Merge pull request #6061 from miguelvaz78/BUG_6059

Adds lock on calls to ComputeHash to handle concurrency

Author: valadas

DNN Platform/Dnn.AuthServices.Jwt/Components/Common/Controllers/JwtController.cs

@@ -43,6 +43,8 @@ internal class JwtController : ServiceLocator<IJwtController, JwtController>, IJ
         private static readonly HashAlgorithm Hasher = SHA384.Create();
         private static readonly Encoding TextEncoder = Encoding.UTF8;
 
+        private static object hasherLock = new object();
+
         /// <inheritdoc/>
         public string SchemeType => "JWT";
 
@@ -151,7 +153,12 @@ public LoginResultData LoginUser(HttpRequestMessage request, LoginData loginData
             // save hash values in DB so no one with access can create JWT header from existing data
             var sessionId = NewSessionId;
             var now = DateTime.UtcNow;
-            var renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray()));
+            string renewalToken = string.Empty;
+            lock (hasherLock)
+            {
+                renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray()));
+            }
+
             var ptoken = new PersistedToken
             {
                 TokenId = sessionId,
@@ -381,7 +388,13 @@ private static string EncodeBase64(byte[] data)
 
         private static string GetHashedStr(string data)
         {
-            return EncodeBase64(Hasher.ComputeHash(TextEncoder.GetBytes(data)));
+            string hash = string.Empty;
+            lock (hasherLock)
+            {
+                hash = EncodeBase64(Hasher.ComputeHash(TextEncoder.GetBytes(data)));
+            }
+
+            return hash;
         }
 
         private LoginResultData UpdateToken(string renewalToken, PersistedToken ptoken, UserInfo userInfo)