0
david.hurtado created
The login page of the authority's module is not validating that the selected tenant has been deleting or its expiration period has expired. Therefore, it allows me to login with non-existent tenants. If a user switches tenants and tries to select one that is deleted or has already expired, it performs the validation, but when the tenant is cached, it allows the login to proceed.
- ABP Framework version: v7.0.1
- UI type: Blazor Server
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Allows login with tenants deleted or expired period.
- Steps to reproduce the issue:"
- Create a new tenant, make a login.
- With other browser erase that tenant, login with cached user a let get in into deleted tenant.
What we could do to validate this situation?
1 Answer(s)
-
0
hi
With other browser erase that tenant,
There should be an exception page if the current tenant is deleted or disabled.
