search

nguyentientoan / socialauth-net

Automatically exported from code.google.com/p/socialauth-net
0 stars 0 forks source link

Upgrade from 2.3 to 2.4 yeilds user's provider object data being attached to the wrong session. #201

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1.  Log on to a specific provider from two different systems with two different 
provider accounts
2.
3.

What is the expected output? What do you see instead?
I expect to see the handler issue unique users for each connection, I am seeing 
a situation where the two connections will see the other, or the same user.

What version of the product are you using? On what operating system?
2.4 - latest running on IIS 7.5 Widows 2008 R2

Please provide any additional information below.
A recent update from 2.3 to 2.4 has caused this problem to come to life.  
Basically we are seeing a situation where two users from two different devices 
log in at, or around the same time using two different accounts on the same 
provider - live, facebook, google - and the connections will then be returned 
the same provider data.  Rolling back to version 2.3 fixes this issue but it is 
as if somehow session ID's are become cross wired.  Any help will be greatly 
appreciated.

Original issue reported on code.google.com by chadis...@gmail.com on 27 Mar 2014 at 3:22

GoogleCodeExporter commented 8 years ago 
I have attached a log4Net output of two session.  These sessions received the 
same MSN data when they were returned to our application.  It appears as if the 
second connection never returned it's profile data and just inherited the first 
connection:

2014-03-27 12:46:53,290     [(null)]    INFO    OAuth2_0server  OAuth2.0 Authorization 
Flow begins for MSN...
2014-03-27 12:46:53,352     [(null)]    DEBUG   OAuth2_0server  Redirecting user for 
login to 
https://oauth.live.com:443/authorize?client_id=000000004401855F&redirect_uri=htt
ps%3A%2F%2Fpayments.jdbyrider.com%2FOnlinePayments%2Fsocialauth%2Fvalidate.sauth
&response_type=code&scope=wl.basic%2Cwl.emails%2Cwl.birthday
2014-03-27 12:49:29,071     [(null)]    INFO    OAuth2_0server  OAuth2.0 Authorization 
Flow begins for MSN...
2014-03-27 12:49:29,071     [(null)]    DEBUG   OAuth2_0server  Redirecting user for 
login to 
https://oauth.live.com:443/authorize?client_id=000000004401855F&redirect_uri=htt
ps%3A%2F%2Fpayments.jdbyrider.com%2FOnlinePayments%2Fsocialauth%2Fvalidate.sauth
&response_type=code&scope=wl.basic%2Cwl.emails%2Cwl.birthday
2014-03-27 12:50:10,599     [(null)]    INFO    OAuth2_0server  User successfully logged 
in and returned with Authorization code
2014-03-27 12:50:11,051     [(null)]    DEBUG   OAuth2_0server  Requesting Access Token 
at https://oauth.live.com:443/token
2014-03-27 12:50:11,441     [(null)]    INFO    OAuth2_0server  Access Token 
successfully received
2014-03-27 12:50:11,441     [(null)]    INFO    OAuth2_0server  OAuth2.0 server side 
Authorization flow ends ..
2014-03-27 12:50:11,457     [(null)]    DEBUG   MSNWrapper  Executing profile feed
2014-03-27 12:50:11,457     [(null)]    DEBUG   OAuth2_0server  Executing 
https://apis.live.net/v5.0/me using GET
2014-03-27 12:50:11,925     [(null)]    INFO    OAuth2_0server  Successfully executed  
https://apis.live.net/v5.0/me using GET
2014-03-27 12:50:11,940     [(null)]    DEBUG   OAuth2_0server  Executing 
https://apis.live.net/v5.0/me/picture using GET
2014-03-27 12:50:12,128     [(null)]    INFO    OAuth2_0server  Successfully executed  
https://apis.live.net/v5.0/me/picture using GET
2014-03-27 12:50:12,128     [(null)]    INFO    MSNWrapper  Profile successfully received
2014-03-27 12:50:13,126     [(null)]    INFO    OAuth2_0server  User successfully logged 
in and returned with Authorization code
2014-03-27 12:50:13,188     [(null)]    DEBUG   OAuth2_0server  Requesting Access Token 
at https://oauth.live.com:443/token
2014-03-27 12:50:13,360     [(null)]    INFO    OAuth2_0server  Access Token 
successfully received
2014-03-27 12:50:13,360     [(null)]    INFO    OAuth2_0server  OAuth2.0 server side 
Authorization flow ends ..
2014-03-27 12:50:13,360     [(null)]    DEBUG   MSNWrapper  Profile successfully 
returned from session
2014-03-27 12:50:13,376     [(null)]    DEBUG   MSNWrapper  Profile successfully 
returned from session
2014-03-27 12:50:13,376     [(null)]    DEBUG   MSNWrapper  Profile successfully 
returned from session
2014-03-27 12:50:13,376     [(null)]    DEBUG   MSNWrapper  Profile successfully 
returned from session

