Always ensure the newly created token expiry is not behind from exist…

…ing ones
lynndylanhurley · Jan 6, 2025 · 8aa3a3c · 8aa3a3c
1 parent b7fcfdf
commit 8aa3a3c
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb
@@ -92,9 +92,12 @@ def send_unlock_instructions(opts = {})
     def create_token(client: nil, lifespan: nil, cost: nil, **token_extras)
       token = DeviseTokenAuth::TokenFactory.create(client: client, lifespan: lifespan, cost: cost)
 
+      max_expiration_token = tokens.max_by { |_, token_info| token_info['expiry'] }
+      max_expiry = max_expiration_token&.dig(1, 'expiry') || 0
+
       tokens[token.client] = {
-        token:  token.token_hash,
-        expiry: token.expiry
+        token: token.token_hash,
+        expiry: [token.expiry, max_expiry + 1].max
       }.merge!(token_extras)
 
       clean_old_tokens