Keystore.put uses database FOR UPDATE without a transaction

[project-concerto]

Keystore.put calls find_or_create_key_for_update, which in turns use self.lock(true) that issues a FOR UPDATE SQL query. FOR UPDATE is only useful in transactions, but Keystore.put does not use any transactions. Thus, the put operation loses its atomicity.

This only happens when the database being used is neither MySQL or SQLite. But I think it is still an issue worth fixing.

lobsters/app/models/keystore.rb

Lines 16 to 32 in fba26ed

	def self.put(key, value)
	validate_input_key(key)
	if Keystore.connection.adapter_name == "SQLite"
	Keystore.connection.execute("INSERT OR REPLACE INTO " <<
	"#{Keystore.table_name} (`key`, `value`) VALUES " <<
	"(#{q(key)}, #{q(value)})")
	elsif Keystore.connection.adapter_name =~ /Mysql/
	Keystore.connection.execute("INSERT INTO #{Keystore.table_name} (" +
	"`key`, `value`) VALUES (#{q(key)}, #{q(value)}) ON DUPLICATE KEY " +
	"UPDATE `value` = #{q(value)}")
	else
	kv = self.find_or_create_key_for_update(key, value)
	kv.value = value
	kv.save!
	end
	true
	end

lobsters/app/models/keystore.rb

Lines 62 to 77 in fba26ed

	def self.find_or_create_key_for_update(key, init = nil)
	loop do
	found = self.lock(true).find_by(:key => key)
	return found if found
	begin
	self.create! do |kv|
	kv.key = key
	kv.value = init
	kv.save!
	end
	rescue ActiveRecord::RecordNotUnique
	nil
	end
	end
	end

[pushcx]

Thanks for recognizing and pointing it out, seems worth an improvement.