Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Race condition in DeviceViewSetMixin.create() bypasses UPDATE_ON_DUPLICATE_REG_ID #596

Open
ge0rg opened this issue Jan 6, 2021 · 1 comment
Open

Race condition in DeviceViewSetMixin.create() bypasses UPDATE_ON_DUPLICATE_REG_ID #596

ge0rg opened this issue Jan 6, 2021 · 1 comment

Comments

@ge0rg
Copy link

ge0rg commented Jan 6, 2021

I have an application with Android clients registering for FCM push. Due to a client bug, the Android client will send two identical POST requests to the GCMDeviceAuthorizedViewSet endpoint in parallel.

I have UPDATE_ON_DUPLICATE_REG_ID=True configured, so I would expect that one of the requests adds the device, and the other one updates it.

However, both requests end up adding the device to the table, resulting in two entries added, because there is no table locking between the instance query based on registration id in https://github.com/jazzband/django-push-notifications/blob/master/push_notifications/api/rest_framework.py#L142-L144 and the table insert in https://github.com/jazzband/django-push-notifications/blob/master/push_notifications/api/rest_framework.py#L156

This can be worked around by setting UNIQUE_REG_ID=True, but please see #595.

A proper solution would be to use update_or_create, which does the proper locking apparently.
@Andrew-Chen-Wang
Copy link
Member

@ge0rg PR welcome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ge0rg @Andrew-Chen-Wang