fix: catch race conditions when creating users

2026-03-14 15:11:19 +03:00
parent 9787fb699a
commit f3811b7520
2 changed files with 78 additions and 7 deletions
@@ -1,6 +1,7 @@
 from unittest.mock import patch

 import pytest
+from django.db import IntegrityError
 from django.test import override_settings
 from django.urls import reverse

@@ -61,6 +62,64 @@ def test_phone_auth_request_existing_phone_no_duplicate_user(client):
    assert PhoneOTP.objects.filter(phone_number="+966512345678").count() == 1


+@pytest.mark.django_db
+@override_settings(OTP_PROVIDER="console")
+def test_phone_auth_request_handles_duplicate_user_creation(client):
+    original_create_user = User.objects.create_user
+    otp_code = "123456"
+
+    def create_user_and_raise(*args, **kwargs):
+        original_create_user(*args, **kwargs)
+        raise IntegrityError("duplicate user")
+
+    with patch("apps.accounts.views.User.objects.create_user", side_effect=create_user_and_raise):
+        with patch("apps.accounts.services.otp.generate_code", return_value=otp_code):
+            response = client.post(
+                reverse("phone_auth_request"),
+                {
+                    "phone_number": "0512345678",
+                    "channel": "sms",
+                    "first_name": "Sara",
+                    "last_name": "Ali",
+                    "email": "sara@example.com",
+                },
+                content_type="application/json",
+            )
+
+    assert response.status_code == 201
+    assert User.objects.filter(phone_number="+966512345678").count() == 1
+    assert PhoneOTP.objects.filter(phone_number="+966512345678").count() == 1
+
+
+@pytest.mark.django_db
+@override_settings(OTP_PROVIDER="console")
+def test_phone_auth_request_race_with_email_conflict(client):
+    original_create_user = User.objects.create_user
+    target_email = "race@example.com"
+
+    def create_conflict_user_then_raise(*args, **kwargs):
+        original_create_user(phone_number="+966500000002", email=target_email)
+        raise IntegrityError("email already claimed")
+
+    before_otp_count = PhoneOTP.objects.count()
+
+    with patch("apps.accounts.views.User.objects.create_user", side_effect=create_conflict_user_then_raise):
+        response = client.post(
+            reverse("phone_auth_request"),
+            {
+                "phone_number": "0512345678",
+                "channel": "sms",
+                "email": target_email,
+            },
+            content_type="application/json",
+        )
+
+    assert response.status_code == 400
+    assert "detail" in response.json()
+    assert User.objects.filter(phone_number="+966512345678").count() == 0
+    assert PhoneOTP.objects.count() == before_otp_count
+
+
@pytest.mark.django_db
@override_settings(OTP_PROVIDER="console")
 def test_phone_auth_request_rejects_email_already_used(client):