push_notifications: Lock message while we mark it pending for push.

Deleting a message can race with sending a push notification for it. b47535d8bb handled the case where the Message row has gone away -- but in such cases, it is also possible for `access_message` to succeed, but for the save of `user_message.flags` to fail, because the UserMessage row has been deleted by then. Take a lock on the Message row over the accesses of, and updates to, the relevant UserMessage row. This guarantees that the message's (non-)existence is consistent across that transaction. Partial fix for #16502.
2023-05-18 15:51:21 +00:00 · 2023-05-18 15:51:21 +00:00 · 1184bdc934
parent 12310189ed
commit 1184bdc934
1 changed files with 36 additions and 33 deletions
--- a/zerver/lib/push_notifications.py
+++ b/zerver/lib/push_notifications.py
@ -1060,8 +1060,11 @@ def handle_push_notification(user_profile_id: int, missed_message: Dict[str, Any
        # BUG: Investigate why it's possible to get here.
        return  # nocoverage

+    with transaction.atomic(savepoint=False):
        try:
-        (message, user_message) = access_message(user_profile, missed_message["message_id"])
+            (message, user_message) = access_message(
+                user_profile, missed_message["message_id"], lock_message=True
+            )
        except JsonableError:
            if ArchivedMessage.objects.filter(id=missed_message["message_id"]).exists():
                # If the cause is a race with the message being deleted,