fix(emails): improve cache reliability in attendee ticket email jobs

smarcet · smarcet · commit 257cc388488d · 2026-03-09T21:25:17.000-03:00
* Replace non-atomic Cache::has()+Cache::put() with Cache::add() for
  duplicate send prevention in both InviteAttendeeTicketEditionMail and
  SummitAttendeeTicketEmail, eliminating a race condition where two queue
  workers could both pass the check and send the same email.

* Replace Cache::forever() with a 1-hour TTL on the SummitAttendeeTicketEmail
  _sent key to prevent unbounded cache growth over time.

* Increase the message passthrough cache TTL from 5 minutes to 1 hour so
  user-written invitation messages survive queue backlog without being
  silently dropped.
diff --git a/adr/001-attendee-ticket-email-cache-reliability.md b/adr/001-attendee-ticket-email-cache-reliability.md
@@ -0,0 +1,116 @@
+# ADR-001: Attendee Ticket Email Cache Reliability
+
+**Date:** 2026-03-09
+**Status:** Accepted
+**Authors:** smarcet
+
+## Context
+
+Two queued email jobs — `InviteAttendeeTicketEditionMail` and `SummitAttendeeTicketEmail` — interact
+through Laravel's `Cache` facade to coordinate duplicate prevention, cross-class suppression, and
+message passthrough. Both jobs can be dispatched close together when a ticket is assigned or reassigned.
+
+Three issues were identified in the original cache usage:
+
+### 1. Non-Atomic Duplicate Check (Race Condition)
+
+Both `handle()` methods used a `Cache::has()` + `Cache::put()` pattern for self-dedup:
+
+```php
+if (Cache::has($key)) {
+    return; // skip
+}
+Cache::put($key, $timestamp, $ttl);
+parent::handle($api); // send email
+```
+
+This is not atomic. Two queue workers processing the same job could both pass the `has()` check
+before either writes the key, resulting in the same email being sent twice.
+
+### 2. Unbounded Cache Growth (`Cache::forever`)
+
+`SummitAttendeeTicketEmail::handle()` wrote a `_sent` key using `Cache::forever()` to signal to
+`InviteAttendeeTicketEditionMail` that the ticket email was already delivered:
+
+```php
+Cache::forever($summit_attendee_ticket_email_sent_key, $now->getTimestamp());
+```
+
+This key was never deleted or expired. Every unique email+ticket pair that triggered a ticket email
+created a permanent cache entry. Over time — across multiple summits and thousands of tickets — these
+entries accumulate with no cleanup mechanism.
+
+The key's purpose is narrow: suppress a late-arriving invitation email for the same ticket. This
+only matters in the minutes after ticket assignment, not permanently.
+
+### 3. Message Passthrough TTL Too Short
+
+`InviteAttendeeTicketEditionMail` caches a user-written invitation message at construction time so
+that `SummitAttendeeTicketEmail` can retrieve it if it runs first (race condition between the two jobs):
+
+```php
+$delay = intval(Config::get("registration.attendee_invitation_email_threshold", 5));
+Cache::put($key, $message, now()->addMinutes($delay));
+```
+
+The TTL was tied to `attendee_invitation_email_threshold` (default 5 minutes). The TTL clock starts
+at construction time, not dispatch time. Under queue pressure — backlog, worker restarts, slow DB
+queries during `SummitAttendeeTicketEmail` construction — the cached message could expire before the
+ticket email job reads it. The message would be silently dropped with no error logged.
+
+## Decision
+
+### Fix 1: Atomic Dedup with `Cache::add()`
+
+Replace `Cache::has()` + `Cache::put()` with `Cache::add()` in both `handle()` methods.
+
+`Cache::add()` atomically sets the key only if it does not already exist, returning `false` if
+another process already claimed it. This eliminates the race window entirely.
+
+```php
+$now = new \DateTime('now', new \DateTimeZone('UTC'));
+if (!Cache::add($key, $now->getTimestamp(), now()->addMinutes($delay))) {
+    Log::warning("...already sent...");
+    return;
+}
+parent::handle($api);
+```
+
+**Tradeoff:** The warning log no longer includes the timestamp of the previous send (since `add()`
+returns a boolean, not the existing value). This was deemed acceptable — the timestamp was rarely
+useful in practice.
+
+### Fix 2: Replace `Cache::forever()` with 1-Hour TTL
+
+```php
+Cache::put($summit_attendee_ticket_email_sent_key, $now->getTimestamp(), now()->addHours(1));
+```
+
+One hour is well beyond any realistic queue delay. The self-dedup key (with its threshold-based TTL)
+already prevents rapid-fire duplicates. The `_sent` key is a second layer for late-arriving
+invitation emails; 1 hour covers that case while allowing entries to self-clean.
+
+### Fix 3: Increase Message Passthrough TTL to 1 Hour
+
+```php
+Cache::put($invite_attendee_ticket_edition_mail_message_key, $message, now()->addHours(1));
+```
+
+On the happy path, `SummitAttendeeTicketEmail` retrieves and deletes the entry immediately via
+`Cache::forget()`. The 1-hour TTL is a safety net for when the ticket email job is delayed or never
+fires, preventing indefinite cache persistence without risking message loss under queue pressure.
+
+## Affected Files
+
+- `app/Jobs/Emails/Registration/Attendees/InviteAttendeeTicketEditionMail.php`
+- `app/Jobs/Emails/Registration/Attendees/SummitAttendeeTicketEmail.php`
+
+## Consequences
+
+- **Duplicate emails under concurrent workers** are no longer possible (atomic check-then-set).
+- **Cache storage** is bounded — all entries now have finite TTLs and self-clean.
+- **User-written messages** survive queue delays of up to 1 hour instead of 5 minutes.
+- **Log messages** for the dedup warning no longer include the previous send timestamp.
+- **Cross-class suppression** (`_sent` key) expires after 1 hour. If an invitation email is queued
+  more than 1 hour after the ticket email was sent, the suppression won't apply. This is acceptable
+  because at that point the jobs are no longer racing — something else has gone wrong.
diff --git a/app/Jobs/Emails/Registration/Attendees/InviteAttendeeTicketEditionMail.php b/app/Jobs/Emails/Registration/Attendees/InviteAttendeeTicketEditionMail.php
@@ -118,13 +118,15 @@ public function __construct(SummitAttendeeTicket $ticket, array $payload = [], ?
         $message = $payload[IMailTemplatesConstants::message] ?? '';
 
