Skip to content

fix: enforce token lifespan limit when cleaning old tokens#1657

Merged
MaicolBen merged 1 commit into
lynndylanhurley:masterfrom
leightjohnson93:cleanup-old-tokens-refactor
Jul 13, 2025
Merged

fix: enforce token lifespan limit when cleaning old tokens#1657
MaicolBen merged 1 commit into
lynndylanhurley:masterfrom
leightjohnson93:cleanup-old-tokens-refactor

Conversation

@leightjohnson93

Copy link
Copy Markdown
Contributor

Fix for: #1505 (comment)

clean_old_tokens will eject tokens when they have an expiry for longer than should be possible. This can be caused by reducing the lifespan setting.

@leightjohnson93

Copy link
Copy Markdown
Contributor Author

@zachfeldman

@leightjohnson93 leightjohnson93 changed the title feat: enforce token lifespan limit when cleaning old tokens fix: enforce token lifespan limit when cleaning old tokens Jul 11, 2025
@MaicolBen MaicolBen merged commit 9719d24 into lynndylanhurley:master Jul 13, 2025
21 checks passed
frnico33 added a commit to builtfirst/devise_token_auth_rails_7 that referenced this pull request Oct 6, 2025
* 🐛 Not update cookies when is a batch request (lynndylanhurley#1577)

* 🐛 Not update cookies when is a batch request

* ✅ Fix confirmations controller test

* add redirect_to options for rails7 allow_other_host (lynndylanhurley#1599)

* Don't leak information about the existence of accounts in SessionsController (lynndylanhurley#1600)

* Don't leak information about the existence of accounts in DeivseTokenAuth::SessionsController

* Refactor SessionsController

* Drop support for ruby 2.4 (lynndylanhurley#1601)

* Bump to 1.2.2 (lynndylanhurley#1602)

* Support for writing style deprecated in 7.1 and removed in 7.2 (lynndylanhurley#1606)

* Support for writing style deprecated in 7.1 and removed in 7.2

* test: 💍 MiniTest->Minitest

* 7.1 -> 7.2

* Faker safe_email -> email (lynndylanhurley#1607)

* refactor: 💡 safe_email -> email

NOTE: Faker::Internet.safe_email is deprecated; use email instead. It
will be removed on or after 2023-10.

* test: 💍 MiniTest->Minitest

* Fix registration spec failure (lynndylanhurley#1613)

* Add redirect_options for redirect_url of the confirmation success failure (lynndylanhurley#1612)

* Fix Rails version comparison (lynndylanhurley#1614)

* Drop support for ruby 2.5-6 (lynndylanhurley#1624)

Since factory bot doesn't
support it anymore
thoughtbot/factory_bot#1614

* Update sqlite3 requirement from ~> 1.4 to ~> 2.0 (lynndylanhurley#1620)

Updates the requirements on [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) to permit the latest version.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/sqlite3-ruby@v1.4.0...v2.0.1)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump 1.2.3 (lynndylanhurley#1623)

* Revert "Update sqlite3 requirement from ~> 1.4 to ~> 2.0 (lynndylanhurley#1620)" (lynndylanhurley#1626)

This reverts commit e9ff5e6.

* Add Persian locale (lynndylanhurley#1627)

* Delete dead links in the documentation (lynndylanhurley#1353)

Deleted dead links

* Support rails 7.2 (lynndylanhurley#1632)

* Remove broken demos (lynndylanhurley#1633)

* fix: point to the correct documentation page (lynndylanhurley#1634)

* Bump version to 1.2.4 (lynndylanhurley#1638)

* Support rails 8 (lynndylanhurley#1639)

* Bump version to 1.2.5 (lynndylanhurley#1645)

* Setup missing sqlite (lynndylanhurley#1646)

* fix: Prevent lock with unsaved changes (lynndylanhurley#1640)

* Fix concurrent-ruby (lynndylanhurley#1652)

* Prepare for rails 7.2/8 test suite (lynndylanhurley#1651)

* Modify the edit method in PasswordsController to include reset_password_token in the redirect URL. (lynndylanhurley#1650)

* Add flutter_token_auth to Readme (lynndylanhurley#1655)

* Fix, Use devise_will_save_change_to_email? method for email change detection (lynndylanhurley#1654)

* fix: Update method names to devise_will_save_change_to_email?

* fix: Remove email_changed? method

* feat: enforce token lifespan limit when cleaning old tokens (lynndylanhurley#1657)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Diefferson Koderer Môro <diefferson.moro@visagio.com>
Co-authored-by: Tomoya Yoshida <ihatov08@gmail.com>
Co-authored-by: Moritz Höppner <88321881+moritzhoeppner@users.noreply.github.com>
Co-authored-by: Maicol Bentancor <maicol.bentancor@gmail.com>
Co-authored-by: hatsu <hajiwata0308@gmail.com>
Co-authored-by: mkojima <kaekasui_github@icloud.com>
Co-authored-by: Santiago Bartesaghi <santib@hey.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ali Behnamfard <abehnamfard@users.noreply.github.com>
Co-authored-by: K-Sato <satokatsuki0130@gmail.com>
Co-authored-by: Nikita Skalkin <nikskalkin@gmail.com>
Co-authored-by: Bruno Tagliani <bruno.tagliani@gmail.com>
Co-authored-by: Diarmuid Ryan <diarmuidr3d@gmail.com>
Co-authored-by: hnegishi <30515665+hnegishi@users.noreply.github.com>
Co-authored-by: Leight Johnson <38141161+leightjohnson93@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants