Skip to content

[AAP-66801] Fix race condition in OAuth2AccessToken.is_valid() causing HTTP 500 #907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
DenisKoleda wants to merge 3 commits into
base: devel
Choose a base branch
from
+4 −2
Open

[AAP-66801] Fix race condition in OAuth2AccessToken.is_valid() causing HTTP 500 #907

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6d12313
Fix race condition in OAuth2AccessToken.is_valid() causing HTTP 500
DenisKoleda Dec 16, 2025
bbf4c0e
Apply suggestion from @john-westcott-iv
john-westcott-iv Feb 26, 2026
f4ed60d
Merge branch 'devel' into fix/oauth2-token-race-condition
DenisKoleda Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions ansible_base/oauth2_provider/models/access_token.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,10 @@ def is_valid(self, scopes=None):
self.last_used = now()

def _update_last_used():
if OAuth2AccessToken.objects.filter(pk=self.pk).exists():
self.save(update_fields=['last_used'])
# QuerySet.update() is used instead of save() to avoid a race condition
# where concurrent requests updating last_used can cause DatabaseError.
# This is safe because last_used is a trivial field with no save() side effects.
OAuth2AccessToken.objects.filter(pk=self.pk).update(last_used=self.last_used)
Comment thread
john-westcott-iv marked this conversation as resolved.

connection.on_commit(_update_last_used)
return valid
Expand Down
Loading