From 81014f5f75d2b2c0d2025b1accd59af9d95a5dd7 Mon Sep 17 00:00:00 2001
From: Ricardoalso <ricardo.almeidasoares@camptocamp.com>
Date: Thu, 17 Oct 2024 14:32:06 +0200
Subject: [PATCH] auth_saml: Add FOR UPDATE NOWAIT clause to SAML provider
 query

- Enhance concurrency handling when fetching SAML provider data
- Prevent potential deadlocks by using NOWAIT
- Ensure data consistency during high-traffic scenarios
---
 auth_saml/models/auth_saml_provider.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/auth_saml/models/auth_saml_provider.py b/auth_saml/models/auth_saml_provider.py
index 94c45de06e..66ebaa103e 100644
--- a/auth_saml/models/auth_saml_provider.py
+++ b/auth_saml/models/auth_saml_provider.py
@@ -308,6 +308,9 @@ def _validate_auth_response(self, token: str, base_url: str = None):
         except SignatureError:
             # we have a metadata url: try to refresh the metadata document
             if self.idp_metadata_url:
+                self.env.cr.execute(
+                    "SELECT id, idp_metadata from auth_saml_provider FOR UPDATE NOWAIT"
+                )
                 self.action_refresh_metadata_from_url()
                 # retry: if it fails again, we let the exception flow
                 client = self._get_client_for_provider(base_url)