Project

General

Profile

Actions
Copy link

Patch #43668

closed

Serialize address limit checks during email_addresses#create

Added by Holger Just 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Marius BĂLTEANU
Category:
Database
Target version:
6.0.9

Description

Admins can define a maximum number of additional email addresses for a user.

However, email_addresses#create is prone to race conditions when checking this limit. If there are many parallel requests to create email addresses for a user, the user may be able to create more than allowed since the check may happen before the other addresses are created.

The attached patch fixes this by ensuring that the check and the subsequent address creation happen serially by explicitly locking the connected user in a transaction. The code is a bit manual as we can't use with_lock or lock! here, given that the User model overwrites the lock! method with unrelated functionality.

Files

0001-Serialize-address-limit-checks-during-email_addresse.patch (1.22 KB) 0001-Serialize-address-limit-checks-during-email_addresse.patch Holger Just, 2026-01-13 12:32
Actions
Copy link
 #1

Updated by Go MAEDA about 2 months ago

  • Target version set to 6.1.2

Setting the target version to 6.1.2.

Actions
Copy link
 #2

Updated by Marius BĂLTEANU about 2 months ago

  • Status changed from New to Resolved
  • Assignee set to Marius BĂLTEANU

Patch committed, thanks!

Actions
Copy link
 #3

Updated by Marius BĂLTEANU about 2 months ago

  • Target version changed from 6.1.2 to 6.0.9
Actions
Copy link
 #4

Updated by Marius BĂLTEANU about 2 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF