From 4f542539040bd1276ff88f3c942e51af2fd26a9e Mon Sep 17 00:00:00 2001
From: Maicol Bentancor <maicol.bentancor@gmail.com>
Date: Tue, 24 Oct 2017 11:17:14 -0300
Subject: [PATCH] Remove save tokens in build auth header

---
 app/models/devise_token_auth/concerns/user.rb | 26 +++++++++++--------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb
index 6a5b8fde3..443fc8baf 100644
--- a/app/models/devise_token_auth/concerns/user.rb
+++ b/app/models/devise_token_auth/concerns/user.rb
@@ -199,17 +199,27 @@ def create_new_auth_token(client_id=nil)
       updated_at: Time.now
     }
 
-    return build_auth_header(token, client_id)
+    return update_auth_header(token, client_id)
   end
 
 
   def build_auth_header(token, client_id='default')
-    client_id ||= 'default'
-
     # client may use expiry to prevent validation request if expired
     # must be cast as string or headers will break
     expiry = self.tokens[client_id]['expiry'] || self.tokens[client_id][:expiry]
 
+    return {
+      DeviseTokenAuth.headers_names[:"access-token"] => token,
+      DeviseTokenAuth.headers_names[:"token-type"]   => "Bearer",
+      DeviseTokenAuth.headers_names[:"client"]       => client_id,
+      DeviseTokenAuth.headers_names[:"expiry"]       => expiry.to_s,
+      DeviseTokenAuth.headers_names[:"uid"]          => self.uid
+    }
+  end
+
+  def update_auth_header(token, client_id='default')
+    headers = build_auth_header(token, client_id)
+    expiry = headers[DeviseTokenAuth.headers_names[:"expiry"]]
     max_clients = DeviseTokenAuth.max_number_of_devices
     while self.tokens.keys.length > 0 && max_clients < self.tokens.keys.length
       oldest_token = self.tokens.min_by { |cid, v| v[:expiry] || v["expiry"] }
@@ -218,13 +228,7 @@ def build_auth_header(token, client_id='default')
 
     self.save!
 
-    return {
-      DeviseTokenAuth.headers_names[:"access-token"] => token,
-      DeviseTokenAuth.headers_names[:"token-type"]   => "Bearer",
-      DeviseTokenAuth.headers_names[:"client"]       => client_id,
-      DeviseTokenAuth.headers_names[:"expiry"]       => expiry.to_s,
-      DeviseTokenAuth.headers_names[:"uid"]          => self.uid
-    }
+    headers
   end
 
 
@@ -239,7 +243,7 @@ def build_auth_url(base_url, args)
   def extend_batch_buffer(token, client_id)
     self.tokens[client_id]['updated_at'] = Time.now
 
-    return build_auth_header(token, client_id)
+    return update_auth_header(token, client_id)
   end
 
   def confirmed?