         if(!empty($message)){
+            $owner_email = $payload[IMailTemplatesConstants::owner_email];
             $invite_attendee_ticket_edition_mail_message_key = sprintf
             (
-                "InviteAttendeeTicketEditionMail_message_%s", md5(sprintf("%s_%s", $this->to_email, $this->ticket_id))
+                "InviteAttendeeTicketEditionMail_message_%s", md5(sprintf("%s_%s", $owner_email, $this->ticket_id))
             );
             // if message is not empty store it on cache, just in case that SummitAttendeeTicketEmail is emitted in the middle
             // before the actual dispatching of this email
-            Cache::put($invite_attendee_ticket_edition_mail_message_key, $message);
+            // use a generous TTL (1 hour) to survive queue backlog; SummitAttendeeTicketEmail deletes the entry on retrieval
+            Cache::put($invite_attendee_ticket_edition_mail_message_key, $message, now()->addHours(1));
         }
 
         $payload[IMailTemplatesConstants::message] = $message;
@@ -211,16 +213,13 @@ public function handle
             return;
         }
 
-        // check if we already sent this same email on the configured threshold
-        if(Cache::has($invite_attendee_ticket_edition_mail_key)){
-            $timestamp = Cache::get($invite_attendee_ticket_edition_mail_key);
-            Log::warning(sprintf("InviteAttendeeTicketEditionMail::handle already sent email InviteAttendeeTicketEditionMail to %s at %s", $this->to_email, $timestamp));
+        // atomically check if we already sent this same email on the configured threshold
+        $now = new \DateTime('now', new \DateTimeZone('UTC'));
+        if(!Cache::add($invite_attendee_ticket_edition_mail_key, $now->getTimestamp(), now()->addMinutes($delay))){
+            Log::warning(sprintf("InviteAttendeeTicketEditionMail::handle already sent email InviteAttendeeTicketEditionMail to %s", $this->to_email));
             return;
         }
 
