Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make
#increment_failed_attempts
concurrency safe
As reported in #4981, the method `#increment_failed_attempts` of `Devise::Models::Lockable` was not concurrency safe. The increment operation was being done in two steps: first the value was read from the database, and then incremented by 1. This may result in wrong values if two requests try to update the value concurrently. For example: Browser1 -------> Read `failed_attempts` from DB (1) -------> Increment `failed_attempts` to 2 Browser2 -------> Read `failed_attempts` from DB (1) -------> Increment `failed_attempts` to 2 In the example above, `failed_attempts` should have been set to 3, but it will be set to 2. This commit handles this case by calling ActiveRecord's `#increment!` method, which will do this operation [atomically](https://api.rubyonrails.org/classes/ActiveRecord/Persistence.html#method-i-increment-21). Co-authored-by: Marcos Ferreira <marcos.ferreira@plataformatec.com.br>
- Loading branch information