Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-40405

Assignments service vulnerable to duplicate submission race condition

    Details

    • Type: Bug
    • Status: OPEN
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 12.3
    • Fix Version/s: None
    • Component/s: Assignments
    • Labels:
      None
    • Test Plan:
      Hide

      Please add a Test Plan here.

      Show
      Please add a Test Plan here.

      Description

      We have some local CXF webservice code that adds or updates an assignment submission like this:

                      AssignmentSubmission sub = assignmentService.getSubmission(assignmentId, user);
                      if (sub == null) {
                              sub = assignmentService.addSubmission(assignmentId, user.getId());
                      }
                      String scaledGrade = String.valueOf(Math.round(grade * scaleFactor));
                      sub.setFeedbackComment(comment);
                      sub.setGrade(scaledGrade);
                      sub.setGraded(true);
                      sub.setGradeReleased(true);
                      assignmentService.updateSubmission(sub);
      

      It seems this is vulnerable to a race condition because we now have a few cases where the webservice has been called nearly simultaneously from an external app to add/update a submission for the same assignment and student. The result is multiple submissions (pair of records in ASN_SUBMISSION / ASN_SUBMISSION_SUBMITTER) for the same student.

      This causes errors in the Assignments page and subsequent calls to the webservice because of this NonUniqueResultException:

      org.hibernate.NonUniqueResultException: query did not return a unique result: 3
      at org.hibernate.internal.AbstractQueryImpl.uniqueElement(AbstractQueryImpl.java:975)
      at org.hibernate.internal.CriteriaImpl.uniqueResult(CriteriaImpl.java:402)
      at org.sakaiproject.assignment.impl.persistence.AssignmentRepositoryImpl.findSubmissionForUser(AssignmentRepositoryImpl.java:165)
      

      I'm not sure what the best solution is here. Basically there is a constraint that's not enforced in the database, and there isn't a locking mechanism in the service.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ern Earle R Nietzel
                  Reporter:
                  smarquard Stephen Marquard
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:

                    Git Source Code