From ea8f778f398f236abddf4010065526f284240b6d Mon Sep 17 00:00:00 2001
From: Denis Koleda <deniskoleda6@gmail.com>
Date: Tue, 16 Dec 2025 22:38:37 +0400
Subject: [PATCH] Fix race condition in OAuth2AccessToken.is_valid() causing
 HTTP 500

Replace save(update_fields=['last_used']) with QuerySet.update() to avoid
DatabaseError when concurrent requests try to update the same token's
last_used timestamp.

The previous implementation could fail with:
django.db.utils.DatabaseError: Save with update_fields did not affect any rows.

This happened because between exists() check and save() call, another
process could modify the row, causing save() to affect 0 rows and raise
an exception. QuerySet.update() handles this gracefully by simply
returning 0 affected rows without raising an error.
---
 ansible_base/oauth2_provider/models/access_token.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ansible_base/oauth2_provider/models/access_token.py b/ansible_base/oauth2_provider/models/access_token.py
index eb79ec544..9eff01daa 100644
--- a/ansible_base/oauth2_provider/models/access_token.py
+++ b/ansible_base/oauth2_provider/models/access_token.py
@@ -82,8 +82,7 @@ def is_valid(self, scopes=None):
             self.last_used = now()
 
             def _update_last_used():
-                if OAuth2AccessToken.objects.filter(pk=self.pk).exists():
-                    self.save(update_fields=['last_used'])
+                OAuth2AccessToken.objects.filter(pk=self.pk).update(last_used=self.last_used)
 
             connection.on_commit(_update_last_used)
         return valid