Open poco-loco-athul opened 3 years ago
Hm– we could try generating a few more times on an IntegrityError.
Why do we need unique keys here? I mean, ok we will generate 2 times the code 123456 (in theory this can happen). What's wrong with that? Only the last one key should be active and we don't care about all previous keys, right?
Trace back:
There is about 14,000 Callback token in the system. Using drfpasswordless==1.5.6
Here is my understanding of the problem: In this scenario, there is two callback token with key '585258'. For one
active
is true, for others it is false. Whenpasswordless
try to create another token for the user withactive
true,drfpasswordless.signals.invalidate_previous_tokens
runs and creates this error.