fix: enforce token lifespan limit when cleaning old tokens#1657
Merged
MaicolBen merged 1 commit intoJul 13, 2025
Merged
Conversation
This was referenced Jul 8, 2025
Contributor
Author
MaicolBen
approved these changes
Jul 13, 2025
frnico33
added a commit
to builtfirst/devise_token_auth_rails_7
that referenced
this pull request
Oct 6, 2025
* 🐛 Not update cookies when is a batch request (lynndylanhurley#1577) * 🐛 Not update cookies when is a batch request * ✅ Fix confirmations controller test * add redirect_to options for rails7 allow_other_host (lynndylanhurley#1599) * Don't leak information about the existence of accounts in SessionsController (lynndylanhurley#1600) * Don't leak information about the existence of accounts in DeivseTokenAuth::SessionsController * Refactor SessionsController * Drop support for ruby 2.4 (lynndylanhurley#1601) * Bump to 1.2.2 (lynndylanhurley#1602) * Support for writing style deprecated in 7.1 and removed in 7.2 (lynndylanhurley#1606) * Support for writing style deprecated in 7.1 and removed in 7.2 * test: 💍 MiniTest->Minitest * 7.1 -> 7.2 * Faker safe_email -> email (lynndylanhurley#1607) * refactor: 💡 safe_email -> email NOTE: Faker::Internet.safe_email is deprecated; use email instead. It will be removed on or after 2023-10. * test: 💍 MiniTest->Minitest * Fix registration spec failure (lynndylanhurley#1613) * Add redirect_options for redirect_url of the confirmation success failure (lynndylanhurley#1612) * Fix Rails version comparison (lynndylanhurley#1614) * Drop support for ruby 2.5-6 (lynndylanhurley#1624) Since factory bot doesn't support it anymore thoughtbot/factory_bot#1614 * Update sqlite3 requirement from ~> 1.4 to ~> 2.0 (lynndylanhurley#1620) Updates the requirements on [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) to permit the latest version. - [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases) - [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md) - [Commits](sparklemotion/sqlite3-ruby@v1.4.0...v2.0.1) --- updated-dependencies: - dependency-name: sqlite3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump 1.2.3 (lynndylanhurley#1623) * Revert "Update sqlite3 requirement from ~> 1.4 to ~> 2.0 (lynndylanhurley#1620)" (lynndylanhurley#1626) This reverts commit e9ff5e6. * Add Persian locale (lynndylanhurley#1627) * Delete dead links in the documentation (lynndylanhurley#1353) Deleted dead links * Support rails 7.2 (lynndylanhurley#1632) * Remove broken demos (lynndylanhurley#1633) * fix: point to the correct documentation page (lynndylanhurley#1634) * Bump version to 1.2.4 (lynndylanhurley#1638) * Support rails 8 (lynndylanhurley#1639) * Bump version to 1.2.5 (lynndylanhurley#1645) * Setup missing sqlite (lynndylanhurley#1646) * fix: Prevent lock with unsaved changes (lynndylanhurley#1640) * Fix concurrent-ruby (lynndylanhurley#1652) * Prepare for rails 7.2/8 test suite (lynndylanhurley#1651) * Modify the edit method in PasswordsController to include reset_password_token in the redirect URL. (lynndylanhurley#1650) * Add flutter_token_auth to Readme (lynndylanhurley#1655) * Fix, Use devise_will_save_change_to_email? method for email change detection (lynndylanhurley#1654) * fix: Update method names to devise_will_save_change_to_email? * fix: Remove email_changed? method * feat: enforce token lifespan limit when cleaning old tokens (lynndylanhurley#1657) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Diefferson Koderer Môro <diefferson.moro@visagio.com> Co-authored-by: Tomoya Yoshida <ihatov08@gmail.com> Co-authored-by: Moritz Höppner <88321881+moritzhoeppner@users.noreply.github.com> Co-authored-by: Maicol Bentancor <maicol.bentancor@gmail.com> Co-authored-by: hatsu <hajiwata0308@gmail.com> Co-authored-by: mkojima <kaekasui_github@icloud.com> Co-authored-by: Santiago Bartesaghi <santib@hey.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ali Behnamfard <abehnamfard@users.noreply.github.com> Co-authored-by: K-Sato <satokatsuki0130@gmail.com> Co-authored-by: Nikita Skalkin <nikskalkin@gmail.com> Co-authored-by: Bruno Tagliani <bruno.tagliani@gmail.com> Co-authored-by: Diarmuid Ryan <diarmuidr3d@gmail.com> Co-authored-by: hnegishi <30515665+hnegishi@users.noreply.github.com> Co-authored-by: Leight Johnson <38141161+leightjohnson93@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix for: #1505 (comment)
clean_old_tokenswill eject tokens when they have anexpiryfor longer than should be possible. This can be caused by reducing thelifespansetting.