Delete user while user logged on throws error

Topics: Administration, Troubleshooting
May 22, 2011 at 4:34 PM
Edited May 22, 2011 at 4:36 PM

Ok, this is a pretty extreme edge case but it's easy enough to fix.

Testcase

Assume: User1 is logged on (using NGM.OpenAuthentication module)

Act: From an different box, login and delete user1

Assert: User1 refreshes page or clicks on any link within site SHOULD logout user  - Throws exception

Discussion:

I think the problem here is that asp.net thinks the request is authenticated but the user is actually deleted.  WorkContext.CurrentUser == null.

Fix: change \core\shapes\views\user.cshtml

 

@if (Request.IsAuthenticated) {
    <span class="user-actions welcome">
        @if(WorkContext.CurrentUser != null){  // new condition
         @T("Welcome, <strong>{0}</strong>!", new HtmlString(Html.ActionLink( WorkContext.CurrentUser.UserName, "ChangePassword", new { Controller = "Account", Area = "Orchard.Users" }).ToString()))   
        }else{
            // todo: redirect to logout             
        }
        
    </span>
...
}
Coordinator
May 24, 2011 at 9:09 PM

This is already fixed in the current 1.x branch if I'm not mistaken. Thanks for reporting it.