we use KALLITHEA_EXTRAS to fetch authenticated data for a hook. It seems that there is race condition if multiple people push at the same time.
Sometimes the hook is called with the anonymous "default" user even it is not possible to push to that repository as "anonymous". Also if two people push at the same time it is possible that the KALLITHEA_EXTRAS of both pushes are the SAME eben it is another user and another repository. This is really rarely and looks like a race condition.
Example: User A and B pushes the same time to REPO_1 and REPO_2.
Push of A has KALLITHEA_EXTRAS with user A and REPO_1. Push of B has KALLITHEA_EXTRAS with user A and REPO_1, too. But this should be B and REPO_2.