-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Emergency access fails if grantor doesnt log in during waiting time #2925
Comments
I have tested this just last week. And it all seems to work fine it looks like.
If you are able to, please copy/paste/provide the following columns of the record you think is in error.
Also, please enable Also remember that the Please provide the requested info so that we can try to help. |
Thanks for the fast reply. |
There is no wait time of an hour. There is a minimum of 1day. |
Thanks for the correction. I meant one day, of course. |
The already active run finished like the ones before. Now I set In the This confuses me as no emergency access is neither active nor pending. I never messed with the database and just access the db via a offsite copy I took beforehand. Should I still retry a new emergency access test? I think, that the entry in the emergency_access table situation should be solved before doing so. |
Strange, it does mention it was updated, but the status is still at 3, which i think from the top of my mind should be 4. Please enable debug log level, and keep it running. It should keep trying the same, since the status is not correct yet. |
Just a small update: The only log entries related to this are:
I'm grateful for any advice about what I can or should try next? |
Regarding the emergency access I am just getting the above posted entries about no emergency request being active (which is true atm). Can I manually delete this entry? |
If you remove the grantee as grantor (or yourself as grantee) the entry should be deleted as well.
You could try a |
If you want to grant your self access by an already approved access, which means ot shared the keys. The you can change the status your self too 4. Else you should also be able to remove the access on either side via the web-vault. |
Right now, no user is shown neither as grantor nor grantee in the ui. This is consistent with my actions in the ui.
I ran the command and received
I changed the Now I try again to give grantee emergency access and will post the result here. Thanks for the help. I keep you updated. |
It worked. Thanks a lot for the support. |
Was it corrupted in which sense? Only the state was wrong? Or the database had issues? As a side note. While i was checking the code, i saw some small enhancements for the code handeling this. I'll see if i can optimize the code a bit and maybe i will encounter something strange that could explain this behaviour. |
I might have found something which could cause this specific issue. |
The database itself was consistent. With the term corrupted I mean that the database was in a state in which the application didn't function correctly and wasn't able to correct itself. If the term corrupted doesn't fit here I take it back and may as well call it in a funny state. Anyhow, thanks again for the fast support. |
To make the terms a bit more clear. A corrupt database is a database which isn't functioning at all. The reason it is important, a corrupt database could also cause some strange issue, including not being able to update a record. As already mentioned, I think i have found what could cause this. One way of fixing this your self would be to change the schedules of the two emergency access jobs in such a way that they will never run at the same time. I keep this issue open until i finished the changes to the emergency access code. |
- Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes dani-garcia#2925
- Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes dani-garcia#2925
- Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes dani-garcia#2925
- Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes dani-garcia#2925
- Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes #2925
- Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes #2925
- Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes #2925
- Several cleanups and code optimizations for Emergency Access - Fixed a race-condition regarding jobs for Emergency Access - Some other small changes like `allow(clippy::)` removals Fixes #2925
Subject of the issue
When the grantee requests access to the grantor's vault, access isn't possible after the wait time if the grantor hasn't logged in during that time. Although the grantee received the
Emergency access request for John Doe approved
email, theEmergency Access
tab of the grantee's account just lists the tagsEmergency Access
Initiated andView
for the grantor user.Deployment environment
Your environment (Generated via diagnostics page)
Config (Generated via diagnostics page)
Show Running Config
Environment settings which are overridden: DOMAIN, ADMIN_TOKEN, ALLOWED_IFRAME_ANCESTORS, SMTP_HOST, SMTP_SECURITY, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD, SMTP_AUTH_MECHANISM
Steps to reproduce
View
access after one day of waitingEmergency Access
after receiving theEmergency access request for grantor approved
emailRemove
Expected behaviour
Grantee is able to access grantors vault after the waiting time.
Actual behaviour
Grantee cannot access grantors vault after the waiting time.
The text was updated successfully, but these errors were encountered: