Content
View differences
Updated by Pavel Balashou over 1 year ago
### Steps to reproduce
Hard to reproduce. It happens on community instance.
### What is the buggy behavior?
* Some users lose connection to Nexcloud, because OAuth tokens are removed suddenly.
### What is the expected behavior?
1. Nextcloud OAuth tokens live longer life.
2. And users do not need complete OAuth grant flow too often.
### Environment information
**OpenProject installation type**
* [x] Hosted cloud edition
### Diagram showing concurrent request issue.
It shows that optimistic locking is not enough. <img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/198023/content">
Mermaid diagram source code.
```mermaid edition
sequenceDiagram * [ ] Packaged installation
participant OP1 as OpenProject Process 1
participant OP2 as OpenProject Process 2
participant OPDB as OpenProject DB
participant NC as Nextcloud
OP1->>OPDB: Get Token
OPDB->>OP1: Return Token!
OP2->>OPDB: Get Token
OPDB->>OP2: Return Token!
OP1->>NC: FileInfo Req
# Note over NC,OP1: A typical interaction
NC->>OP1: FileInfo Resp Auth Failed
OP1->>NC: RefreshToken Req
NC->>OP1: RefreshToken Resp Success
OP2->>NC: FileInfo Req
# Note over NC,OP1: A typical interaction
NC->>OP2: FileInfo Resp Auth Failed
OP2->>NC: RefreshToken Req
NC->>OP2: RefreshToken Resp Failed
OP2->>OPDB: Destroy Token
OPDB->>OP2: Destroy Token Success
Note over OP2,OPDB: Success due to nothing to prevent that. <br>Optimistic lock does not help.
OP1->>OPDB: Update Token
OPDB->>OP1: Update Token Failure
Note over OP1,OPDB: Failure because token has been destroyed. <br> ActiveRecord::StaleObject if optimistic locking is on.
OP2->>OP2: Return unauthorized response
OP1->>OP1: Return 409 Conflict response * What distribution?
* [ ] Docker All-in-one container
``` * [ ] Docker-compose installation
* [ ] Other (please specify)
Hard to reproduce. It happens on community instance.
### What is the buggy behavior?
* Some users lose connection to Nexcloud, because OAuth tokens are removed suddenly.
### What is the expected behavior?
1. Nextcloud OAuth tokens live longer life.
2. And users do not need complete OAuth grant flow too often.
### Environment information
**OpenProject installation type**
* [x] Hosted cloud edition
### Diagram showing concurrent request issue.
It shows that optimistic locking is not enough. <img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/198023/content">
Mermaid diagram source code.
```mermaid
sequenceDiagram
participant OP1 as OpenProject Process 1
participant OP2 as OpenProject Process 2
participant OPDB as OpenProject DB
participant NC as Nextcloud
OP1->>OPDB: Get Token
OPDB->>OP1: Return Token!
OP2->>OPDB: Get Token
OPDB->>OP2: Return Token!
OP1->>NC: FileInfo Req
# Note over NC,OP1: A typical interaction
NC->>OP1: FileInfo Resp Auth Failed
OP1->>NC: RefreshToken Req
NC->>OP1: RefreshToken Resp Success
OP2->>NC: FileInfo Req
# Note over NC,OP1: A typical interaction
NC->>OP2: FileInfo Resp Auth Failed
OP2->>NC: RefreshToken Req
NC->>OP2: RefreshToken Resp Failed
OP2->>OPDB: Destroy Token
OPDB->>OP2: Destroy Token Success
Note over OP2,OPDB: Success due to nothing to prevent that. <br>Optimistic lock does not help.
OP1->>OPDB: Update Token
OPDB->>OP1: Update Token Failure
Note over OP1,OPDB: Failure because token has been destroyed. <br> ActiveRecord::StaleObject if optimistic locking is on.
OP2->>OP2: Return unauthorized response
OP1->>OP1: Return 409 Conflict response
* [ ] Docker All-in-one container
```
* [ ] Other (please specify)