Fix handlng of concurrent inserts of the 2FA provider registry DAO

[ChristophWurst]

This was discovered by Sentry once on my private instance and so far I have not been able to reproduce this. Still, the way I implemented this before is prone to concurrency issues.

The problem originates from

server/lib/private/Authentication/TwoFactorAuth/Manager.php

Line 160 in 2a22615

private function fixMissingProviderStates(array $providerStates,

. In this method, we attempt to insert entries for all providers that weren't known before. So if two or more requests concurrently hit section

server/lib/private/Authentication/TwoFactorAuth/Manager.php

Lines 225 to 228 in 2a22615

	$providerStates = $this->providerRegistry->getProviderStates($user);
	$providers = $this->providerLoader->getProviders($user);
	$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);

, they all try to persist the provider state.

I was unable to reproduce this with benchmarking tools and high numbers of concurrent requests, so I used the debugger to simulate it.

Steps to reproduce:

• Delete the backup codes entry in the oc_twofactor_providers table of your test user
• Set breakpoint at

  server/lib/private/Authentication/TwoFactorAuth/Manager.php

  Line 228 in 2a22615

  $fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);

• Wait for your IDE to stop the php execution
• Re-insert the backup codes line deleted above
• Continue php execution

Before this patch: 💥

With this patch: exception is caught and update is run instead.

cc @rullzer @MorrisJobke as discussed at the conf.

[ChristophWurst]

Steps to reproduce:

Edit: to reproduce the issue with the old code, you actually have to set the break point at

server/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php

Line 86 in 2a22615

if ($rowCount > 0) {

and insert the row at that point.