From fa3da1bddb0d50dff44b28bc115bf3dc51bb9bf4 Mon Sep 17 00:00:00 2001
From: Timshel <Timshel@users.noreply.github.com>
Date: Sun, 18 Feb 2024 16:23:46 +0100
Subject: [PATCH] Roll the refresh_token

---
 src/db/models/device.rs | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/db/models/device.rs b/src/db/models/device.rs
index 60c63589..1a104897 100644
--- a/src/db/models/device.rs
+++ b/src/db/models/device.rs
@@ -1,4 +1,5 @@
 use chrono::{NaiveDateTime, Utc};
+use data_encoding::BASE64URL;
 
 use crate::{crypto, CONFIG};
 use core::fmt;
@@ -60,11 +61,8 @@ impl Device {
     }
 
     pub fn refresh_tokens(&mut self, user: &super::User, scope: Vec<String>) -> (String, i64) {
-        // If there is no refresh token, we create one
-        if self.refresh_token.is_empty() {
-            use data_encoding::BASE64URL;
-            self.refresh_token = crypto::encode_random_bytes::<64>(BASE64URL);
-        }
+        // Roll the refresh_token to prevent reuse
+        self.refresh_token = crypto::encode_random_bytes::<64>(BASE64URL);
 
         // Update the expiration of the device and the last update date
         let time_now = Utc::now();