From 3c4c16709a3bacbd4725e0e3836b18eeeb25206a Mon Sep 17 00:00:00 2001
From: Brent Dearth <brent@pedago.com>
Date: Mon, 8 Jun 2015 16:15:22 -0400
Subject: [PATCH] perf(update_auth_header): only lock the resource if we are
 rotating tokens and need to worry about contention

---
 .../concerns/set_user_by_token.rb             | 48 ++++++++++---------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
index 099be68f4..740cac569 100644
--- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
+++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
@@ -59,36 +59,40 @@ def update_auth_header
     # cannot save object if model has invalid params
     return unless @resource and @resource.valid? and @client_id
 
-    # Lock the user record during any auth_header updates to ensure
-    # we don't have write contention from multiple threads
-    @resource.with_lock do
+    if not DeviseTokenAuth.change_headers_on_each_request
+      auth_header = @resource.build_auth_header(@token, @client_id)
 
-      # determine batch request status after request processing, in case
-      # another processes has updated it during that processing
-      @is_batch_request = is_batch_request?(@resource, @client_id)
+      # update the response header
+      response.headers.merge!(auth_header)
 
-      auth_header = {}
+    else
+
+      # Lock the user record during any auth_header updates to ensure
+      # we don't have write contention from multiple threads
+      @resource.with_lock do
 
-      if not DeviseTokenAuth.change_headers_on_each_request
-        auth_header = @resource.build_auth_header(@token, @client_id)
+        # determine batch request status after request processing, in case
+        # another processes has updated it during that processing
+        @is_batch_request = is_batch_request?(@resource, @client_id)
 
-        # update the response header
-        response.headers.merge!(auth_header)
+        auth_header = {}
 
-      # extend expiration of batch buffer to account for the duration of
-      # this request
-      elsif @is_batch_request
-        auth_header = @resource.extend_batch_buffer(@token, @client_id)
+        # extend expiration of batch buffer to account for the duration of
+        # this request
+        if @is_batch_request
+          auth_header = @resource.extend_batch_buffer(@token, @client_id)
 
-      # update Authorization response header with new token
-      else
-        auth_header = @resource.create_new_auth_token(@client_id)
+        # update Authorization response header with new token
+        else
+          auth_header = @resource.create_new_auth_token(@client_id)
 
-        # update the response header
-        response.headers.merge!(auth_header)
-      end
+          # update the response header
+          response.headers.merge!(auth_header)
+        end
 
-    end # end lock
+      end # end lock
+
+    end
 
   end