[MM-19473] Fix data race on user login #12870
Conversation
streamer45
added
2: Dev Review
app/login.go
Outdated
| } | ||
|
|
||
| w.Header().Set(model.HEADER_TOKEN, session.Token) | ||
|
|
||
| a.Session = *session | ||
|
|
||
| if pluginsEnvironment := a.GetPluginsEnvironment(); pluginsEnvironment != nil { | ||
| a.Srv.Go(func() { | ||
| pluginContext := a.PluginContext() |
There was a problem hiding this comment.
Related to this change, we now guarantee that the plugin context actually has the session. Could we add a unit test for this case to keep it that way? (Ideally something that would have failed before, but I realize that's hard given the goroutine.)
There was a problem hiding this comment.
I will look into this.
Ideally we want to build the app with the -race flag and make sure that it doesn't report anything. Obviously we are not there yet since there are several races still in the code.
Also, from my prior investigation I've seen tests introducing new kinds of race conditions that are not present when running the application.
There was a problem hiding this comment.
Looked into this. I couldn't find an easy way to trigger this case without re-implementing some sort of race detection. As noted above, I think we should rely on the built-in -race flag to make sure this kind of races won't reappear.
ogi-m
added
QA/Review Done
amyblais
added
Changelog/Not Needed
* master: (70 commits) Run unused against codebase (mattermost#12968) [MM-12623] Create CLI command "config reset" (mattermost#10296) Migrate tests from store/storetest/status_store.go to use test… (mattermost#12873) Fix golangci-lint target (mattermost#12985) [MM-16437] Plugin crashes the server when calling WriteHeader with an invalid http code (mattermost#11276) MM-18060: Include deleted posts in compliance export. (mattermost#12957) [MM-18331] When patching a bot send websocket notification (mattermost#12373) [MM-19473] Fix data race on user login (mattermost#12870) license, openGraph tests: convert to testify (mattermost#12919) oauth_test: use testify (mattermost#12949) [MM-18830] Unhelpful error message when adding bot to a channel before adding to team (mattermost#12844) emoji_test: update to use testify (mattermost#12932) MM-19310 - Wrong validation message when Bot name ends in a . (mattermost#12905) Migrate tests from store/storetest/oauth_store.go to use testify (mattermost#12875) Include extra metadata when clicking an interactive button (mattermost#12697) MM-19553: Generate valid passwords on bulk import. (mattermost#12871) Convert api4/webhook_test.go t.Fatal calls into require/assert calls (mattermost#12904) Fix golangci-lint target for non GOPATH installations (mattermost#12934) MM-17888 Check plugin Helpers minimum server version comments (mattermost#12663) [MM-18898] Stringify plugin.Log* parameters (mattermost#12700) ...
Summary
PR fixes a data race condition occurring on user login where
App.Sessionwas concurrently subject of read/write operations. The proposed fix moves the write toApp.Sessionin the app layer ensuring write happens in one place and before other goroutines read operations.Thanks to @lieut-data for helping with this.
Ticket Link
https://mattermost.atlassian.net/browse/MM-19473