Tokens with no maximum expiration time are not counted towards the maximum number of tokens allowed #280

pablomm · 2022-09-07T09:04:55Z

Description
According to docs, setting the TOKEN_TTL to None will create tokens that never expire.

However, before token creation, when checking that the number active of tokens of a user < token_limit_per_user, tokens without expiry date (expiry=None) are not taken into account.

https://github.com/James1345/django-rest-knox/blob/3a1bc584f9691f4bc19d8a04a98c68c293be9ca6/knox/views.py#L65

Expected behavior

All active tokens, including the latter, would be expected to be taken into account.

Possible solution

I don't know if I'm misunderstanding something, but a change like the following would suffice.

# knox/views.py
from django.db.models import Q

...

token = request.user.auth_token_set.filter(Q(expiry__gt=now) | Q(expiry__isnull=True))

The text was updated successfully, but these errors were encountered:

@pablomm

Fixes jazzband#280 Thanks to @pablomm for the code in the ticket

morty added a commit to morty/django-rest-knox that referenced this issue Oct 12, 2023

Count non expiring tokens when determining if the limit is reached

36a07e7

Fixes jazzband#280 Thanks to @pablomm for the code in the ticket

morty linked a pull request Oct 12, 2023 that will close this issue

Count non expiring tokens when determining if the limit is reached #318

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tokens with no maximum expiration time are not counted towards the maximum number of tokens allowed #280

Tokens with no maximum expiration time are not counted towards the maximum number of tokens allowed #280

pablomm commented Sep 7, 2022

Tokens with no maximum expiration time are not counted towards the maximum number of tokens allowed #280

Tokens with no maximum expiration time are not counted towards the maximum number of tokens allowed #280

Comments

pablomm commented Sep 7, 2022