Updated to 0.34 and now cannot login - "You're not member of this workspace."

[facuxt]

Bug Description

I updated my instance of twenty 0.33.0 to 0.34.0 and then i cannot login... i used to

Example:

When trying to login, it say this error
"You're not member of this workspace."
![Image](https://github.com/user-attachments/assets/7bd8c2a1-0357-4fe2-bdad-cf9f422ba96b)

Expected behavior

Expected to login and enter to the workspace ...

Technical inputs

When i installed 0.33, i used to have this vars in .env
SIGN_IN_PREFILLED=false
DEBUG_MODE=false
IS_MULTIWORKSPACE_ENABLED=true

Also, when i noticed These variables were not in use, i added them manually in the docker compose file --> section "server"....

Now i tried to disable all of those changes and vars... but nothing seems to work..

[chrisjenx]

+1 to this, got this after upgrading too, looks like a bad DB migration?

[chrisjenx]

I get ApolloError: column Workspace.subdomain does not exist when trying to login with email/password

[chrisjenx]

Potentially related on Tag 0.34.1

[AMoreaux]

Hello,

Did you run the migration ? there is a new column subdomain:
https://github.com/twentyhq/twenty/blob/main/packages/twenty-server/src/database/typeorm/core/migrations/common/1730137590546-addSubdomainToWorkspace.ts#L10

[facuxt]

Yes i did ran the migrations inside docker... i cannot remember if i ran it on server or on worker... which docker should i run this commands?

Also, the docu page doesnt explain it so well...

[AMoreaux]

Here is the migration documentation

Depending on your setup you can run migration scripts in docker or not.

Today it continues to fail?

For you too @chrisjenx ?

[chrisjenx]

The docker containers suggestion they auto migrate?

[chrisjenx]

On that note I would use something like flyaway for sanity sake.

[facuxt]

i just did a clean install... and it now works ok.... i ran those commands on "server" docker...

[PeterBaker0]

I have an existing installation and I got this issue - I ran the migrations as described. I don't want the multi workspace feature to be enabled, since I don't need it and am happy with the current configuration. I have ensured that IS_MULTIWORKSPACE_ENABLED is false.

When I run the upgrade-0.34 command I see

Updating workspace ab0bfd75-0d36-4363-88c7-xxx with subdomain xxxx

Where xxxx is the name of my original workspace. So I presume that it now expects me to login at xxxx.<original base domain> - however this not valid for my networking/route configuration?

[chrisjenx]

Ahh yeah makes me wonder if the db migration goes fine, but it's doing as said above, trying to log me into a subdomains (which we don't use for selfhosted)

[AMoreaux]

I have an existing installation and I got this issue - I ran the migrations as described. I don't want the multi workspace feature to be enabled, since I don't need it and am happy with the current configuration. I have ensured that IS_MULTIWORKSPACE_ENABLED is false.

When I run the upgrade-0.34 command I see

Updating workspace ab0bfd75-0d36-4363-88c7-xxx with subdomain xxxx

Where xxxx is the name of my original workspace. So I presume that it now expects me to login at xxxx. - however this not valid for my networking/route configuration?

Even if you use the single workspace mode the subdomain column is added and a unique subdomain is generated. But it's not used in your use case. So you should be able to continue using your instance without a subdomain.

[chrisjenx]

OK so after running the migration manually then rebooting the docker containers it came back up. It did throw an error initially which seemed to trigger a on the fly fix (logs attached) now I can login.
So there seems to be an issue with the migration, it also thinks I have 3 subdomains (I don't). And after the migration the meta data was missing, so dunno if you have automated jobs to populate that and I just logged in too quick?

[Nest] 1  - 12/18/2024, 5:05:32 PM   ERROR [ExceptionsHandler] Metadata version not found for workspace 559b60f4-c15e-48c1-82a5-
Error: Metadata version not found for workspace 559b60f4-c15e-48c1-82a5-
    at WorkspaceDatasourceFactory.getWorkspaceMetadataVersionFromCache (/app/packages/twenty-server/dist/src/engine/twenty-orm/factories/workspace-datasource.factory.js:115:23)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async WorkspaceDatasourceFactory.create (/app/packages/twenty-server/dist/src/engine/twenty-orm/factories/workspace-datasource.factory.js:32:48)
    at async TwentyORMGlobalManager.getRepositoryForWorkspace (/app/packages/twenty-server/dist/src/engine/twenty-orm/twenty-orm-global.manager.js:31:37)
    at async AccessTokenService.generateAccessToken (/app/packages/twenty-server/dist/src/engine/core-modules/auth/token/services/access-token.service.js:64:47)
    at async AuthService.verify (/app/packages/twenty-server/dist/src/engine/core-modules/auth/services/auth.service.js:139:29)
    at async AuthResolver.verify (/app/packages/twenty-server/dist/src/engine/core-modules/auth/auth.resolver.js:122:16)
Exception Captured
  {
    operation: { name: 'Verify', type: 'mutation' },
    document: 'mutation Verify($loginToken: String!) {\n' +
      '  verify(loginToken: $loginToken) {\n' +
      '    user {\n' +
      '      ...UserQueryFragment\n' +
      '      __typename\n' +
      '    }\n' +
      '    tokens {\n' +
      '      ...AuthTokensFragment\n' +
      '      __typename\n' +
      '    }\n' +
      '    __typename\n' +
      '  }\n' +
      '}\n' +
      '\n' +
      'fragment UserQueryFragment on User {\n' +
      '  id\n' +
      '  firstName\n' +
      '  lastName\n' +
      '  email\n' +
      '  canImpersonate\n' +
      '  supportUserHash\n' +
      '  analyticsTinybirdJwts {\n' +
      '    getWebhookAnalytics\n' +
      '    getPageviewsAnalytics\n' +
      '    getUsersAnalytics\n' +
      '    getServerlessFunctionDuration\n' +
      '    getServerlessFunctionSuccessRate\n' +
      '    getServerlessFunctionErrorCount\n' +
      '    __typename\n' +
      '  }\n' +
      '  onboardingStatus\n' +
      '  workspaceMember {\n' +
      '    ...WorkspaceMemberQueryFragment\n' +
      '    __typename\n' +
      '  }\n' +
      '  workspaceMembers {\n' +
      '    ...WorkspaceMemberQueryFragment\n' +
      '    __typename\n' +
      '  }\n' +
      '  defaultWorkspace {\n' +
      '    id\n' +
      '    displayName\n' +
      '    logo\n' +
      '    domainName\n' +
      '    inviteHash\n' +
      '    allowImpersonation\n' +
      '    activationStatus\n' +
      '    isPublicInviteLinkEnabled\n' +
      '    isGoogleAuthEnabled\n' +
      '    isMicrosoftAuthEnabled\n' +
      '    isPasswordAuthEnabled\n' +
      '    subdomain\n' +
      '    hasValidEntrepriseKey\n' +
      '    featureFlags {\n' +
      '      id\n' +
      '      key\n' +
      '      value\n' +
      '      workspaceId\n' +
      '      __typename\n' +
      '    }\n' +
      '    metadataVersion\n' +
      '    currentBillingSubscription {\n' +
      '      id\n' +
      '      status\n' +
      '      interval\n' +
      '      __typename\n' +
      '    }\n' +
      '    workspaceMembersCount\n' +
      '    __typename\n' +
      '  }\n' +
      '  workspaces {\n' +
      '    workspace {\n' +
      '      id\n' +
      '      logo\n' +
      '      displayName\n' +
      '      domainName\n' +
      '      subdomain\n' +
      '      __typename\n' +
      '    }\n' +
      '    __typename\n' +
      '  }\n' +
      '  userVars\n' +
