fix: duplicate user_code update

canonical · Sep 26, 2024 · 2dab3f7 · 2dab3f7
1 parent 59bbd89
commit 2dab3f7
Showing 1 changed file with 21 additions and 11 deletions.
diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go
@@ -701,16 +701,26 @@ func (p *Persister) UpdateAndInvalidateUserCodeSessionByRequestID(ctx context.Co
 	defer otelx.End(span, &err)
 
 	// TODO(nsklikas): afaict this is supposed to return an error if no rows were updated, but this is not the actual behavior.
-	// We need to either fix this OR do a select -> check -> update (this would require 2 queries instead of 1).
 	/* #nosec G201 table is static */
-	return sqlcon.HandleError(
-		p.Connection(ctx).
-			RawQuery(
-				fmt.Sprintf("UPDATE %s SET active=false, challenge_id=? WHERE request_id=? AND nid = ? AND active=true", OAuth2RequestSQL{Table: sqlTableUserCode}.TableName()),
-				challenge_id,
-				request_id,
-				p.NetworkID(ctx),
-			).
-			Exec(),
-	)
+	// return sqlcon.HandleError(
+	// 	p.Connection(ctx).
+	// 		RawQuery(
+	// 			fmt.Sprintf("UPDATE %s SET active=false, challenge_id=? WHERE request_id=? AND nid = ? AND active=true", OAuth2RequestSQL{Table: sqlTableUserCode}.TableName()),
+	// 			challenge_id,
+	// 			request_id,
+	// 			p.NetworkID(ctx),
+	// 		).
+	// 		Exec(),
+	// )
+	if count, err := p.Connection(ctx).RawQuery(
+		fmt.Sprintf("UPDATE %s SET active=false, challenge_id=? WHERE request_id=? AND nid = ? AND active=true", OAuth2RequestSQL{Table: sqlTableUserCode}.TableName()),
+		challenge_id,
+		request_id,
+		p.NetworkID(ctx),
+	).ExecWithCount(); count == 0 && err == nil {
+		return errorsx.WithStack(x.ErrNotFound)
+	} else if err != nil {
+		return sqlcon.HandleError(err)
+	}
+	return nil
 }