Closed tl-adrian-bridgett closed 4 years ago
Hey @tl-adrian-bridgett! Thanks for submitting this!
I'm working on this PR which should help here -- when the cache refreshes (based on a TTL) and it can't find a group, that group is removed from the cache.
If group validation is enabled (with my fix for #125) then if the group is deleted, the user is still allowed in as the cache is not updated.
I think we should be playing very safe here and failing. This also applies for nested groups.
There is a log message:
Version: master with PR 275 and PR 280 applied