      '  __typename\n' +
      '}\n' +
      '\n' +
      'fragment WorkspaceMemberQueryFragment on WorkspaceMember {\n' +
      '  id\n' +
      '  name {\n' +
      '    firstName\n' +
      '    lastName\n' +
      '    __typename\n' +
      '  }\n' +
      '  colorScheme\n' +
      '  avatarUrl\n' +
      '  locale\n' +
      '  timeZone\n' +
      '  dateFormat\n' +
      '  timeFormat\n' +
      '  __typename\n' +
      '}\n' +
  [
    Error: Metadata version not found for workspace 559b60f4-c15e-48c1-82a5-
        at WorkspaceDatasourceFactory.getWorkspaceMetadataVersionFromCache (/app/packages/twenty-server/dist/src/engine/twenty-orm/factories/workspace-datasource.factory.js:115:23)
        at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
        at async WorkspaceDatasourceFactory.create (/app/packages/twenty-server/dist/src/engine/twenty-orm/factories/workspace-datasource.factory.js:32:48)
        at async TwentyORMGlobalManager.getRepositoryForWorkspace (/app/packages/twenty-server/dist/src/engine/twenty-orm/twenty-orm-global.manager.js:31:37)
        at async AccessTokenService.generateAccessToken (/app/packages/twenty-server/dist/src/engine/core-modules/auth/token/services/access-token.service.js:64:47)
        at async AuthService.verify (/app/packages/twenty-server/dist/src/engine/core-modules/auth/services/auth.service.js:139:29)
        at async AuthResolver.verify (/app/packages/twenty-server/dist/src/engine/core-modules/auth/auth.resolver.js:122:16) {
      path: undefined,
      locations: undefined,
      extensions: {
        code: 'INTERNAL_SERVER_ERROR',
        response: 'Metadata version not found for workspace 559b60f4-c15e-48c1-82a5-'
      '\n' +
      }
    }
  ]
      'fragment AuthTokensFragment on AuthTokenPair {\n' +
      '  accessToken {\n' +
      '    ...AuthTokenFragment\n' +
      '    __typename\n' +
      '  }\n' +
      '  refreshToken {\n' +
      '    ...AuthTokenFragment\n' +
      '    __typename\n' +
      '  }\n' +
      '  __typename\n' +
      '}\n' +
      '\n' +
      'fragment AuthTokenFragment on AuthToken {\n' +
      '  token\n' +
      '  expiresAt\n' +
      '  __typename\n' +
      '}',
    user: undefined,
    workspace: {
      id: undefined,
      displayName: undefined,
      createdAt: undefined,
      activationStatus: undefined
    }
  }
[Nest] 1  - 12/18/2024, 5:05:52 PM    WARN In single-workspace mode, there should be only one workspace. Today there are 3 workspaces
[Nest] 1  - 12/18/2024, 5:05:52 PM    WARN undefined
[Nest] 1  - 12/18/2024, 5:05:52 PM    WARN In single-workspace mode, there should be only one workspace. Today there are 3 workspaces
[Nest] 1  - 12/18/2024, 5:05:52 PM    WARN undefined
[Nest] 1  - 12/18/2024, 5:05:52 PM     LOG [WorkspaceDatasourceFactory] Creating workspace data source for workspace 559b60f4-c15e-48c1-82a5-and metadata version 3
metadata query time: 3.783154010772705 ms
[Nest] 1  - 12/18/2024, 5:05:54 PM     LOG [TypeDefinitionsGenerator] Generating composite type objects: [LINKS, CURRENCY, FULL_NAME, ADDRESS, ACTOR, EMAILS, PHONES]
[Nest] 1  - 12/18/2024, 5:05:54 PM     LOG [TypeDefinitionsGenerator] Generating metadata objects: [view, apiKey, auditLog, attachment, blocklist, calendarEvent, calendarChannel, company, calendarChannelEventAssociation, calendarEventParticipant, favorite, connectedAccount, timelineActivity, viewField, viewGroup, viewFilter, viewFilterGroup, viewSort, webhook, workspaceMember, messageThread, message, messageChannel, messageParticipant, messageChannelMessageAssociation, note, noteTarget, opportunity, person, task, taskTarget]

