Multi-threading window in oauth.py for guest action

There is a multi-threading window in the following code:

Lines 69 to 83 in ee93bf6

    
           if code and code in state.invites: 
        
               guest_prefix = 1 
        
               for attendee in state.attendees.keys(): 
        
                   if attendee.startswith("guest_"): 
        
                       guest_prefix += 1 
        
               cookie.state = { 
        
                   "credentials": { 
        
                       "login": "guest_" + str(guest_prefix) + "/" + state.invites[code]["inviter"], 
        
                       "name": state.invites[code]["name"], 
        
                       "provider": "Invite Code", 
        
                   }, 
        
                   "admin": False, 
        
                   "pending_messages": [], 
        
               } 
        
               del state.invites[code]

If there are any context switches between the check for the code and deleting it, the same code can potentially be used twice.
Far safer to try to pop the code from the invites.

There shouldn't be any context switches as it's single-threaded with no awaits in that bit.

At the moment. But it's better to play safe from the start.

	if code and code in state.invites:
	guest_prefix = 1
	for attendee in state.attendees.keys():
	if attendee.startswith("guest_"):
	guest_prefix += 1
	cookie.state = {
	"credentials": {
	"login": "guest_" + str(guest_prefix) + "/" + state.invites[code]["inviter"],
	"name": state.invites[code]["name"],
	"provider": "Invite Code",
	},
	"admin": False,
	"pending_messages": [],
	}
	del state.invites[code]