Original comment by chadis...@gmail.com on 27 Mar 2014 at 5:18

GoogleCodeExporter commented 8 years ago 
I have additional debug output to show.  I modified the source so that I could 
see the access token's, codes, and social-auth identifiers being returns during 
an authentication and here is what I have found.  Please note the IP addresses 
of the different users.

2014-04-03 13:34:03,109     [(null)]    [192.168.52.189]    INFO 
    SessionManager  Created Session for user with GUID:  
6374443f-abd3-466f-ad16-442c275a77bb
2014-04-03 13:34:05,496     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  OAuth2.0 Authorization Flow begins for MSN...
2014-04-03 13:34:05,512     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Redirecting user for login to 
https://oauth.live.com:443/authorize?client_id=000000004401855F&redirect_uri=htt
ps%3A%2F%2Fpayments.jdbyrider.com%2FOnlinePayments%2Fsocialauth%2Fvalidate.sauth
&response_type=code&scope=wl.basic%2Cwl.emails%2Cwl.birthday
2014-04-03 13:34:13,218     [(null)]    [192.168.94.8]  INFO    SessionManager  Created 
Session for user with GUID:  3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:15,652     [(null)]    [192.168.94.8]  INFO 
    OAuth2_0server  OAuth2.0 Authorization Flow begins for MSN...
2014-04-03 13:34:15,652     [(null)]    [192.168.94.8] 
    DEBUG   OAuth2_0server  Redirecting user for login to 
https://oauth.live.com:443/authorize?client_id=000000004401855F&redirect_uri=htt
ps%3A%2F%2Fpayments.jdbyrider.com%2FOnlinePayments%2Fsocialauth%2Fvalidate.sauth
&response_type=code&scope=wl.basic%2Cwl.emails%2Cwl.birthday
2014-04-03 13:34:44,200     [(null)]    [192.168.94.8]  INFO    OAuth2_0server  User 
successfully logged in and returned with Authorization code
2014-04-03 13:34:44,200     [(null)]    [192.168.94.8]  INFO    OAuth2_0server  User 
Code is:  4db7b21e-ee9a-3cf3-d94d-1aa65c081f9f
2014-04-03 13:34:44,496     [(null)]    [192.168.52.189]    INFO    OAuth2_0server  User 
successfully logged in and returned with Authorization code
2014-04-03 13:34:44,496     [(null)]    [192.168.52.189]    INFO    OAuth2_0server  User 
Code is:  bdee8d07-6f9f-b6f8-f250-c20ce8a9026f
2014-04-03 13:34:44,652     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Requesting Access Token at 
https://oauth.live.com:443/token
2014-04-03 13:34:44,933     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  Access Token successfully received
2014-04-03 13:34:44,933     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  OAuth2.0 server side Authorization flow ends ..
2014-04-03 13:34:44,949     [(null)]    [192.168.52.189]    INFO    SessionManager  Added 
Connection token to session for user with the following session id:  
3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:44,949     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Executing 
profile feed
2014-04-03 13:34:44,949     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Executing https://apis.live.net/v5.0/me using GET
2014-04-03 13:34:44,949     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Requesting Access Token at 
https://oauth.live.com:443/token
2014-04-03 13:34:45,120     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  Access Token successfully received
2014-04-03 13:34:45,120     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  OAuth2.0 server side Authorization flow ends ..
2014-04-03 13:34:45,120     [(null)]    [192.168.52.189]    INFO    SessionManager  Added 
Connection token to session for user with the following session id:  
6374443f-abd3-466f-ad16-442c275a77bb
2014-04-03 13:34:45,120     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Executing 
profile feed
2014-04-03 13:34:45,120     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Executing https://apis.live.net/v5.0/me using GET
2014-04-03 13:34:45,385     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  Successfully executed  https://apis.live.net/v5.0/me using GET
2014-04-03 13:34:45,417     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Executing https://apis.live.net/v5.0/me/picture using GET
2014-04-03 13:34:46,789     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  Successfully executed  https://apis.live.net/v5.0/me using GET
2014-04-03 13:34:46,789     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Executing https://apis.live.net/v5.0/me/picture using GET
2014-04-03 13:34:47,008     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  Successfully executed  https://apis.live.net/v5.0/me/picture 
using GET
2014-04-03 13:34:47,008     [(null)]    [192.168.52.189]    INFO    MSNWrapper  Profile 
successfully received - not from session - for sessionid:  
3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:47,008     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
best userid is - again, not from session:  3f86dfbc0b5c7229
2014-04-03 13:34:47,413     [(null)]    [192.168.94.8]  INFO 
    OAuth2_0server  Successfully executed  https://apis.live.net/v5.0/me/picture 
using GET
2014-04-03 13:34:47,413     [(null)]    [192.168.94.8]  INFO    MSNWrapper  Profile 
successfully received - not from session - for sessionid:  
3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:47,413     [(null)]    [192.168.94.8]  DEBUG   MSNWrapper  Profile 
best userid is - again, not from session:  3f86dfbc0b5c7229
2014-04-03 13:34:47,507     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
successfully returned from session for sessionid:  
3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:47,507     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
best userid is:  3f86dfbc0b5c7229
2014-04-03 13:34:47,788     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
successfully returned from session for sessionid:  