[PeterBaker0]

I still can't login. I ran the migrations, shut down the containers, booted back up. Looking at logs I see this error

Exception Captured
  {
    operation: { name: 'GetCurrentUser', type: 'query' },
    document: 'query GetCurrentUser {\n' +
      '  currentUser {\n' +
      '    ...UserQueryFragment\n' +
  [
    ForbiddenException: Forbidden resource
        at canActivateFn (/app/node_modules/@nestjs/core/helpers/external-context-creator.js:157:23)
        at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
        at async target (/app/node_modules/@nestjs/core/helpers/external-context-creator.js:73:31)
        at async Object.currentUser (/app/node_modules/@nestjs/core/helpers/external-proxy.js:9:24)
        at async field.resolve (/app/node_modules/@envelop/on-resolve/cjs/index.js:36:42)
        at async /app/node_modules/@graphql-tools/executor/cjs/execution/promiseForObject.js:18:35
        at async Promise.all (index 0) {
      path: undefined,
      locations: undefined,
      extensions: { code: 'INTERNAL_SERVER_ERROR', response: 'Forbidden resource' }
    }
  ]
      '    __typename\n' +
      '  }\n' +
      '}\n' +
      '\n' +
      'fragment UserQueryFragment on User {\n' +
      '  id\n' +
      '  firstName\n' +
      '  lastName\n' +
      '  email\n' +
      '  canImpersonate\n' +
      '  supportUserHash\n' +
      '  analyticsTinybirdJwts {\n' +
      '    getWebhookAnalytics\n' +
      '    getPageviewsAnalytics\n' +
      '    getUsersAnalytics\n' +
      '    getServerlessFunctionDuration\n' +
      '    getServerlessFunctionSuccessRate\n' +
      '    getServerlessFunctionErrorCount\n' +
      '    __typename\n' +
      '  }\n' +
      '  onboardingStatus\n' +
      '  workspaceMember {\n' +
      '    ...WorkspaceMemberQueryFragment\n' +
      '    __typename\n' +
      '  }\n' +
      '  workspaceMembers {\n' +
      '    ...WorkspaceMemberQueryFragment\n' +
      '    __typename\n' +
      '  }\n' +
      '  defaultWorkspace {\n' +
      '    id\n' +
      '    displayName\n' +
      '    logo\n' +
      '    domainName\n' +
      '    inviteHash\n' +
      '    allowImpersonation\n' +
      '    activationStatus\n' +
      '    isPublicInviteLinkEnabled\n' +
      '    isGoogleAuthEnabled\n' +
      '    isMicrosoftAuthEnabled\n' +
      '    isPasswordAuthEnabled\n' +
      '    subdomain\n' +
      '    hasValidEntrepriseKey\n' +
      '    featureFlags {\n' +
      '      id\n' +
      '      key\n' +
      '      value\n' +
      '      workspaceId\n' +
      '      __typename\n' +
      '    }\n' +
      '    metadataVersion\n' +
      '    currentBillingSubscription {\n' +
      '      id\n' +
      '      status\n' +
      '      interval\n' +
      '      __typename\n' +
      '    }\n' +
      '    workspaceMembersCount\n' +
      '    __typename\n' +
      '  }\n' +
      '  workspaces {\n' +
      '    workspace {\n' +
      '      id\n' +
      '      logo\n' +
      '      displayName\n' +
      '      domainName\n' +
      '      subdomain\n' +
      '      __typename\n' +
      '    }\n' +
      '    __typename\n' +
      '  }\n' +
      '  userVars\n' +
      '  __typename\n' +
      '}\n' +
      '\n' +
      'fragment WorkspaceMemberQueryFragment on WorkspaceMember {\n' +
      '  id\n' +
      '  name {\n' +
      '    firstName\n' +
      '    lastName\n' +
      '    __typename\n' +
      '  }\n' +
      '  colorScheme\n' +
      '  avatarUrl\n' +
      '  locale\n' +
      '  timeZone\n' +
      '  dateFormat\n' +
      '  timeFormat\n' +
      '  __typename\n' +
      '}',
    user: undefined,
    workspace: {
      id: undefined,
      displayName: undefined,
      createdAt: undefined,
      activationStatus: undefined
    }
  }
[Nest] 1  - 12/18/2024, 9:42:55 PM    WARN In single-workspace mode, there should be only one workspace. Today there are 2 workspaces
[Nest] 1  - 12/18/2024, 9:42:55 PM    WARN undefined
[Nest] 1  - 12/18/2024, 9:43:00 PM    WARN In single-workspace mode, there should be only one workspace. Today there are 2 workspaces
[Nest] 1  - 12/18/2024, 9:43:00 PM    WARN undefined

Seems that I have the same problem re: the multiple workspaces (even though I only have one afaik).

[PeterBaker0]

I have an existing installation and I got this issue - I ran the migrations as described. I don't want the multi workspace feature to be enabled, since I don't need it and am happy with the current configuration. I have ensured that IS_MULTIWORKSPACE_ENABLED is false.
When I run the upgrade-0.34 command I see

Updating workspace ab0bfd75-0d36-4363-88c7-xxx with subdomain xxxx

Where xxxx is the name of my original workspace. So I presume that it now expects me to login at xxxx. - however this not valid for my networking/route configuration?

Even if you use the single workspace mode the subdomain column is added and a unique subdomain is generated. But it's not used in your use case. So you should be able to continue using your instance without a subdomain.

Okay - this is the ideal behaviour.

For what it's worth, I did try changing my networking to put the subdomain in, and it made no difference - same error.

[FelixMalfait]

Seems that I have the same problem re: the multiple workspaces (even though I only have one afaik).

Check user [email protected] / Applecar2025

The database:reset command's default configuration is to create 2 seed workspaces so maybe you ran it at the beginning and created those 2. I updated the docs to clarify this

[usag1r]

I also can't login to the main Workspace after upgrading to 0.34.
I get the "You're not member of this workspace." error.

I see 3 subdomain are generated for 3 Workspaces.
Any way to login to my main Workspace now?

Only this works at the moment.
Check user [email protected] / Applecar2025

Login/Workspaces worked fine initially after upgrading. But then after logging out this issue happened.

[AMoreaux]

@usag1r If you run without the multi-workspace mode enabled you can safely delete the two other workspaces in the database?

Can you try that, please?

