fix: move email & sms send out of the POST /user transaction

hf · hf · commit 278aa80fe2e0 · 2025-05-14T10:13:06.000+02:00
diff --git a/internal/api/user.go b/internal/api/user.go
@@ -181,6 +181,9 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	var sendEmailChange, sendPhoneConfirmation bool
+	flowType := getFlowFromChallenge(params.CodeChallenge)
+
 	err := db.Transaction(func(tx *storage.Connection) error {
 		var terr error
 		if params.Password != nil {
@@ -223,17 +226,14 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error {
 				}
 
 			} else {
-				flowType := getFlowFromChallenge(params.CodeChallenge)
 				if isPKCEFlow(flowType) {
 					_, terr := generateFlowState(tx, models.EmailChange.String(), models.EmailChange, params.CodeChallengeMethod, params.CodeChallenge, &user.ID)
 					if terr != nil {
 						return terr
 					}
-
-				}
-				if terr = a.sendEmailChange(r, tx, user, params.Email, flowType); terr != nil {
-					return terr
 				}
+
+				sendEmailChange = true
 			}
 		}
 
@@ -247,9 +247,7 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error {
 					return terr
 				}
 			} else {
-				if _, terr := a.sendPhoneConfirmation(r, tx, user, params.Phone, phoneChangeVerification, params.Channel); terr != nil {
-					return terr
-				}
+				sendPhoneConfirmation = true
 			}
 		}
 
@@ -263,5 +261,19 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
+	if sendEmailChange {
+		// email sending should not hold a database transaction open as latency incurred by SMTP or HTTP hooks can exhaust the database pool
+		if err := a.sendEmailChange(r, db, user, params.Email, flowType); err != nil {
+			return err
+		}
+	}
+
+	if sendPhoneConfirmation {
+		// SMS sending should not hold a database transaction open as latency incurred by SMTP or HTTP hooks can exhaust the database pool
+		if _, err := a.sendPhoneConfirmation(r, db, user, params.Phone, phoneChangeVerification, params.Channel); err != nil {
+			return err
+		}
+	}
+
 	return sendJSON(w, http.StatusOK, user)
 }

Original file line number	Diff line number	Diff line change
`@@ -181,6 +181,9 @@ func (a API) UserUpdate(w http.ResponseWriter, r http.Request) error {`
`181`	`181`	`}`
`182`	`182`	`}`
`183`	`183`
	`184`	`+ var sendEmailChange, sendPhoneConfirmation bool`
	`185`	`+ flowType := getFlowFromChallenge(params.CodeChallenge)`
	`186`	`+`
`184`	`187`	`err := db.Transaction(func(tx *storage.Connection) error {`
`185`	`188`	`var terr error`
`186`	`189`	`if params.Password != nil {`
`@@ -223,17 +226,14 @@ func (a API) UserUpdate(w http.ResponseWriter, r http.Request) error {`
`223`	`226`	`}`
`224`	`227`
`225`	`228`	`} else {`
`226`		`- flowType := getFlowFromChallenge(params.CodeChallenge)`
`227`	`229`	`if isPKCEFlow(flowType) {`
`228`	`230`	`_, terr := generateFlowState(tx, models.EmailChange.String(), models.EmailChange, params.CodeChallengeMethod, params.CodeChallenge, &user.ID)`
`229`	`231`	`if terr != nil {`
`230`	`232`	`return terr`
`231`	`233`	`}`
`232`		`-`
`233`		`- }`
`234`		`- if terr = a.sendEmailChange(r, tx, user, params.Email, flowType); terr != nil {`
`235`		`- return terr`
`236`	`234`	`}`
	`235`	`+`
	`236`	`+ sendEmailChange = true`
`237`	`237`	`}`
`238`	`238`	`}`
`239`	`239`
`@@ -247,9 +247,7 @@ func (a API) UserUpdate(w http.ResponseWriter, r http.Request) error {`
`247`	`247`	`return terr`
`248`	`248`	`}`
`249`	`249`	`} else {`
`250`		`- if _, terr := a.sendPhoneConfirmation(r, tx, user, params.Phone, phoneChangeVerification, params.Channel); terr != nil {`
`251`		`- return terr`
`252`		`- }`
	`250`	`+ sendPhoneConfirmation = true`
`253`	`251`	`}`
`254`	`252`	`}`
`255`	`253`
`@@ -263,5 +261,19 @@ func (a API) UserUpdate(w http.ResponseWriter, r http.Request) error {`
`263`	`261`	`return err`
`264`	`262`	`}`
`265`	`263`
	`264`	`+ if sendEmailChange {`
	`265`	`+ // email sending should not hold a database transaction open as latency incurred by SMTP or HTTP hooks can exhaust the database pool`
	`266`	`+ if err := a.sendEmailChange(r, db, user, params.Email, flowType); err != nil {`
	`267`	`+ return err`
	`268`	`+ }`
	`269`	`+ }`
	`270`	`+`
	`271`	`+ if sendPhoneConfirmation {`
	`272`	`+ // SMS sending should not hold a database transaction open as latency incurred by SMTP or HTTP hooks can exhaust the database pool`
	`273`	`+ if _, err := a.sendPhoneConfirmation(r, db, user, params.Phone, phoneChangeVerification, params.Channel); err != nil {`
	`274`	`+ return err`
	`275`	`+ }`
	`276`	`+ }`
	`277`	`+`
`266`	`278`	`return sendJSON(w, http.StatusOK, user)`
`267`	`279`	`}`