django-rest-firebase-auth
django-rest-firebase-auth copied to clipboard
Published
20 hours ago •
walison17
walison17
Probable race condition at User creation
I believe this is a race condition:
- Two simultanous requests arrive from a new/unencountered user.
-
authenticate_credentials()is called on both requests. -
User.DoesNotExistis raised on both requests, causing both to call to default implementation ofcreate_user_from_firebase(). -
User.objects.create(**fields)is called on both calls, with the same params. - One request throws
IntegrityError, as below.
Traceback:
File ".../firebase_auth/authentication.py", line 46, in authenticate
user = self.authenticate_credentials(payload)
File ".../firebase_auth/authentication.py", line 89, in authenticate_credentials
user = self.create_user_from_firebase(uid, firebase_user)
File ".../firebase_auth/authentication.py", line 130, in create_user_from_firebase
return User.objects.create(**fields)
File ".../python/lib/python3.8/site-packages/django/db/models/manager.py", line 85, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File ".../python/lib/python3.8/site-packages/django/db/models/query.py", line 447, in create
obj.save(force_insert=True, using=self.db)
File ".../python/lib/python3.8/site-packages/django/contrib/auth/base_user.py", line 67, in save
super().save(*args, **kwargs)
File ".../python/lib/python3.8/site-packages/django/db/models/base.py", line 753, in save
self.save_base(using=using, force_insert=force_insert,
File ".../python/lib/python3.8/site-packages/django/db/models/base.py", line 790, in save_base
updated = self._save_table(
File ".../python/lib/python3.8/site-packages/django/db/models/base.py", line 895, in _save_table
results = self._do_insert(cls._base_manager, using, fields, returning_fields, raw)
File ".../python/lib/python3.8/site-packages/django/db/models/base.py", line 933, in _do_insert
return manager._insert(
File ".../python/lib/python3.8/site-packages/django/db/models/manager.py", line 85, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File ".../python/lib/python3.8/site-packages/django/db/models/query.py", line 1254, in _insert
return query.get_compiler(using=using).execute_sql(returning_fields)
File ".../python/lib/python3.8/site-packages/django/db/models/sql/compiler.py", line 1397, in execute_sql
cursor.execute(sql, params)
File ".../python/lib/python3.8/site-packages/django/db/backends/utils.py", line 66, in execute
return self._execute_with_wrappers(sql, params, many=False, executor=self._execute)
File ".../python/lib/python3.8/site-packages/django/db/backends/utils.py", line 75, in _execute_with_wrappers
return executor(sql, params, many, context)
File ".../python/lib/python3.8/site-packages/django/db/backends/utils.py", line 84, in _execute
return self.cursor.execute(sql, params)
File ".../python/lib/python3.8/site-packages/django/db/utils.py", line 90, in __exit__
raise dj_exc_value.with_traceback(traceback) from exc_value
File ".../python/lib/python3.8/site-packages/django/db/backends/utils.py", line 84, in _execute
return self.cursor.execute(sql, params)
django.db.utils.IntegrityError: duplicate key value violates unique constraint "core_user_username_key"
DETAIL: Key (username)=(<SNIP>) already exists.
Quick fix possible by changing User.objects.create(**fields) to User.objects.get_or_create(**fields) ?
@wodow Did you find a solution for this, I'm having a similar problem with another auth library.
Quick fix possible by changing
User.objects.create(**fields)toUser.objects.get_or_create(**fields)?
yes, get_or_create can handle race condition but only if the uid_field have a unique constraint at database level
