Description
A race condition exists in PageEditor such that if two threads attempt to log in simultaneously, the ACL page may be saved with /just/ the user who lost the race. Then the other users who had already logged in no longer have expected permissions until they log out/back in.
Steps to reproduce
Log in twice such that the 'current' file is being edited while openidrp is trying to find the contents of the team ACL page.
Component selection
general, PageEditor
Details
PageEditor.SaveText() moves 'current' aside as a lockfile. As a result, if a second SaveText() runs it will detect an apparently empty page, and _add_user_to_team() will create a new one accordingly.
MoinMoin Version |
1.9.2 |
OS and Version |
Ubuntu Lucid |
Python Version |
2.6.5 |
Workaround
we implemented our own locking in openidrp_teams.py _add_user_to_team() which will cause the loser of the race to give up instead of saving a new page. that user (if different) will have to reattempt login since they were not added to the ACL page.
Discussion
If it happens with 1.9.2, please check the changes that happened after 1.9.2 (best is to look at repo).
- - I don't see anything in the changelog relating to this; I'll try to get into diffs.
Also have a look at the pagedir, how exactly does it look like before and after this happens (files, file contents, current file, edit-log file).
- - Interesting:
1318346789000000 00002364 SAVE [acl page title] [...]
1318346813000000 00002365 SAVENEW [acl page title] [...]
![/!\](/moin_static19/modernized/img/alert.png "/!\")
That looks like it thought that the page does not exist yet, thus the "SAVENEW". Maybe a problem with the .exists() method of Page.
Details/etc updated accordingly. As described, the ACL page is normal afterwards, but only contains one user.
What filesystem is the data_dir on? - ext3.
Plan
- Priority:
- Assigned to:
- Status: