Rock icon indicating copy to clipboard operation
Rock copied to clipboard

Published 20 hours ago verified publisher icon SparkDevNetwork

Race Condition in New User Account Entry

Open jamrphy-bwd opened this issue 2 years ago • 0 comments

Prerequisites

  • [X] Put an X between the brackets on this line if you have done all of the following:
    • Did you perform a search at https://github.com/issues?q=is%3Aissue+user%3ASparkDevNetwork+-repo%3ARock to see if your bug or enhancement is already reported?
    • Can you reproduce the problem on a fresh install or the demo site?
    • Did you include your Rock version number and client culture setting?

A Picture Is worth a Thousand Words

image

Then, spam click "Next":

image

Also, see record created: image

Description

Clicking the "Next" button in the new account block multiple times will result in an error, and it will not proceed. If what was submitted in the form was all new info - a record will be created with a new UserAccount, but the user will be left with an error message and the page will not proceed to redirect, etc.

Steps to Reproduce

  1. Go to the demo's external site. Click "Login"
  2. Fill out the form with test data. See that the username is available.
  3. Flex your clicking skills on the "Next" button in rapid succession.
  4. See error. Depending on input, an account and person record may have successfully been created.

Expected behavior:

The button should be disabled on click and the block should be unable to start the execution of the click handler again before it completes. The user should be carried on successfully to continue interacting with the website with the creation of an account.

Actual behavior:

A user may click the button more than once. The form may have been completed successfully on the first click event. But, it shows an error and does not proceed.

We recently had one user create a new account and then there were 7 other duplicates created in a very close timeframe (the span of a few seconds). The duplicates did not have user accounts associated. There were 7 exceptions in the log at the time of those user's creations with:

System.ArgumentOutOfRangeException: Username already exists Parameter name: username

at Rock.Model.UserLoginService.Create(RockContext rockContext, Person person, AuthenticationServiceType serviceType, Int32 entityTypeId, String username, String password, Boolean isConfirmed, Boolean isRequirePasswordChange) in C:\Github\Rock13\Rock\Model\CRM\UserLogin\UserLoginService.cs:line 285
   at RockWeb.Blocks.Security.AccountEntry.CreateUser(Person person, Boolean confirmed)
   at RockWeb.Blocks.Security.AccountEntry.btnDuplicatesNext_Click(Object sender, EventArgs e)
   ...

I could not replicate any duplicates being created on the demo. As such, I am not certain that this issue is how we ended up with those. But, it seems at least superficially plausible that fixing this would eliminate the potential for calling code that created the duplicates in our instance.

Versions

  • Rock Version: 13.5 and 13.4 (Demo)
  • Client Culture Setting: en-US

jamrphy-bwd avatar Aug 23 '22 17:08 jamrphy-bwd