source.dussan.org Git - nextcloud-server.git/commit

author	Christoph Wurst <christoph@winzerhof-wurst.at>
	Thu, 14 Nov 2019 11:14:26 +0000 (12:14 +0100)
committer	Roeland Jago Douma <roeland@famdouma.nl>
	Tue, 26 Nov 2019 11:07:12 +0000 (12:07 +0100)
commit	0299ea0a965b783a5b4939bcd35ffa8ac0f1a8e8
tree	7ccf77d3eadaf3d9a6bc383215a47780b3dc45b6	tree \| snapshot
parent	dfe85ae0c2c542178657a0a610ecea9f7cd1cea6	commit \| diff

Handle token insert conflicts

Env-based SAML uses the "Apache auth" mechanism to log users in. In this
code path, we first delete all existin auth tokens from the database,
before a new one is inserted. This is problematic for concurrent
requests as they might reach the same code at the same time, hence both
trying to insert a new row wit the same token (the session ID). This
also bubbles up and disables user_saml.

As the token might still be OK (both request will insert the same data),
we can actually just check if the UIDs of the conflict row is the same
as the one we want to insert right now. In that case let's just use the
existing entry and carry on.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

lib/private/Authentication/Token/Manager.php		diff \| blob \| history
tests/lib/Authentication/Token/ManagerTest.php		diff \| blob \| history