[AMoreaux]

We found the issue. This PR should fix it #9148

If you want to fix the issue before the release you can keep in your database the single workspace you used and remove the others.
Especially the seeds. So ids '20202020-1c25-4d02-bf25-6aeccf7ea419' and '3b8e6458-5fc1-4e63-8563-008ccddaa6db'

[usag1r]

Fantastic. Deletion of seed Workspace from admin panel after logging in with dummy user worked like a charm. Thanks so much! I would say due to nature of CRM applications, extra extra caution is required in upgrades both from user and developer sides.

Also I think seed ids are unique for each deployment.

[AMoreaux]

Fantastic. Deletion of seed Workspace from admin panel after logging in with dummy user worked like a charm. Thanks so much! I would say due to nature of CRM applications, extra extra caution is required in upgrades both from user and developer sides.

Also I think seed ids are unique for each deployment.

Yeah, you're right, I'm really sorry for the issue. Seed IDs are constants that's why we can exclude them.

[usag1r]

Interestingly. I can't login with dummy user in one of my deployments. So for this particular deployment, both [email protected] and real users are not working and can't delete the seed Workspace that way.

I remembered a detail. I think I've added [email protected] to the main Workspace I was using for test purposes. So potentially this might be causing the issue with logging in to seed Workspace.

Multi workspace is disabled so login screen works properly. I think it may be because I deleted seed user or workspace previously...

[PeterBaker0]

Is there going to be a hotfix for this issue like 0.34.1?

[AMoreaux]

This issue occurs when several workspaces are in your database and your instance is in a single workspace mode. This PR, #9112, prevents the creation of seeds when it's not necessary to avoid this breaking state.

To fix this issue keep only one workspace in your database. The fix is not retroactive. You must delete the useless workspaces in your database.

The workspace ids should be: 20202020-1c25-4d02-bf25-6aeccf7ea419 and 3b8e6458-5fc1-4e63-8563-008ccddaa6db.

The SQL query to delete the seeds workspaces:

DELETE FROM core.workspace WHERE id IN ('20202020-1c25-4d02-bf25-6aeccf7ea419', '3b8e6458-5fc1-4e63-8563-008ccddaa6db')

[usag1r]

Isn't it better approach to give the user ability to choose the workspace while logging in. This way users can work with multiple workspaces in self-hosted environment without subdomain. And future login bugs would have been avoided as well.

One particular strong use case is, especially since we don't have user roles in twenty, when user has a private workspace and a shared workspace with other members. Does it make sense for future development?

[usag1r]

DELETE FROM core.workspace WHERE id IN ('20202020-1c25-4d02-bf25-6aeccf7ea419', '3b8e6458-5fc1-4e63-8563-008ccddaa6db')

I examined multiple fresh and old setups and couldn't see any of those ids. It suggests ids are always unique even for seed workspaces?

However I see something strange, 1 account has workspace status stuck at PENDING_CREATION. I think this could be the issue why I can't login at all. I'll try to delete them all except main workspace, fingers crossed.

[usag1r]

So I finally solved issues with "You're not member of this workspace." on my end. Seed workspaces had users such as tim+[increment] as below:

[email protected]
[email protected]
[email protected]
[email protected]

I think what must have happened is where multiple workspaces exist usernames were automatically incremented by 1. If anyone can't login, by logging in via one of these users and then deleting the workspace from UI as @FelixMalfait suggested or from database connection as @AMoreaux suggested solves the problem.

[raphspeaks]

I also ran into this issue, but also with a foreign key constraint on a user that was used to create the user workspace. In that case I wasn’t able to delete the workspace. If the workspace has a user associated with the workspace you will not be able to delete the workspace.

So, obviously you should back up your db before performing any manual queries.

After you’ve backed up you can run a pg query like:

DELETE FROM core.user WHERE id IN ('94154e8a-f735-40bf-bffb-de0ea4f0778a’)

You would need to do this BEFORE running @AMoreaux ’s query to delete the workspace only if a user is associated with it:

DELETE FROM core.workspace WHERE id IN ('20202020-1c25-4d02-bf25-6aeccf7ea419', '3b8e6458-5fc1-4e63-8563-008ccddaa6db')

[raphspeaks]

So I finally solved issues with "You're not member of this workspace." on my end. Seed workspaces had users such as tim+[increment] as below:

[email protected] [email protected] [email protected] [email protected]

I think what must have happened is where multiple workspaces exist usernames were automatically incremented by 1. If anyone can't login, by logging in via one of these users and then deleting the workspace from UI as @FelixMalfait suggested or from database connection as @AMoreaux suggested solves the problem.

This was not the case for me.