Fix race condition on pages authentication (!838) · Merge requests · GitLab.org / gitlab-pages

Kassio Borges requested to merge kassio/fix-authentication-race-condition into master Nov 21, 2022

What does this MR do?

When the user tries to authenticate and reload the page concurrently, gitlab pages might receive a authentication request with the state already set.

In these cases, we should re-use the state instead of creating a new one. This way, we reduce the chance of a concurrent request return a 401.

before fix	after fix
401	fixed

Related to: gitlab#342587 (closed)

This is not a whole fix, as discussed in gitlab#342587 (comment 1194769865), this might still happen, but less frequently. After this fix we'll be working in implement a new OAuth flow to remove this problem completely.

TODO

Feature flag
- Added feature flag:
- This feature does not require a feature flag
I added the Changelog trailer to the commits that need to be included in the changelog (e.g. Changelog: added)
I added unit tests or they are not required
I added acceptance tests or they are not required
I added documentation (or it's not required)
I followed code review guidelines
I followed Go Style guidelines

Edited Dec 21, 2022 by Kassio Borges

Fix race condition on pages authentication

What does this MR do?

TODO

Merge request reports