fix: dispatch pending events after user creation commits
The register handler, local/LDAP login and the OIDC callback all queue the user.created event via DispatchOnCommit but never called DispatchPending, so the event was silently dropped and its queue entry leaked. Flush after commit and discard on rollback.
This commit is contained in:
parent
126ea78dac
commit
ae908be716
|
|
@ -27,6 +27,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"code.vikunja.io/api/pkg/db"
|
||||
"code.vikunja.io/api/pkg/events"
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
"code.vikunja.io/api/pkg/models"
|
||||
"code.vikunja.io/api/pkg/modules/auth"
|
||||
|
|
@ -187,6 +188,9 @@ func HandleCallback(c *echo.Context) error {
|
|||
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
// Discards events queued during a rolled-back transaction (e.g. user
|
||||
// creation); a no-op once DispatchPending has run.
|
||||
defer events.CleanupPending(s)
|
||||
|
||||
// Check if we have seen this user before
|
||||
u, err := getOrCreateUser(s, cl, provider, idToken)
|
||||
|
|
@ -212,6 +216,9 @@ func HandleCallback(c *echo.Context) error {
|
|||
if err := enforceTOTPIfRequired(s, u, cb.TOTPPasscode); err != nil {
|
||||
if commitErr := s.Commit(); commitErr != nil {
|
||||
log.Errorf("Error committing session after failed OIDC TOTP attempt for user %d: %v", u.ID, commitErr)
|
||||
} else {
|
||||
// The user creation above was committed, so its events are real.
|
||||
events.DispatchPending(c.Request().Context(), s)
|
||||
}
|
||||
if user.IsErrInvalidTOTPPasscode(err) {
|
||||
user.HandleFailedTOTPAuth(u)
|
||||
|
|
@ -233,6 +240,8 @@ func HandleCallback(c *echo.Context) error {
|
|||
return err
|
||||
}
|
||||
|
||||
events.DispatchPending(c.Request().Context(), s)
|
||||
|
||||
// Create token
|
||||
return auth.NewUserAuthTokenResponse(u, c, false)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -53,6 +53,9 @@ func Login(c *echo.Context) (err error) {
|
|||
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
// Discards events queued during a rolled-back transaction (e.g. LDAP user
|
||||
// creation); a no-op once DispatchPending has run.
|
||||
defer events.CleanupPending(s)
|
||||
|
||||
var user *user2.User
|
||||
if config.AuthLdapEnabled.GetBool() {
|
||||
|
|
@ -127,6 +130,8 @@ func Login(c *echo.Context) (err error) {
|
|||
return err
|
||||
}
|
||||
|
||||
events.DispatchPending(c.Request().Context(), s)
|
||||
|
||||
// Create token
|
||||
return auth.NewUserAuthTokenResponse(user, c, u.LongToken)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import (
|
|||
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"code.vikunja.io/api/pkg/db"
|
||||
"code.vikunja.io/api/pkg/events"
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
"code.vikunja.io/api/pkg/metrics"
|
||||
"code.vikunja.io/api/pkg/models"
|
||||
|
|
@ -79,14 +80,18 @@ func RegisterUser(c *echo.Context) error {
|
|||
})
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
events.CleanupPending(s)
|
||||
return err
|
||||
}
|
||||
|
||||
if err := s.Commit(); err != nil {
|
||||
_ = s.Rollback()
|
||||
events.CleanupPending(s)
|
||||
return err
|
||||
}
|
||||
|
||||
events.DispatchPending(c.Request().Context(), s)
|
||||
|
||||
// Bust the cached user count so the new registration shows up in metrics
|
||||
// immediately instead of after the regular cache expiry.
|
||||
if config.MetricsEnabled.GetBool() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue