[Bug]: Coupon validation and consumption are race-prone under concurrent checkout #198
Description
Bug Description
Coupon validation checks current usage first, and the usage increment happens later in a separate step with no lock or atomic conditional update.
That means two concurrent checkouts can both pass validation before either request increments usage.
Expected Behavior
Coupon consumption should be atomic for limited-use and gift-card-style coupons.
Actual Behavior
Validation and consumption are split into separate non-atomic steps.
Steps to Reproduce
- Create a coupon with a low usage limit, for example
maximum_use = 1 - Start two checkout sessions at nearly the same time
- Apply the same coupon in both sessions
- Submit both checkouts concurrently
Impact
- supposedly single-use coupons can be oversubscribed
- gift-card-style balances can be consumed by more than one checkout under concurrency
- coupon limits become unreliable on busy POS deployments
Suggested Fix
- lock the coupon row or use an atomic conditional update
- revalidate the current usage inside the same transaction immediately before incrementing
Notes
This is a transaction-safety problem and appears independent of the one-use doctype mismatch bug.