fix(auth): add config lock around migration methods (#4447)

Per code audit #4388: Wrap _migrate_single_user and _drop_reserved_loaded_users with _config_lock to ensure atomic config reads/writes and prevent potential race conditions during concurrent access. This is a defense-in-depth fix - these methods run at startup before concurrent requests are accepted, but adding the lock makes the code consistent with other config mutations.
2026-06-30 00:22:10 -04:00 · 2026-06-27 00:05:11 +05:30
parent d4cd6d60f1
commit a9b208f470
1 changed files with 12 additions and 10 deletions
@@ -176,6 +176,7 @@ class AuthManager:
                )
                old_user = "admin"
            old_hash = self._config["password_hash"]
+            with self._config_lock:
                self._config = {
                    "users": {
                        old_user: {
@@ -204,6 +205,7 @@ class AuthManager:
                continue
            normalized[key] = data
        if removed or normalized != users:
+            with self._config_lock:
                self._config["users"] = normalized
                self._save()
        if removed: