From 62cb29aba975c8e72e81652857a0df5f1c3f8602 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Mon, 8 Jan 2024 23:13:46 +0200
Subject: [PATCH] fix(query): separate login policy queries (#7174)

This change moves IDPLoginPolicyLinks out of the scan function Login Policy queries in order to prevent potential deadlocks.
---
 internal/query/login_policy.go | 23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/internal/query/login_policy.go b/internal/query/login_policy.go
index 7bd6597976..2168dbe7d6 100644
--- a/internal/query/login_policy.go
+++ b/internal/query/login_policy.go
@@ -198,29 +198,22 @@ func (q *Queries) LoginPolicyByID(ctx context.Context, shouldTriggerBulk bool, o
 	}
 
 	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
-		policy, err = q.scanAndAddLinksToLoginPolicy(ctx, rows, scan)
+		policy, err = scan(rows)
 		return err
 	}, stmt, args...)
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "QUERY-SWgr3", "Errors.Internal")
 	}
-	return policy, nil
+	return policy, q.addLinksToLoginPolicy(ctx, policy)
 }
 
-func (q *Queries) scanAndAddLinksToLoginPolicy(ctx context.Context, rows *sql.Rows, scan func(*sql.Rows) (*LoginPolicy, error)) (*LoginPolicy, error) {
-	policy, err := scan(rows)
-	if err != nil {
-		return nil, err
-	}
-
+func (q *Queries) addLinksToLoginPolicy(ctx context.Context, policy *LoginPolicy) error {
 	links, err := q.IDPLoginPolicyLinks(ctx, policy.OrgID, &IDPLoginPolicyLinksSearchQuery{}, false)
 	if err != nil {
-		return nil, err
+		return zerrors.ThrowInternal(err, "QUERY-aa4Ve", "Errors.Internal")
 	}
-	for _, link := range links.Links {
-		policy.IDPLinks = append(policy.IDPLinks, link)
-	}
-	return policy, nil
+	policy.IDPLinks = append(policy.IDPLinks, links.Links...)
+	return nil
 }
 
 func (q *Queries) DefaultLoginPolicy(ctx context.Context) (policy *LoginPolicy, err error) {
@@ -237,13 +230,13 @@ func (q *Queries) DefaultLoginPolicy(ctx context.Context) (policy *LoginPolicy,
 	}
 
 	err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
-		policy, err = q.scanAndAddLinksToLoginPolicy(ctx, rows, scan)
+		policy, err = scan(rows)
 		return err
 	}, stmt, args...)
 	if err != nil {
 		return nil, zerrors.ThrowInternal(err, "QUERY-SArt2", "Errors.Internal")
 	}
-	return policy, nil
+	return policy, q.addLinksToLoginPolicy(ctx, policy)
 }
 
 func (q *Queries) SecondFactorsByOrg(ctx context.Context, orgID string) (factors *SecondFactors, err error) {