-        $now = new \DateTime('now', new \DateTimeZone('UTC'));
-        Cache::put($invite_attendee_ticket_edition_mail_key, $now->getTimestamp(), now()->addMinutes($delay));
-
         parent::handle($api);
     }
 
diff --git a/app/Jobs/Emails/Registration/Attendees/SummitAttendeeTicketEmail.php b/app/Jobs/Emails/Registration/Attendees/SummitAttendeeTicketEmail.php
@@ -138,7 +138,7 @@ public function __construct(SummitAttendeeTicket $ticket, array $payload = [], ?
         // check if we have a former message in cache
         $invite_attendee_ticket_edition_mail_message_key = sprintf
         (
-            "InviteAttendeeTicketEditionMail_message_%s", md5(sprintf("%s_%s", $this->to_email, $this->ticket_id))
+            "InviteAttendeeTicketEditionMail_message_%s", md5(sprintf("%s_%s", $owner_email, $this->ticket_id))
         );
         if(empty($message) && Cache::has($invite_attendee_ticket_edition_mail_message_key)){
             $message = Cache::get($invite_attendee_ticket_edition_mail_message_key);
@@ -222,18 +222,15 @@ public function handle
         $summit_attendee_ticket_email_sent_key = sprintf("SummitAttendeeTicketEmail_%s_sent", md5(sprintf("%s_%s", $this->to_email, $this->ticket_id)));
         $delay = intval(Config::get("registration.attendee_invitation_email_threshold", 5));
 
-        // check if we already sent this same email on the configured threshold
-        if(Cache::has($summit_attendee_ticket_email_key)){
-            $timestamp = Cache::get($summit_attendee_ticket_email_key);
-            Log::warning(sprintf("SummitAttendeeTicketEmail::handle already sent email SummitAttendeeTicketEmail to %s at %s", $this->to_email, $timestamp));
+        // atomically check if we already sent this same email on the configured threshold
+        $now = new \DateTime('now', new \DateTimeZone('UTC'));
+        if(!Cache::add($summit_attendee_ticket_email_key, $now->getTimestamp(), now()->addMinutes($delay))){
+            Log::warning(sprintf("SummitAttendeeTicketEmail::handle already sent email SummitAttendeeTicketEmail to %s", $this->to_email));
             return;
         }
-
-        $now = new \DateTime('now', new \DateTimeZone('UTC'));
-        Cache::put($summit_attendee_ticket_email_key, $now->getTimestamp(), now()->addMinutes($delay));
-        // mark the at least of email of this kind was sent
+        // mark that at least one email of this kind was sent
         if(!Cache::has($summit_attendee_ticket_email_sent_key))
-            Cache::forever($summit_attendee_ticket_email_sent_key, $now->getTimestamp());
+            Cache::put($summit_attendee_ticket_email_sent_key, $now->getTimestamp(), now()->addHours(1));
         parent::handle($api);
     }
 
diff --git a/commitlint.config.js b/commitlint.config.js
@@ -1,6 +1,7 @@
 const WIP_REGEX = /^wip[:]?$/i;
 const RULE_ERROR_LEVEL = 2;
-const HEADER_MAX_LENGTH = 150;
+const HEADER_MAX_LENGTH = 200;
+const BODY_MAX_LENGTH = 500;
 const SUBJECT_MIN_LENGTH = 5;
 
 module.exports = {
@@ -12,7 +13,8 @@ module.exports = {
         "custom-no-wip-subject": [RULE_ERROR_LEVEL, "always"],
         "subject-min-length": [RULE_ERROR_LEVEL, "always", SUBJECT_MIN_LENGTH],
         "subject-case": [0], // optional: allow flexibility in subject case
-        "header-max-length": [RULE_ERROR_LEVEL, "always", HEADER_MAX_LENGTH]
+        "header-max-length": [RULE_ERROR_LEVEL, "always", HEADER_MAX_LENGTH],
+        "body-max-line-length":  [RULE_ERROR_LEVEL, "always", BODY_MAX_LENGTH]
     },
     plugins: [
         {