3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:47,788     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
best userid is:  3f86dfbc0b5c7229
2014-04-03 13:34:47,788     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
successfully returned from session for sessionid:  
3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:47,788     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
best userid is:  3f86dfbc0b5c7229
2014-04-03 13:34:48,225     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Executing 
contacts feed
2014-04-03 13:34:48,225     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Executing 
https://apis.live.net/v5.0/me/contacts?access_token=EwAwAq1DBAAUGCCXc8wU/zFu9QnL
dZXy+YnElFkAAasWEp8jSff+6Nyod/n3k8RvnjU9/oXvP60IVGjTZFLKpiTW2HmyDAoej2dJytPvLGsC
Rm5HnzvpLhfOJHArR2K3a8oS9gsy5FnzejXTiG9ION63wpHUKz41zaOOZUUQZqR6xMhYvFja8tmMRsZZ
c/rlLlMww3KGYTXan1Y3kRVWbrO588sBXD8DLkGXHNPtW9S/RESfxTzAtp+pqEB9ARHAupYyNjiE/Wkg
XmF4Ac71QotNbyuDk7S1925oJYskp6UrdAFzudjpil2fZbBQ5ciuGw65AJxRlin2FW5hc0masQQ42Hu2
LBrUAVyjC0zcPiUw5PMAdIZLt9tiJj+dBGgDZgAACBMpgHWVv3HyAAGKpHcC7reTHJQW/Vdp2TS4YLJE
NYQYAl1ck+rQpF1aLJMLcYPaa/CoUy7Gjb4FVQkHCRVGdYkTTsWauMl850zcbwNW0IFbyXOC5M7lmWZ9
Cp+3wktMrpaTr7XJ9pz69EhTxAVpESqV7zIKjtCqJBZsYpgT7yJ1Rhl0ZlqQpY0KNkzdsoo3LKQvvuOw
gapd1YUn8SrH1ijMZSlkH7mQW2koZphVkvubPySvS820n2I1xDUrc9l28zv3/SL1ugTYNZ7TCGfUAcZL
RFGFDl2UxOnfKNQBFjQFF62pKHSCltKK2tfRsixCs2LkaFxSNef98iO+lA6RhFT+94HmLNmma8w+AAA=
 using GET
2014-04-03 13:34:48,225     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Executing 
contacts feed
2014-04-03 13:34:48,225     [(null)]    [192.168.52.189] 
    DEBUG   OAuth2_0server  Executing 
https://apis.live.net/v5.0/me/contacts?access_token=EwAwAq1DBAAUGCCXc8wU/zFu9QnL
dZXy+YnElFkAAasWEp8jSff+6Nyod/n3k8RvnjU9/oXvP60IVGjTZFLKpiTW2HmyDAoej2dJytPvLGsC
Rm5HnzvpLhfOJHArR2K3a8oS9gsy5FnzejXTiG9ION63wpHUKz41zaOOZUUQZqR6xMhYvFja8tmMRsZZ
c/rlLlMww3KGYTXan1Y3kRVWbrO588sBXD8DLkGXHNPtW9S/RESfxTzAtp+pqEB9ARHAupYyNjiE/Wkg
XmF4Ac71QotNbyuDk7S1925oJYskp6UrdAFzudjpil2fZbBQ5ciuGw65AJxRlin2FW5hc0masQQ42Hu2
LBrUAVyjC0zcPiUw5PMAdIZLt9tiJj+dBGgDZgAACBMpgHWVv3HyAAGKpHcC7reTHJQW/Vdp2TS4YLJE
NYQYAl1ck+rQpF1aLJMLcYPaa/CoUy7Gjb4FVQkHCRVGdYkTTsWauMl850zcbwNW0IFbyXOC5M7lmWZ9
Cp+3wktMrpaTr7XJ9pz69EhTxAVpESqV7zIKjtCqJBZsYpgT7yJ1Rhl0ZlqQpY0KNkzdsoo3LKQvvuOw
gapd1YUn8SrH1ijMZSlkH7mQW2koZphVkvubPySvS820n2I1xDUrc9l28zv3/SL1ugTYNZ7TCGfUAcZL
RFGFDl2UxOnfKNQBFjQFF62pKHSCltKK2tfRsixCs2LkaFxSNef98iO+lA6RhFT+94HmLNmma8w+AAA=
 using GET
2014-04-03 13:34:48,552     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  Successfully executed  
https://apis.live.net/v5.0/me/contacts?access_token=EwAwAq1DBAAUGCCXc8wU/zFu9QnL
dZXy+YnElFkAAasWEp8jSff+6Nyod/n3k8RvnjU9/oXvP60IVGjTZFLKpiTW2HmyDAoej2dJytPvLGsC
Rm5HnzvpLhfOJHArR2K3a8oS9gsy5FnzejXTiG9ION63wpHUKz41zaOOZUUQZqR6xMhYvFja8tmMRsZZ
c/rlLlMww3KGYTXan1Y3kRVWbrO588sBXD8DLkGXHNPtW9S/RESfxTzAtp+pqEB9ARHAupYyNjiE/Wkg
