Handle duplicate publishers IntegrityError (#18412)

* Handle integrityeror for duplicate publishers

* Update translations

Author: di

tests/unit/accounts/test_views.py

@@ -16,7 +16,7 @@
     HTTPTooManyRequests,
     HTTPUnauthorized,
 )
-from sqlalchemy.exc import NoResultFound
+from sqlalchemy.exc import IntegrityError, NoResultFound
 from webauthn.authentication.verify_authentication_response import (
     VerifiedAuthentication,
 )
@@ -4533,6 +4533,47 @@ def test_add_pending_oidc_publisher_already_exists(
             )
         ]
 
+    def test_add_pending_oidc_publisher_integrityerror(self, monkeypatch, db_request):
+        db_request.user = UserFactory.create()
+        EmailFactory(user=db_request.user, verified=True, primary=True)
+        db_request.db.add = pretend.raiser(IntegrityError("foo", "bar", "baz"))
+
+        db_request.registry = pretend.stub(
+            settings={
+                "github.token": "fake-api-token",
+            }
+        )
+        db_request.flags = pretend.stub(
+            disallow_oidc=pretend.call_recorder(lambda f=None: False)
+        )
+        db_request.POST = MultiDict(
+            {
+                "owner": "some-owner",
+                "repository": "some-repository",
+                "workflow_filename": "some-workflow-filename.yml",
+                "environment": "some-environment",
+                "project_name": "some-project-name",
+            }
+        )
+
+        view = views.ManageAccountPublishingViews(db_request)
+
+        monkeypatch.setattr(
+            views.PendingGitHubPublisherForm,
+            "_lookup_owner",
+            lambda *a: {"login": "some-owner", "id": "some-owner-id"},
+        )
+
+        monkeypatch.setattr(
+            view, "_check_ratelimits", pretend.call_recorder(lambda: None)
+        )
+        monkeypatch.setattr(
+            view, "_hit_ratelimits", pretend.call_recorder(lambda: None)
+        )
+
+        resp = view.add_pending_github_oidc_publisher()
+        assert isinstance(resp, HTTPSeeOther)
+
     @pytest.mark.parametrize(
         ("view_name", "publisher_name", "post_body", "publisher_class"),
         [

warehouse/accounts/views.py

@@ -21,7 +21,7 @@
 from pyramid.security import forget, remember
 from pyramid.view import view_config, view_defaults
 from sqlalchemy import and_, func, select
-from sqlalchemy.exc import NoResultFound
+from sqlalchemy.exc import IntegrityError, NoResultFound
 from webauthn.helpers import bytes_to_base64url
 from webob.multidict import MultiDict
 
@@ -1765,8 +1765,15 @@ def _add_pending_oidc_publisher(
 
         pending_publisher = make_pending_publisher(self.request, form)
 
-        self.request.db.add(pending_publisher)
-        self.request.db.flush()  # To get the new ID
+        try:
+            self.request.db.add(pending_publisher)
+            self.request.db.flush()  # To get the new ID
+        except IntegrityError:
+            # The user has probably double-posted and a new publisher was
+            # created after our check for duplicates ran. The success message
+            # is probably already in the flash queue, so just redirect to the
+            # expected page on success if this is the response they are served.
+            return HTTPSeeOther(self.request.path)
 
         self.request.user.record_event(
             tag=EventTag.Account.PendingOIDCPublisherAdded,

warehouse/locale/messages.pot

@@ -301,7 +301,7 @@ msgstr ""
 msgid "Please review our updated <a href=\"${tos_url}\">Terms of Service</a>."
 msgstr ""
 
-#: warehouse/accounts/views.py:1669 warehouse/accounts/views.py:1915
+#: warehouse/accounts/views.py:1669 warehouse/accounts/views.py:1922
 #: warehouse/manage/views/__init__.py:1409
 msgid ""
 "Trusted publishing is temporarily disabled. See https://pypi.org/help"
@@ -344,16 +344,16 @@ msgid ""
 " admins if this wasn't intentional."
 msgstr ""
 
-#: warehouse/accounts/views.py:1786
+#: warehouse/accounts/views.py:1793
 msgid "Registered a new pending publisher to create "
 msgstr ""
 
-#: warehouse/accounts/views.py:1928 warehouse/accounts/views.py:1941
-#: warehouse/accounts/views.py:1948
+#: warehouse/accounts/views.py:1935 warehouse/accounts/views.py:1948
+#: warehouse/accounts/views.py:1955
 msgid "Invalid publisher ID"
 msgstr ""
 
-#: warehouse/accounts/views.py:1955
+#: warehouse/accounts/views.py:1962
 msgid "Removed trusted publisher for project "
 msgstr ""