From 39e7dfe2ecc2df38aed76faf2f9b1134bf6095e1 Mon Sep 17 00:00:00 2001
From: arekkas <aeneas@ory.am>
Date: Mon, 6 Nov 2017 18:13:00 +0100
Subject: [PATCH] oauth2: Resolve race condition in consent memory manager

Closes #600
---
 oauth2/consent_manager_memory.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/oauth2/consent_manager_memory.go b/oauth2/consent_manager_memory.go
index d537374f73c..186c7e5f124 100644
--- a/oauth2/consent_manager_memory.go
+++ b/oauth2/consent_manager_memory.go
@@ -15,12 +15,15 @@
 package oauth2
 
 import (
+	"sync"
+
 	"github.com/ory/hydra/pkg"
 	"github.com/pkg/errors"
 )
 
 type ConsentRequestMemoryManager struct {
 	requests map[string]ConsentRequest
+	sync.RWMutex
 }
 
 func NewConsentRequestMemoryManager() *ConsentRequestMemoryManager {
@@ -28,6 +31,8 @@ func NewConsentRequestMemoryManager() *ConsentRequestMemoryManager {
 }
 
 func (m *ConsentRequestMemoryManager) PersistConsentRequest(session *ConsentRequest) error {
+	m.Lock()
+	defer m.Unlock()
 	m.requests[session.ID] = *session
 	return nil
 }
@@ -59,6 +64,8 @@ func (m *ConsentRequestMemoryManager) RejectConsentRequest(id string, payload *R
 }
 
 func (m *ConsentRequestMemoryManager) GetConsentRequest(id string) (*ConsentRequest, error) {
+	m.RLock()
+	defer m.RUnlock()
 	if session, found := m.requests[id]; !found {
 		return nil, errors.Wrap(pkg.ErrNotFound, "")
 	} else {