XmF4Ac71QotNbyuDk7S1925oJYskp6UrdAFzudjpil2fZbBQ5ciuGw65AJxRlin2FW5hc0masQQ42Hu2
LBrUAVyjC0zcPiUw5PMAdIZLt9tiJj+dBGgDZgAACBMpgHWVv3HyAAGKpHcC7reTHJQW/Vdp2TS4YLJE
NYQYAl1ck+rQpF1aLJMLcYPaa/CoUy7Gjb4FVQkHCRVGdYkTTsWauMl850zcbwNW0IFbyXOC5M7lmWZ9
Cp+3wktMrpaTr7XJ9pz69EhTxAVpESqV7zIKjtCqJBZsYpgT7yJ1Rhl0ZlqQpY0KNkzdsoo3LKQvvuOw
gapd1YUn8SrH1ijMZSlkH7mQW2koZphVkvubPySvS820n2I1xDUrc9l28zv3/SL1ugTYNZ7TCGfUAcZL
RFGFDl2UxOnfKNQBFjQFF62pKHSCltKK2tfRsixCs2LkaFxSNef98iO+lA6RhFT+94HmLNmma8w+AAA=
 using GET
2014-04-03 13:34:48,568     [(null)]    [192.168.52.189]    INFO    MSNWrapper  Contacts 
successfully received
2014-04-03 13:34:48,630     [(null)]    [192.168.52.189]    INFO 
    OAuth2_0server  Successfully executed  
https://apis.live.net/v5.0/me/contacts?access_token=EwAwAq1DBAAUGCCXc8wU/zFu9QnL
dZXy+YnElFkAAasWEp8jSff+6Nyod/n3k8RvnjU9/oXvP60IVGjTZFLKpiTW2HmyDAoej2dJytPvLGsC
Rm5HnzvpLhfOJHArR2K3a8oS9gsy5FnzejXTiG9ION63wpHUKz41zaOOZUUQZqR6xMhYvFja8tmMRsZZ
c/rlLlMww3KGYTXan1Y3kRVWbrO588sBXD8DLkGXHNPtW9S/RESfxTzAtp+pqEB9ARHAupYyNjiE/Wkg
XmF4Ac71QotNbyuDk7S1925oJYskp6UrdAFzudjpil2fZbBQ5ciuGw65AJxRlin2FW5hc0masQQ42Hu2
LBrUAVyjC0zcPiUw5PMAdIZLt9tiJj+dBGgDZgAACBMpgHWVv3HyAAGKpHcC7reTHJQW/Vdp2TS4YLJE
NYQYAl1ck+rQpF1aLJMLcYPaa/CoUy7Gjb4FVQkHCRVGdYkTTsWauMl850zcbwNW0IFbyXOC5M7lmWZ9
Cp+3wktMrpaTr7XJ9pz69EhTxAVpESqV7zIKjtCqJBZsYpgT7yJ1Rhl0ZlqQpY0KNkzdsoo3LKQvvuOw
gapd1YUn8SrH1ijMZSlkH7mQW2koZphVkvubPySvS820n2I1xDUrc9l28zv3/SL1ugTYNZ7TCGfUAcZL
RFGFDl2UxOnfKNQBFjQFF62pKHSCltKK2tfRsixCs2LkaFxSNef98iO+lA6RhFT+94HmLNmma8w+AAA=
 using GET
2014-04-03 13:34:48,630     [(null)]    [192.168.52.189]    INFO    MSNWrapper  Contacts 
successfully received
2014-04-03 13:34:48,817     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
successfully returned from session for sessionid:  
3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:48,817     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
best userid is:  3f86dfbc0b5c7229
2014-04-03 13:34:50,767     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
successfully returned from session for sessionid:  
3e0d6cbe-5e02-4675-8bb6-d566ace27a40
2014-04-03 13:34:50,767     [(null)]    [192.168.52.189]    DEBUG   MSNWrapper  Profile 
best userid is:  3f86dfbc0b5c7229

Original comment by chadis...@gmail.com on 3 Apr 2014 at 5:53

GoogleCodeExporter commented 8 years ago 
Ok I have done some digging in the code and I found the offending method.  In 
the provider.cs file, Changing the ConnectionToken method from:

public Token ConnectionToken { get; set; }

To:

public Token ConnectionToken
{
     get { return SessionManager.GetConnectionToken(this.ProviderType); }
     set { SessionManager.AddConnectionToken(value); }
}

Again, any input or direction as to why this happens as codded would be 
appreciated.

Chad

Original comment by chadis...@gmail.com on 4 Apr 2014 at 6:57