SOLVED session mismatch error after deleting user

baris

What is your config.json? Are sessions stored in mongodb or redis?

KnickKnack

@baris thanks a lot! You brought me into the right direction.

I've queried the DB for db.getCollection('objects').find({"_key":{$regex:'maxonIDId:uid'}}) and deleted the found object. This just made the trick and disconnected the retuned OAuthID from the actual nodebb uid.

Thanks a lot for looking at the thread and also checking the my code!

Really appreciated you're awesome guys!

KnickKnack

@baris

config.json looks like

{
    "url": "https://aaa.bbb.ccc.ddd",
    "secret": "xxxxxxxxxxxxxxxxxxxxxxx",
    "database": "mongo",
    "mongo": {
        "uri": "mongodb://nodebb:nodebb-pass@localhost/nodebb",
	    "uri_long": "mongodb://nodebb:nodebb-pass@localhost/nodebb"
    },
    "port": "4567",
    "socket.io": {
        "origins": "https://aaa.bbb.ccc.ddd:*"
    },

and looking in the DB I see in the sessions collections

/* 1 */
{
    "_id" : "bzuVRBphBzKSUZ3Yt9VxEQUPuJoU5nKh",
    "expires" : ISODate("2021-03-05T15:41:25.409Z"),
    "session" : "{\"cookie\":{\"originalMaxAge\":1209600000,\"expires\":\"2021-03-05T15:41:17.902Z\",\"secure\":true,\"httpOnly\":true,\"path\":\"/\",\"sameSite\":\"Lax\"},\"returnTo\":\"/\",\"flash\":{},\"passport\":{\"user\":8}}"
}

/* 2 */
{
    "_id" : "mqBJSla7h9jDaRjbdpEsCpbIaXpZxKIX",
    "expires" : ISODate("2021-03-05T17:02:35.259Z"),
    "session" : "{\"cookie\":{\"originalMaxAge\":1209600000,\"expires\":\"2021-03-05T17:02:34.250Z\",\"secure\":true,\"httpOnly\":true,\"path\":\"/\",\"sameSite\":\"Lax\"},\"returnTo\":\"/\",\"flash\":{},\"registration\":{\"returnTo\":\"/\",\"uid\":8},\"passport\":{\"user\":8}}"
}

I've tried already to delete anything in the sessions collection but with no better luck

To give better context consider that my user is attempting to authenticate using this OAuth2 plugin I've developed and nodebb get stuck as soon as I'm authenticated against my identity provider and I'm going to set my privacy settings

Thanks for any help

KnickKnack

@baris said in session mismatch error after deleting user:

Also can you try with this change https://github.com/NodeBB/NodeBB/commit/beb14273876406b69bb202ab2805926862e27879

@baris change done but no good result

PitaJ

Can you try a different browser or a private browser?

KnickKnack

@pitaj already done and sadly no better results

KnickKnack

Looking at one of the sessions object I've spotted
"registration\":{\"returnTo\":\"/\",\"uid\":8},\"passport\":{\"user\":8}}"

which seems like it's referring to the same uid that my user had before getting deleted. Looks like that re-registering myself with the same account tries to use the same uid.

Does it make any sense to you gurus?

Cheers, R

baris

What are the contents of this object constants.name + 'Id:uid' where they deleted when all users were deleted?

KnickKnack

This post is deleted!

KnickKnack

@baris thanks a lot! You brought me into the right direction.

I've queried the DB for db.getCollection('objects').find({"_key":{$regex:'maxonIDId:uid'}}) and deleted the found object. This just made the trick and disconnected the retuned OAuthID from the actual nodebb uid.

Thanks a lot for looking at the thread and also checking the my code!

Really appreciated you're awesome guys!

baris

That sounds good!, I think you should check your plugin and make sure the ids are deleted from that object, it seems like this code should do it not sure why it wasn't cleared when you deleted all users.