Queue processing can create race condition

[rsisco]

A race condition can occur between the AvaTax extension and other order processing extensions (e.g. Signifyd Fraud Protection), resulting in an incorrect order status.

Preconditions

1. Magento 2.x with Signifyd Fraud Protection enabled
2. AvaTax extension for Magento 2
3. PayPal payment method

Steps to reproduce

1. Place order and pay with PayPal

Expected result

1. The order should be created with a status of 'On Hold' and then go to status of 'Processing' once Signifyd has verified the order. The order should also be submitted to AvaTax via the AvaTax extension's processing queue.

Actual result

1. The order is verified by Signifyd and set to 'Processing', but when the AvaTax queue completes, the order status is reverted to 'On Hold'.

It would appear that if an order is placed on the cusp of the AvaTax queue being processed, the processing of the order by the AvaTax queue and the Signifyd validation process will overlap, and if AvaTax finishes last, it will inadvertently set the order status back to what it was when it first picked it up, which is 'On Hold' in this case.

As can be seen in this screenshot, AvaTax's processing of the order occurred 2 seconds after Signifyd's.

[rsisco]

To resolve the potential for a race condition, we will delay the processing of new orders until they are at least 2 minutes old. This way, extensions like Signifyd will have time to complete their processing of the order before the AvaTax extension picks it up.

[rsisco]

After adding a delay to the queue processing, invoicing an order within two minutes of the next cron run (including orders placed with a payment method that immediately invoices the order) will cause it to be skipped by the next cron run, but executed on the following run: This should provide enough time for other extensions (like Signifyd) to complete their processing of the order/invoice as well.