Avoid creating duplicate voters in polls #5532
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
javierm
added
Bug
Polls
security
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
javierm
force-pushed
the
poll_duplicate_voters
branch
3 times, most recently
from
ff166db
to
377e3f2
Compare
javierm
force-pushed
the
rename_question_answer_to_option
branch
from
433ed8f
to
a4779f5
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
3 times, most recently
from
d403177
to
1756667
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
7 times, most recently
from
ffdb562
to
d7efc4b
Compare
javierm
force-pushed
the
rename_question_answer_to_option
branch
from
a4779f5
to
3284871
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
2 times, most recently
from
63b25c4
to
be02718
Compare
javierm
force-pushed
the
rename_question_answer_to_option
branch
2 times, most recently
from
87540aa
to
0e31139
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
from
be02718
to
70e5e7c
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
from
70e5e7c
to
44fa923
Compare
javierm
force-pushed
the
rename_question_answer_to_option
branch
3 times, most recently
from
785e0e4
to
6cb3c14
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
from
44fa923
to
8a1a55d
Compare
javierm
force-pushed
the
rename_question_answer_to_option
branch
3 times, most recently
from
49ac93b
to
eb8b66b
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
from
8a1a55d
to
6a3d88a
Compare
javierm
force-pushed
the
rename_question_answer_to_option
branch
from
8d6cece
to
8420ea1
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
from
6a3d88a
to
4b592eb
Compare
javierm
force-pushed
the
rename_question_answer_to_option
branch
from
8420ea1
to
ca8329d
Compare
javierm
force-pushed
the
poll_duplicate_voters
branch
from
4b592eb
to
e0aea12
Compare
taitus
approved these changes
Jun 14, 2024
javierm
force-pushed
the
poll_duplicate_voters
branch
from
e0aea12
to
08f2914
Compare
We were getting `undefined method `lock!' for nil:NilClass` when the question allowed multiple answers.
Since we were only using it in one place, it made the code harder to follow. We'll extract it again if we ever find a way to reuse it.
We were checking we didn't have more votes than allowed in the case of questions with multiple answers, but we weren't checking it in the case of questions with a single answer. This made it possible to create more than one answer to the same question. This could happen because the method `find_or_initialize_user_answer` might initialize two answers in different threads, due to a race condition.
That way the record is only locked while necessary.
Note that, when taking votes from an erased user, since poll answers don't belong to poll voters, we were not migrating them in the `take_votes_from` method (and we aren't migrating them now either).
Note that, since poll answers belong to a user and not to a voter, we aren't doing anything regarding poll answers. This is a separate topic that might be dealt with in a separate pull request. Also note that, since there are no records belonging to poll voters, and poll voters don't use `acts_as_paranoia` and don't have any callbacks on destroy, it doesn't really matter whether we call `destroy!` or `delete`. We're using `delete` so there are no unintended side-effects that might affect voters with the same `user_id` and `poll_id` on Consul Democracy installations customizing this behavior.
It might be interesting in some cases to check the information related to those records.
javierm
force-pushed
the
poll_duplicate_voters
branch
from
08f2914
to
bb0154b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
References
Objectives
Notes
We can't introduce a unique index yet; otherwise, the migration introducing it will crash if there are duplicate records. So we'll add the unique index to the
poll_voterstable after releasing version 2.2.0.Release notes
ℹ️ Due to a race condition, until now, there was about a 1 in 10,000 chance to get duplicate records when people voted in a poll. This release fixes that (see pull requests #5532 and #5539) and, as part of the release tasks, provides tasks to remove the duplicate records. A log file
log/duplicate_records.logwill contain the information about the deleted records. As usual, backup your database before upgrading.Sponsored
Functionality developed by