From f47483eca11650237f230385bba9f35fcc2eeb6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Bataille?= <gregory.bataille@gmail.com>
Date: Mon, 27 Aug 2018 15:37:20 +0200
Subject: [PATCH] fix(#638): concurrency issue on new token from refresh token

(cherry picked from commit 199e81846b185f9d932ebcad5097b99a79eac590)
---
 oauth2_provider/oauth2_validators.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py
index 2385be055..3713e6d48 100644
--- a/oauth2_provider/oauth2_validators.py
+++ b/oauth2_provider/oauth2_validators.py
@@ -489,6 +489,12 @@ def save_bearer_token(self, token, request, *args, **kwargs):
             else:
                 # revoke existing tokens if possible to allow reuse of grant
                 if isinstance(refresh_token_instance, RefreshToken):
+                    # First, to ensure we don't have concurrency issues, we refresh the refresth token
+                    # from the db while acquiring a lock on it
+                    refresh_token_instance = RefreshToken.objects.select_for_update().get(
+                        id=refresh_token_instance.id
+                    )
+
                     previous_access_token = AccessToken.objects.filter(
                         source_refresh_token=refresh_token_instance
                     ).first()