oauth2: Resolve race condition in consent memory manager

Closes #600
ory · Nov 6, 2017 · 39e7dfe · 39e7dfe
1 parent c465e57
commit 39e7dfe
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/oauth2/consent_manager_memory.go b/oauth2/consent_manager_memory.go
@@ -15,19 +15,24 @@
 package oauth2
 
 import (
+	"sync"
+
 	"github.com/ory/hydra/pkg"
 	"github.com/pkg/errors"
 )
 
 type ConsentRequestMemoryManager struct {
 	requests map[string]ConsentRequest
+	sync.RWMutex
 }
 
 func NewConsentRequestMemoryManager() *ConsentRequestMemoryManager {
 	return &ConsentRequestMemoryManager{requests: map[string]ConsentRequest{}}
 }
 
 func (m *ConsentRequestMemoryManager) PersistConsentRequest(session *ConsentRequest) error {
+	m.Lock()
+	defer m.Unlock()
 	m.requests[session.ID] = *session
 	return nil
 }
@@ -59,6 +64,8 @@ func (m *ConsentRequestMemoryManager) RejectConsentRequest(id string, payload *R
 }
 
 func (m *ConsentRequestMemoryManager) GetConsentRequest(id string) (*ConsentRequest, error) {
+	m.RLock()
+	defer m.RUnlock()
 	if session, found := m.requests[id]; !found {
 		return nil, errors.Wrap(pkg.ErrNotFound, "")
 	} else {