Handle user create race condition

Fixes #20041

app/models/authenticator/base.rb

@@ -45,7 +45,6 @@ def authenticate(username, password, request = nil, options = {})
       options[:require_user] ||= false
       options[:authorize_only] ||= false
       fail_message = _("Authentication failed")
-
       user_or_taskid = nil
 
       begin
@@ -137,8 +136,21 @@ def authorize(taskid, username, *args)
           end
 
           user.lastlogon = Time.now.utc
-          user.save!
-
+          if user.new_record?
+            User.with_lock do
+              begin
+                user.save!
+              rescue ActiveRecord::RecordInvalid # Try update when catching race condition on create.
+                userid, user = find_or_initialize_user(identity, username)
+                update_user_attributes(user, userid, identity)
+                user.miq_groups = matching_groups
+                user.save!
+              end
+            end
+          else
+            user.save!
+          end
+
           _log.info("Authorized User: [#{user.userid}]")
           task.userid = user.userid
           task.update_status("Finished", "Ok", "User authorized successfully")

spec/models/authenticator/httpd_spec.rb

@@ -403,6 +403,18 @@ def authenticate
           expect { authenticate }.to(change { User.where(:userid => 'bob@example.com').count }.from(0).to(1))
         end
 
+        context "with a race condition on create user" do
+          before do
+            authenticate
+          end
+
+          it "update the exiting user" do
+            allow(User).to receive(:lookup_by_userid).and_return(nil)
+            allow(User).to receive(:in_my_region).and_return(User.none, User.all)
+            expect { authenticate }.not_to(change { User.where(:userid => 'bob@example.com').count }.from(1))
+          end
+        end
+
         context "with no matching groups" do
           let(:headers) { super().merge('X-Remote-User-Groups' => 'bubble:trouble') }