Review notes.

docs/settings.md

@@ -76,7 +76,7 @@ This is the reference to the class used to serialize the `User` objects when
 successfully returning from `LoginView`. The default is `knox.serializers.UserSerializer`
 
 ## AUTO_REFRESH
-This defines if the token expiry time is extended by AUTO_REFRESH_TOKEN_TTL each time the token
+This defines if the token expiry time is extended by TOKEN_TTL each time the token
 is used.
 
 ## AUTO_REFRESH_MAX_TTL

knox/auth.py

@@ -77,7 +77,8 @@ def renew_token(self, auth_token) -> None:
 
         # Do not auto-renew tokens past AUTO_REFRESH_MAX_TTL.
         if knox_settings.AUTO_REFRESH_MAX_TTL is not None:
-            new_expiry = min(new_expiry, auth_token.created + knox_settings.AUTO_REFRESH_MAX_TTL)
+            max_expiry = auth_token.created + knox_settings.AUTO_REFRESH_MAX_TTL
+            new_expiry = min(new_expiry, max_expiry)
 
         auth_token.expiry = new_expiry
 

tests/tests.py

@@ -316,7 +316,7 @@ def test_token_expiry_is_not_extended_within_MIN_REFRESH_INTERVAL(self):
             reload(auth)  # necessary to reload settings in core code
             with freeze_time(in_min_interval):
                 response = self.client.get(root_url, {}, format='json')
-        reload(auth)
+        reload(auth)  # necessary to reload settings in core code
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(original_expiry, AuthToken.objects.get().expiry)
@@ -337,7 +337,7 @@ def test_token_expiry_is_not_extended_past_max_ttl(self):
             self.assertEqual(auth.knox_settings.AUTO_REFRESH_MAX_TTL, timedelta(hours=12))
             with freeze_time(five_hours_later):
                 response = self.client.get(root_url, {}, format='json')
-        reload(auth)
+        reload(auth)  # necessary to reload settings in core code
         self.assertEqual(response.status_code, 200)
 
         # original expiry date was extended, but not past max_ttl: