From fec6c83570116b407f0a17e26a3c7618c1a8ed4b Mon Sep 17 00:00:00 2001
From: Ricardoalso <ricardo.almeidasoares@camptocamp.com>
Date: Thu, 17 Oct 2024 14:32:06 +0200
Subject: [PATCH] auth_saml: Add FOR UPDATE NOWAIT clause to SAML provider
 query

- Enhance concurrency handling when fetching SAML provider data
- Prevent potential deadlocks by using NOWAIT
- Ensure data consistency during high-traffic scenarios
---
 auth_saml/models/auth_saml_provider.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/auth_saml/models/auth_saml_provider.py b/auth_saml/models/auth_saml_provider.py
index 94c45de06e..c67896c104 100644
--- a/auth_saml/models/auth_saml_provider.py
+++ b/auth_saml/models/auth_saml_provider.py
@@ -308,6 +308,7 @@ def _validate_auth_response(self, token: str, base_url: str = None):
         except SignatureError:
             # we have a metadata url: try to refresh the metadata document
             if self.idp_metadata_url:
+                self.env.cr.execute('SELECT id, idp_metadata from auth_saml_provider FOR UPDATE NOWAIT')
                 self.action_refresh_metadata_from_url()
                 # retry: if it fails again, we let the exception flow
                 client = self._get_client_for_provider(base_url)