/7597401a9beed73ff7846f523c5c7d3e07e8d195 LegacyBridge master: https://github.com/ezsystems/LegacyBridge/commit/eec335650df405448c9e72eede56d1201a215e15
          Hide
          Rui Silva (Inactive) added a comment -

          Tested and approved by QA.

          Show
          Rui Silva (Inactive) added a comment - Tested and approved by QA.

            People

            • Assignee:
              Unassigned
              Reporter:
              Paulo Bras (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 27 minutes
                1d 27m