From a9b208f4704da8ff36c8cf8700c0310bfd06065e Mon Sep 17 00:00:00 2001 From: Sid Date: Sat, 27 Jun 2026 00:05:11 +0530 Subject: [PATCH] fix(auth): add config lock around migration methods (#4447) Per code audit #4388: Wrap _migrate_single_user and _drop_reserved_loaded_users with _config_lock to ensure atomic config reads/writes and prevent potential race conditions during concurrent access. This is a defense-in-depth fix - these methods run at startup before concurrent requests are accepted, but adding the lock makes the code consistent with other config mutations. --- core/auth.py | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/core/auth.py b/core/auth.py index 3bdf0f390..4bc9a70dd 100644 --- a/core/auth.py +++ b/core/auth.py @@ -176,16 +176,17 @@ class AuthManager: ) old_user = "admin" old_hash = self._config["password_hash"] - self._config = { - "users": { - old_user: { - "password_hash": old_hash, - "created": time.time(), - "is_admin": True, + with self._config_lock: + self._config = { + "users": { + old_user: { + "password_hash": old_hash, + "created": time.time(), + "is_admin": True, + } } } - } - self._save() + self._save() logger.info(f"Migrated single-user auth to multi-user (admin: {old_user})") def _drop_reserved_loaded_users(self): @@ -204,8 +205,9 @@ class AuthManager: continue normalized[key] = data if removed or normalized != users: - self._config["users"] = normalized - self._save() + with self._config_lock: + self._config["users"] = normalized + self._save() if removed: logger.warning( "Removed reserved username(s) from auth config: %s",