-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(refresh_tokens): ensure deletion of expired tokens from the database #1050
Conversation
Pull Request Test Coverage Report for Build 13129
💛 - Coveralls |
@@ -191,10 +191,17 @@ def get_access_token(self, user, token_endpoint, db_session=None): | |||
refresh_token = row.refresh_token |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we sort the tokens from oldest to newest to make sure the old ones get cleaned up?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this doesn't break on the first one it finds, it goes through all of them. So either way they'll all get cleaned up
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but it resets refresh_token
to None, so if it finds a valid token and then an expired token, it will raise the AuthError
when it shouldn't
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ohh, I misunderstood what you were saying. Good catch, yeah I'll need to make another PR. Ideally there's only ever 1 expired at a time but this might be problematic for the current state
New Features
Breaking Changes
Bug Fixes
Improvements
Dependency updates
Deployment changes