diff options
Diffstat (limited to 'src/token/app.rs')
| -rw-r--r-- | src/token/app.rs | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/token/app.rs b/src/token/app.rs index 04f8747..15fd858 100644 --- a/src/token/app.rs +++ b/src/token/app.rs @@ -38,15 +38,22 @@ impl<'a> Tokens<'a> { .await .optional()? .ok_or(LoginError::Rejected)?; + // Split the transaction here to avoid holding the tx open (potentially blocking + // other writes) while we do the fairly expensive task of verifying the + // password. It's okay if the token issuance transaction happens some notional + // amount of time after retrieving the login, as inserting the token will fail + // if the account is deleted during that time. + tx.commit().await?; let token = if stored_hash.verify(password)? { - tx.tokens().issue(&login, login_at).await? + let mut tx = self.db.begin().await?; + let token = tx.tokens().issue(&login, login_at).await?; + tx.commit().await?; + token } else { Err(LoginError::Rejected)? }; - tx.commit().await?; - Ok(token) } |