Tokens with no maximum expiration time are not counted towards the maximum number of tokens allowed
pablomm opened this issue · 0 comments
pablomm commented
Description
According to docs, setting the TOKEN_TTL
to None
will create tokens that never expire.
However, before token creation, when checking that the number active of tokens of a user < token_limit_per_user
, tokens without expiry date (expiry=None
) are not taken into account.
Expected behavior
All active tokens, including the latter, would be expected to be taken into account.
Possible solution
I don't know if I'm misunderstanding something, but a change like the following would suffice.
# knox/views.py
from django.db.models import Q
...
token = request.user.auth_token_set.filter(Q(expiry__gt=now) | Q(expiry__isnull=True))