Fixes #635 - Unique constraint violation when using U2F tokens on PostgreSQL

Because of differences in how .on_conflict() works compared to .replace_into() the PostgreSQL backend wasn't correctly ensuring the unique constraint on user_uuid and atype wasn't getting violated.

This change simply issues a DELETE on the unique constraint prior to the insert to ensure uniqueness. PostgreSQL does not support multiple constraints in ON CONFLICT clauses.
This commit is contained in:
Michael Powers 2020-01-13 21:53:57 -05:00
parent 9ebca99290
commit 76743aee48
No known key found for this signature in database
GPG Key ID: 081A665ADB3123BD

View File

@ -73,6 +73,16 @@ impl TwoFactor {
impl TwoFactor { impl TwoFactor {
#[cfg(feature = "postgresql")] #[cfg(feature = "postgresql")]
pub fn save(&self, conn: &DbConn) -> EmptyResult { pub fn save(&self, conn: &DbConn) -> EmptyResult {
// We need to make sure we're not going to violate the unique constraint on user_uuid and atype.
// This happens automatically on other DBMS backends due to replace_into(). PostgreSQL does
// not support multiple constraints on ON CONFLICT clauses.
let result: EmptyResult = diesel::delete(twofactor::table.filter(twofactor::user_uuid.eq(&self.user_uuid)).filter(twofactor::atype.eq(&self.atype)))
.execute(&**conn)
.map_res("Error deleting twofactor for insert");
if result.is_err() {
return result;
}
diesel::insert_into(twofactor::table) diesel::insert_into(twofactor::table)
.values(self) .values(self)
.on_conflict(twofactor::uuid) .on_conflict(twofactor::uuid)