diff --git a/auth_saml/models/auth_saml_provider.py b/auth_saml/models/auth_saml_provider.py index 6850f6a934..cbba99a293 100644 --- a/auth_saml/models/auth_saml_provider.py +++ b/auth_saml/models/auth_saml_provider.py @@ -411,21 +411,35 @@ def action_refresh_metadata_from_url(self): ) if not providers: return False + + providers_to_update = {} + for provider in providers: + document = requests.get(provider.idp_metadata_url, timeout=5) + if document.status_code != 200: + raise UserError( + f"Unable to download the metadata for {provider.name}: {document.reason}" + ) + if document.text != provider.idp_metadata: + providers_to_update[provider.id] = document.text + + if not providers_to_update: + return False + # lock the records we might update, so that multiple simultaneous login # attempts will not cause concurrent updates + provider_ids = tuple(providers_to_update.keys()) self.env.cr.execute( "SELECT id FROM auth_saml_provider WHERE id in %s FOR UPDATE", - (tuple(providers.ids),), + (tuple(provider_ids),), ) updated = False for provider in providers: - document = requests.get(provider.idp_metadata_url, timeout=5) - if document.status_code != 200: - raise UserError( - f"Unable to download the metadata for {provider.name}: {document.reason}" + if provider.id in providers_to_update: + provider.idp_metadata = providers_to_update[provider.id] + _logger.info( + "Updated metadata for provider %s from %s", + provider.name, ) - if document.text != provider.idp_metadata: - provider.idp_metadata = document.text - _logger.info("Updated provider metadata for %s", provider.name) updated = True + return updated