search

diefenbach / django-lfs

An online-shop based on Django
http://www.getlfs.com
BSD 3-Clause "New" or "Revised" License
622 stars 222 forks source link

Vouchers can be used more than their usage limit under concurrent access #202

Closed TWarszawski closed 7 years ago

TWarszawski commented 8 years ago

When two customers check out concurrently using the same voucher that has a usage limit of one, the voucher can be used twice.

Steps to reproduce:

  1. Start demo site, create two customers, create/pick test product, create test voucher with usage limit of 1.
  2. Both customers add the product to their cart. Perform a checkout concurrently, being sure to apply the voucher and complete the order as close to the same time as possible.

We have reproduced this behavior on a single machine, by performing the above steps with one customer in one browser window and another customer in a second browser window with a short communication delay (100 ms) between the database and application. If connecting to the database using unix sockets, the following script can act as a proxy that delays packets: https://gist.github.com/TWarszawski/a0d8dd8aea9eb5b774d64c9f826de6db

Expected Result: Only one checkout successfully completes using the voucher.

Actual Result: Both checkouts successfully complete using the voucher.

diefenbach commented 7 years ago

Should be fixed in dev. see: 90f570af30cfdb899a8e419e68d0b2b08118cf33