-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MM-19473] Fix data race on user login #12870
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look excellent. Just one request for a potential unit test below.
app/login.go
Outdated
} | ||
|
||
w.Header().Set(model.HEADER_TOKEN, session.Token) | ||
|
||
a.Session = *session | ||
|
||
if pluginsEnvironment := a.GetPluginsEnvironment(); pluginsEnvironment != nil { | ||
a.Srv.Go(func() { | ||
pluginContext := a.PluginContext() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related to this change, we now guarantee that the plugin context actually has the session. Could we add a unit test for this case to keep it that way? (Ideally something that would have failed before, but I realize that's hard given the goroutine.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will look into this.
Ideally we want to build the app with the -race
flag and make sure that it doesn't report anything. Obviously we are not there yet since there are several races still in the code.
Also, from my prior investigation I've seen tests introducing new kinds of race conditions that are not present when running the application.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looked into this. I couldn't find an easy way to trigger this case without re-implementing some sort of race detection. As noted above, I think we should rely on the built-in -race
flag to make sure this kind of races won't reappear.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
QA will test after it's merged.
* master: (70 commits) Run unused against codebase (mattermost#12968) [MM-12623] Create CLI command "config reset" (mattermost#10296) Migrate tests from store/storetest/status_store.go to use test… (mattermost#12873) Fix golangci-lint target (mattermost#12985) [MM-16437] Plugin crashes the server when calling WriteHeader with an invalid http code (mattermost#11276) MM-18060: Include deleted posts in compliance export. (mattermost#12957) [MM-18331] When patching a bot send websocket notification (mattermost#12373) [MM-19473] Fix data race on user login (mattermost#12870) license, openGraph tests: convert to testify (mattermost#12919) oauth_test: use testify (mattermost#12949) [MM-18830] Unhelpful error message when adding bot to a channel before adding to team (mattermost#12844) emoji_test: update to use testify (mattermost#12932) MM-19310 - Wrong validation message when Bot name ends in a . (mattermost#12905) Migrate tests from store/storetest/oauth_store.go to use testify (mattermost#12875) Include extra metadata when clicking an interactive button (mattermost#12697) MM-19553: Generate valid passwords on bulk import. (mattermost#12871) Convert api4/webhook_test.go t.Fatal calls into require/assert calls (mattermost#12904) Fix golangci-lint target for non GOPATH installations (mattermost#12934) MM-17888 Check plugin Helpers minimum server version comments (mattermost#12663) [MM-18898] Stringify plugin.Log* parameters (mattermost#12700) ...
Summary
PR fixes a data race condition occurring on user login where
App.Session
was concurrently subject of read/write operations. The proposed fix moves the write toApp.Session
in the app layer ensuring write happens in one place and before other goroutines read operations.Thanks to @lieut-data for helping with this.
Ticket Link
https://mattermost.atlassian.net/browse/MM-19473