Mattermost, Inc.

Ghost user who doesn't exist but is in a team

Summary

Listing users in a team returns a user that get user can’t find.

Steps to reproduce

I use the API to list all the users in a team. Then I retrieve the user details for each one. This fails with user record not found for one or them

Server Version: 5.19.0 (Build 5.19.1)
Database: mysql

Expected behavior

All users in a team should exist.

Observed behavior

One user is listed as in the team, but get user can’t find the user record.

Questions

What action should I take to fix the offending user?
What extra info do you need from the sysadmin to help you to track this down?

Hi @nikkilocke, few things comes to mind that we can use to see if there is anything from with the user :

  • How does the account appear in the System Console > Users page? Is it active?
  • Is the user able to login/use Mattermost?
  • Does the user show up in the database?

I am not the admin, nor the user concerned, so I can’t answer any of those questions. I will ask, though.

And he says…

How does the account appear in the System Console Users page? Is it active?

No, it doesn’t exist

Is the user able to login/use Mattermost?

User doesn’t exist

Does the user show up in the database?

No

As for the last answer, I rely on MM’s command line tooling to report. I haven’t gone through the table of users in the database directly

Hello, @nikkilocke

The Users table will be the single source of truth of the user accounts that are active / inactive in the Mattermost instance. Since you mentioned that the user is still appearing in the team (which I believe the user was a member of originally), I want to know if this is merely a old data / cache issue of the Mattermost desktop / web / mobile app.

As the user is not appearing in the system console and database, can you please perform the following steps to verify if the same user is still appearing after that?

Desktop App

  1. Log in to the desktop app.
  2. Click on View > Clear Cache & Reload.
  3. Switch between channels and use the channel switcher to search for the user.
  4. Check through direct message / channels / group messages to verify that the user is still present or not.

Web App

  1. Using an incognito / private mode of the web browser, log in to your Mattermost account.
  2. Verify if the user is still appearing when you search for the account via the channel switcher (Command + K for Mac OS OR Ctrl + K or Windows).
  3. Perform the same process similar to the desktop app above.

Mobile App

  1. Log in to your mobile app using your credentials
  2. Navigate to Settings > Advanced Settings > Delete Documents & Data and observe the client reload itself and search for the ghost user again.

Let me know how it goes on your end.

We are not detecting this using any of the above apps
We are detecting it using the API directly - there is no cache involved.

If I had access to the database, I could check, but I would guess that the team members table has a record in it for a user who doesn’t exist in the users table.

Is there a foreign key relationship defined for this field?

Hi, @nikkilocke

Based on the SQL query that I have used, I could not find any foreign key relationship in the Users table:

mysql> SELECT TABLE_NAME, COLUMN_NAME, CONSTRAINT_NAME, REFERENCED_TABLE_NAME, REFERENCED_COLUMN_NAME FROM INFORMATION_SCHEMA. KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = 'mattermost' AND REFERENCED_TABLE_NAME = 'Users';
Empty set (0.02 sec)

Have you had any luck with the accessing the database to confirm the existence of the user and compare it with the output that you are seeing from the API?

mysql> DESCRIBE Users;
+--------------------+--------------+------+-----+---------+-------+
| Field              | Type         | Null | Key | Default | Extra |
+--------------------+--------------+------+-----+---------+-------+
| Id                 | varchar(26)  | NO   | PRI | NULL    |       |
| CreateAt           | bigint(20)   | YES  | MUL | NULL    |       |
| UpdateAt           | bigint(20)   | YES  | MUL | NULL    |       |
| DeleteAt           | bigint(20)   | YES  | MUL | NULL    |       |
| Username           | varchar(64)  | YES  | UNI | NULL    |       |
| Password           | varchar(128) | YES  |     | NULL    |       |
| AuthData           | varchar(128) | YES  | UNI | NULL    |       |
| AuthService        | varchar(32)  | YES  |     | NULL    |       |
| Email              | varchar(128) | YES  | UNI | NULL    |       |
| EmailVerified      | tinyint(1)   | YES  |     | NULL    |       |
| Nickname           | varchar(64)  | YES  |     | NULL    |       |
| FirstName          | varchar(64)  | YES  |     | NULL    |       |
| LastName           | varchar(64)  | YES  |     | NULL    |       |
| Position           | varchar(128) | YES  |     | NULL    |       |
| Roles              | text         | YES  |     | NULL    |       |
| AllowMarketing     | tinyint(1)   | YES  |     | NULL    |       |
| Props              | text         | YES  |     | NULL    |       |
| NotifyProps        | text         | YES  |     | NULL    |       |
| LastPasswordUpdate | bigint(20)   | YES  |     | NULL    |       |
| LastPictureUpdate  | bigint(20)   | YES  |     | NULL    |       |
| FailedAttempts     | int(11)      | YES  |     | NULL    |       |
| Locale             | varchar(5)   | YES  |     | NULL    |       |
| Timezone           | text         | YES  |     | NULL    |       |
| MfaActive          | tinyint(1)   | YES  |     | NULL    |       |
| MfaSecret          | varchar(128) | YES  |     | NULL    |       |
+--------------------+--------------+------+-----+---------+-------+
25 rows in set (0.01 sec)