search

FusionAuth / fusionauth-issues

FusionAuth issue submission project
https://fusionauth.io
90 stars 12 forks source link

[Bug]: FusionAuth enters loop writing and deleting the IP location MaxMind file if the file is invalid but the checksums were valid #2673

Closed lyleschemmerling closed 6 months ago

lyleschemmerling commented 7 months ago

What happened?

When we download the IP Location database for the advanced threat detection feature we do few checks in different places to ensure that file is valid. However an invalid file, ip-location-2024-02-01T101059Z.mmdb, made it through the system such that the checksum from Reactor was valid however the file itself could not be read as a maxmind database file.

The result is that FusionAuth will enter a loop of writing out and then deleting the version of the file that it has stored in the database. Because the file is invalid after writing it to the filesystem it deletes it and tries again on the next interval, but it will never reach out to reactor to download an updated file.

Workaround

The problematic file has been removed from the server and is no longer available for download. The data needs to be cleared from the database and then FusionAuth can download and run the newer files available from reactor.

Version

1.48.3

Affects Versions

1.47.0 - 1.49.1

Related

Release Notes

FusionAuth systems that were running version 1.47.0 or greater between the dates of February 1st, 2024, and February 23rd, 2024 that had the Advanced Threat Detection feature enabled may have downloaded a corrupted IP Location database file from our Reactor server. Once downloaded the system will no longer reach out to Reactor to download an updated file. If there was no other valid IP location database file previously downloaded on the FusionAuth system the advanced threat detection feature may have never moved past a "pending" state, otherwise, there was likely a repeated message in the FusionAuth logs of ERROR io.fusionauth.api.service.cache.MaxMindDatabaseLoader - Could not find a MaxMind DB metadata marker in this file (ip-location-2024-02-01T101059Z.mmdb). Is this a valid MaxMind DB file?.

All FusionAuth Cloud Hosted instances have been corrected but any self-hosted instances should pick up this update to correct the issue. This fix also ensures that if any invalid file is downloaded in the future the system will correctly reject it and attempt to download a valid file again from Reactor.

lyleschemmerling commented 6 months ago

Internal:

lyleschemmerling commented 6 months ago

Internal: