search

adorsys / XS2A-Sandbox

Open Source PSD2-compatible banking system emulator solution from adorsys
https://adorsys.com/en/products/modelbank/
GNU Affero General Public License v3.0
62 stars 40 forks source link

Same consent ID returns different users' accounts under concurrent load #109

Closed valb3r closed 2 years ago

valb3r commented 2 years ago

This is the random error that occurs under concurrent conditions. When getting user accounts under concurrent conditions (> 2 users active in parallel), same consent ID returns different user accounts: I.e. request for getting account list using consent ID p19QK8BlxLNsnnoag_qR6VtGo2PGWC4JX6OcQ3mIf0zjngEE6YMMTOCnUTRId2y66SWecYw6yBQe384Ykanddcz9MpaJIQIH3NJX8IHgetw=_=_psGLvQpt9Q and PSU-ID 0d0241806848434cb0b2e5d61832de3e returns IBAN DE56299553367764337291 in the account list that is associated to different user. This is part of the log that shows the issue:

2022-02-11 19:10:29.357  INFO 1 --- [nio-8089-exec-7] access-log                               : InR-ID: [8e76f6c3-9dda-493c-9310-1f6ff086e1d7], X-Request-ID: [d6dd485e-c6e9-4e51-97e4-39eb23e21de0], REQUEST - TPP ID: [PSDDE-FAKENCA-ID12345], TPP IP Address: [172.28.0.1], TPP Roles: [AISP,PISP,PIISP], URI: [/v1/accounts], Account ID: [Not exist in URI], Consent ID: [p19QK8BlxLNsnnoag_qR6VtGo2PGWC4JX6OcQ3mIf0zjngEE6YMMTOCnUTRId2y66SWecYw6yBQe384Ykanddcz9MpaJIQIH3NJX8IHgetw=_=_psGLvQpt9Q] 
2022-02-11 19:10:29.371  INFO 1 --- [nio-8089-exec-7] d.a.p.x.s.ais.AccountHelperService       : InR-ID: [8e76f6c3-9dda-493c-9310-1f6ff086e1d7], X-Request-ID: [d6dd485e-c6e9-4e51-97e4-39eb23e21de0], Corresponding PSU-ID PsuIdData(psuId=0d0241806848434cb0b2e5d61832de3e, psuIdType=null, psuCorporateId=null, psuCorporateIdType=null, psuIpAddress=null, additionalPsuIdData=null) was provided from request. 
2022-02-11 19:10:29.375  INFO 1 --- [nio-8089-exec-7] d.a.a.x.c.spi.impl.AccountSpiImpl        : InR-ID: [8e76f6c3-9dda-493c-9310-1f6ff086e1d7], X-Request-ID: [d6dd485e-c6e9-4e51-97e4-39eb23e21de0], Requested account list for consent with ID: 17602c35-8d2d-477f-8a8f-4ef52a324ee7 and withBalance: false 
2022-02-11 19:10:29.376  INFO 1 --- [nio-8089-exec-7] d.a.a.x.c.spi.impl.AccountSpiImpl        : InR-ID: [8e76f6c3-9dda-493c-9310-1f6ff086e1d7], X-Request-ID: [d6dd485e-c6e9-4e51-97e4-39eb23e21de0], Consent with ID: 17602c35-8d2d-477f-8a8f-4ef52a324ee7 is a global or available account Consent 
2022-02-11 19:10:29.405  INFO 1 --- [nio-8089-exec-7] request-log                              : InR-ID: [8e76f6c3-9dda-493c-9310-1f6ff086e1d7], X-Request-ID: [d6dd485e-c6e9-4e51-97e4-39eb23e21de0], uri: [/v1/accounts], requestHeaders: [x-gtw-aspsp-id: aa750320-2958-455e-9926-e9fca5ddfa92, consent-id: p19QK8BlxLNsnnoag_qR6VtGo2PGWC4JX6OcQ3mIf0zjngEE6YMMTOCnUTRId2y66SWecYw6yBQe384Ykanddcz9MpaJIQIH3NJX8IHgetw=_=_psGLvQpt9Q, psu-id: 0d0241806848434cb0b2e5d61832de3e, accept: application/json, x-request-id: d6dd485e-c6e9-4e51-97e4-39eb23e21de0, host: localhost:20014, connection: Keep-Alive, accept-encoding: gzip,deflate], requestPayload: [], responseStatus: [200], responseHeaders: [Vary: Origin, Vary: Origin, Vary: Origin, X-Request-Id: d6dd485e-c6e9-4e51-97e4-39eb23e21de0], responseBody: [{"accounts":[{"resourceId":"qaTu8mWARHghCGyqEDtYpg","iban":"DE56299553367764337291","currency":"EUR","name":"7c792a18607e466baa20457a5eb34351","displayName":"mock display name","cashAccountType":"CASH","status":"enabled","linkedAccounts":"s0BEDlKjQrkmFNAGNLR95A","usage":"PRIV"}]}] 
2022-02-11 19:10:29.405  INFO 1 --- [nio-8089-exec-7] access-log                               : InR-ID: [8e76f6c3-9dda-493c-9310-1f6ff086e1d7], X-Request-ID: [d6dd485e-c6e9-4e51-97e4-39eb23e21de0], RESPONSE - TPP ID: [PSDDE-FAKENCA-ID12345], Status: [200], consentStatus: [valid]

This is part of the log that shows correctly processed request:

2022-02-11 19:10:25.675  INFO 1 --- [nio-8089-exec-4] access-log                               : InR-ID: [fd34f8be-308a-4c7f-9f3d-f1d292cb4898], X-Request-ID: [f9317bee-90e9-4359-b66e-4a099837bd3a], REQUEST - TPP ID: [PSDDE-FAKENCA-ID12345], TPP IP Address: [172.28.0.1], TPP Roles: [AISP,PISP,PIISP], URI: [/v1/accounts], Account ID: [Not exist in URI], Consent ID: [p19QK8BlxLNsnnoag_qR6VtGo2PGWC4JX6OcQ3mIf0zjngEE6YMMTOCnUTRId2y66SWecYw6yBQe384Ykanddcz9MpaJIQIH3NJX8IHgetw=_=_psGLvQpt9Q] 
2022-02-11 19:10:25.690  INFO 1 --- [nio-8089-exec-4] d.a.p.x.s.ais.AccountHelperService       : InR-ID: [fd34f8be-308a-4c7f-9f3d-f1d292cb4898], X-Request-ID: [f9317bee-90e9-4359-b66e-4a099837bd3a], Corresponding PSU-ID PsuIdData(psuId=0d0241806848434cb0b2e5d61832de3e, psuIdType=null, psuCorporateId=null, psuCorporateIdType=null, psuIpAddress=null, additionalPsuIdData=null) was provided from request. 
2022-02-11 19:10:25.697  INFO 1 --- [nio-8089-exec-4] d.a.a.x.c.spi.impl.AccountSpiImpl        : InR-ID: [fd34f8be-308a-4c7f-9f3d-f1d292cb4898], X-Request-ID: [f9317bee-90e9-4359-b66e-4a099837bd3a], Requested account list for consent with ID: 17602c35-8d2d-477f-8a8f-4ef52a324ee7 and withBalance: false 
2022-02-11 19:10:25.697  INFO 1 --- [nio-8089-exec-4] d.a.a.x.c.spi.impl.AccountSpiImpl        : InR-ID: [fd34f8be-308a-4c7f-9f3d-f1d292cb4898], X-Request-ID: [f9317bee-90e9-4359-b66e-4a099837bd3a], Consent with ID: 17602c35-8d2d-477f-8a8f-4ef52a324ee7 is a global or available account Consent 
2022-02-11 19:10:25.730  INFO 1 --- [nio-8089-exec-4] request-log                              : InR-ID: [fd34f8be-308a-4c7f-9f3d-f1d292cb4898], X-Request-ID: [f9317bee-90e9-4359-b66e-4a099837bd3a], uri: [/v1/accounts], requestHeaders: [x-gtw-aspsp-id: aa750320-2958-455e-9926-e9fca5ddfa92, consent-id: p19QK8BlxLNsnnoag_qR6VtGo2PGWC4JX6OcQ3mIf0zjngEE6YMMTOCnUTRId2y66SWecYw6yBQe384Ykanddcz9MpaJIQIH3NJX8IHgetw=_=_psGLvQpt9Q, psu-id: 0d0241806848434cb0b2e5d61832de3e, accept: application/json, x-request-id: f9317bee-90e9-4359-b66e-4a099837bd3a, host: localhost:20014, connection: Keep-Alive, accept-encoding: gzip,deflate], requestPayload: [], responseStatus: [200], responseHeaders: [Vary: Origin, Vary: Origin, Vary: Origin, X-Request-Id: f9317bee-90e9-4359-b66e-4a099837bd3a], responseBody: [{"accounts":[{"resourceId":"GQ9EVw1ARKMplU102fNzK8","iban":"DE18941046462456993786","currency":"EUR","name":"0d0241806848434cb0b2e5d61832de3e","displayName":"mock display name","cashAccountType":"CASH","status":"enabled","linkedAccounts":"7v_vskAtQlgscQox-otN60","usage":"PRIV"}]}] 
2022-02-11 19:10:25.730  INFO 1 --- [nio-8089-exec-4] access-log                               : InR-ID: [fd34f8be-308a-4c7f-9f3d-f1d292cb4898], X-Request-ID: [f9317bee-90e9-4359-b66e-4a099837bd3a], RESPONSE - TPP ID: [PSDDE-FAKENCA-ID12345], Status: [200], consentStatus: [valid]

Version list used: https://github.com/adorsys/open-banking-gateway/blob/04fb5f87245f942166f220b225c490a83e817f90/how-to-start-with-project/xs2a-sandbox-only/docker-compose.yml

HryhoriiHevorkian commented 2 years ago

Hello, this issue is related to race-condition in connector-examples. We have fixed it in the commercial version of the product. According to the release policy new changes will be delivered to Github community in the middle of this year.