fix: move email & sms send out of the POST /user transaction
#2022
Conversation
Pull Request Test Coverage Report for Build 15084496549Details
💛 - Coveralls |
There was a problem hiding this comment.
Apologies if you already considered this, but I think it's worth noting this is a really big behavior change and I worry without extensive tests there could be potential bugs or potential security considerations we are missing. I think it's worth thinking about what is done and rolled back in the current transaction.
For example the transaction in UserUpdate will:
- UpdatePassword
- UpdateUserMetadata
- UpdateAppMetadata
- Conditionally:
- Call emailChangeVerify
- Calls ClearOneTimeTokenForUser
- Updates confirmation status
- Update identities and perform email confirmation
- Call emailChangeVerify
Knowing that I think it's worth evaluating what sendEmailChange does and how it fails. For example it will call validateSentWithinFrequencyLimit, have we carefully considered the consequences of leaving the transaction in UserUpdate committed without performing all the write operations within sendEmailChange.
| @@ -263,5 +261,19 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error { | |||
| return err | |||
| } | |||
|
|
|||
| if sendEmailChange { | |||
| // email sending should not hold a database transaction open as latency incurred by SMTP or HTTP hooks can exhaust the database pool | |||
| if err := a.sendEmailChange(r, db, user, params.Email, flowType); err != nil { | |||
There was a problem hiding this comment.
Have we thought through the consequences of not rolling back the previous values in the transaction when sendEmailChange fails at every failure point?
There was a problem hiding this comment.
In general I think it should be fine. Yea the email send will fail, but the request will also fail and user can ask for re-send when email sending / SMS sending is back online.
There was a problem hiding this comment.
Maybe we need to do the rate limit prior the transaction as well.
hf
force-pushed
the
hf/move-email-sms-send-out-of-update-user-transaction
branch
from
278aa80 to
01c04ef
Compare
Keeping this inside the transaction can exhaust the database pool grinding full Auth to a halt, especially if the SMTP server or hook takes more than a few milliseconds to complete.