It appears that we deleted the org/user DB again at some point over the weekend. I left my system with a logged in user on Friday. I was able to make successful calls as that user today including inviting another user to the organization and having them successfully create their new user/join the organization. However, the original user who did the inviting and created the org no longer existed and when I tried to switch back to that user via login I failed.
I can understand status calls still working as they are populated through local files, but other calls (especially ones that require a logged in user) should fail when the user no longer exists in the central repository. What if a user is removed because they were fired? They could potentially go in and do damage to their organization if they are not denied access after being deleted.
Here's the command chain showing that I'm logged in as user jmk1@example.org in organization H3PSFJ7NZ2 at the start, that I invite user jmk4@example.org to that same organization and they join it, that I cannot log back in to user jmk1, and that I can successfully create a new user jmk1@example.org as part of a new create-org call (something that would fail if user jmk1 were still present as an existing user in the central DB).
$ dwc status
Logged in as [H3PSFJ7NZ2]jmk1@example.org:
Capabilities:
- dw:admin0: Organization administator
- dw:reqSvc0: Able to request service tokens
- dw:user0: User
Services defined:
- service1
- service2
$ dwc invite-user jmk4@example.org
Inviting jmk4@example.org to H3PSFJ7NZ2...
Success! Send them:
dwc accept-invitation 'DTPJ2KEAW3K1LT44PNBN71BJFTFKR7Q9BUN83W46'
$ dwc accept-invitation 'DTPJ2KEAW3K1LT44PNBN71BJFTFKR7Q9BUN83W46'
Full Name: jmk4
Password:
Again:
Accepting invitation...
Now logged in as [H3PSFJ7NZ2]jmk4@example.org
$ dwc status
Logged in as [H3PSFJ7NZ2]jmk4@example.org:
Capabilities:
- dw:admin0: Organization administator
- dw:reqSvc0: Able to request service tokens
- dw:user0: User
No services defined
$ dwc login jmk1@example.org
Password for jmk1@example.org:
failure: Wrong email or password.
$ dwc login jmk1@example.org
Password for jmk1@example.org:
failure: Wrong email or password.
$ dwc login jmk2@example.org
Password for jmk2@example.org:
failure: Wrong email or password.
$ dwc status
Logged in as [H3PSFJ7NZ2]jmk4@example.org:
Capabilities:
- dw:admin0: Organization administator
- dw:reqSvc0: Able to request service tokens
- dw:user0: User
No services defined
$ dwc create-org jmk1 jmk1 jmk1@example.org
Password for jmk1@example.org @ jmk1:
Again:
Now logged in as [BJSJ7HV3JD]jmk1@example.org
It appears that we deleted the org/user DB again at some point over the weekend. I left my system with a logged in user on Friday. I was able to make successful calls as that user today including inviting another user to the organization and having them successfully create their new user/join the organization. However, the original user who did the inviting and created the org no longer existed and when I tried to switch back to that user via login I failed.
I can understand status calls still working as they are populated through local files, but other calls (especially ones that require a logged in user) should fail when the user no longer exists in the central repository. What if a user is removed because they were fired? They could potentially go in and do damage to their organization if they are not denied access after being deleted.
Here's the command chain showing that I'm logged in as user jmk1@example.org in organization H3PSFJ7NZ2 at the start, that I invite user jmk4@example.org to that same organization and they join it, that I cannot log back in to user jmk1, and that I can successfully create a new user jmk1@example.org as part of a new create-org call (something that would fail if user jmk1 were still present as an existing user in the central DB).