fix a potential race condition for pre-login and ext auth

hooks doing something like this: err = provider.updateUser(u) ... return provider.userExists(username) could be racy if another update happen before provider.userExists(username) also pass a pointer to updateUser so if the user is modified inside "validateUser" we can just return the modified user without do a new query
2025-12-08 15:28:05 +03:00 · 2021-01-05 09:50:22 +01:00
parent 72b2c83392
commit daac90c4e1
26 changed files with 167 additions and 163 deletions
--- a/webdavd/internal_test.go
+++ b/webdavd/internal_test.go
@@ -896,7 +896,7 @@ func TestBasicUsersCache(t *testing.T) {
 	}
 	u.Permissions = make(map[string][]string)
 	u.Permissions["/"] = []string{dataprovider.PermAny}
-	err := dataprovider.AddUser(u)
+	err := dataprovider.AddUser(&u)
 	assert.NoError(t, err)
 	user, err := dataprovider.UserExists(u.Username)
 	assert.NoError(t, err)
@@ -969,7 +969,7 @@ func TestBasicUsersCache(t *testing.T) {
 		assert.False(t, cachedUser.IsExpired())
 	}
 	// cache is invalidated after a user modification
-	err = dataprovider.UpdateUser(user)
+	err = dataprovider.UpdateUser(&user)
 	assert.NoError(t, err)
 	_, ok = dataprovider.GetCachedWebDAVUser(username)
 	assert.False(t, ok)
@@ -980,7 +980,7 @@ func TestBasicUsersCache(t *testing.T) {
 	_, ok = dataprovider.GetCachedWebDAVUser(username)
 	assert.True(t, ok)
 	// cache is invalidated after user deletion
-	err = dataprovider.DeleteUser(user)
+	err = dataprovider.DeleteUser(&user)
 	assert.NoError(t, err)
 	_, ok = dataprovider.GetCachedWebDAVUser(username)
 	assert.False(t, ok)
@@ -1001,25 +1001,25 @@ func TestUsersCacheSizeAndExpiration(t *testing.T) {
 	u.Password = password + "1"
 	u.Permissions = make(map[string][]string)
 	u.Permissions["/"] = []string{dataprovider.PermAny}
-	err := dataprovider.AddUser(u)
+	err := dataprovider.AddUser(&u)
 	assert.NoError(t, err)
 	user1, err := dataprovider.UserExists(u.Username)
 	assert.NoError(t, err)
 	u.Username = username + "2"
 	u.Password = password + "2"
-	err = dataprovider.AddUser(u)
+	err = dataprovider.AddUser(&u)
 	assert.NoError(t, err)
 	user2, err := dataprovider.UserExists(u.Username)
 	assert.NoError(t, err)
 	u.Username = username + "3"
 	u.Password = password + "3"
-	err = dataprovider.AddUser(u)
+	err = dataprovider.AddUser(&u)
 	assert.NoError(t, err)
 	user3, err := dataprovider.UserExists(u.Username)
 	assert.NoError(t, err)
 	u.Username = username + "4"
 	u.Password = password + "4"
-	err = dataprovider.AddUser(u)
+	err = dataprovider.AddUser(&u)
 	assert.NoError(t, err)
 	user4, err := dataprovider.UserExists(u.Username)
 	assert.NoError(t, err)
@@ -1137,7 +1137,7 @@ func TestUsersCacheSizeAndExpiration(t *testing.T) {
 	assert.True(t, ok)

 	// now remove user1 after an update
-	err = dataprovider.UpdateUser(user1)
+	err = dataprovider.UpdateUser(&user1)
 	assert.NoError(t, err)
 	_, ok = dataprovider.GetCachedWebDAVUser(user1.Username)
 	assert.False(t, ok)
@@ -1164,13 +1164,13 @@ func TestUsersCacheSizeAndExpiration(t *testing.T) {
 	_, ok = dataprovider.GetCachedWebDAVUser(user4.Username)
 	assert.True(t, ok)

-	err = dataprovider.DeleteUser(user1)
+	err = dataprovider.DeleteUser(&user1)
 	assert.NoError(t, err)
-	err = dataprovider.DeleteUser(user2)
+	err = dataprovider.DeleteUser(&user2)
 	assert.NoError(t, err)
-	err = dataprovider.DeleteUser(user3)
+	err = dataprovider.DeleteUser(&user3)
 	assert.NoError(t, err)
-	err = dataprovider.DeleteUser(user4)
+	err = dataprovider.DeleteUser(&user4)
 	assert.NoError(t, err)

 	err = os.RemoveAll(u.GetHomeDir())