Don't allow the newly created token to be ejected in `clean_old_tokens`

[theblang]

We hit an odd situation with our Pingdom user, where it ended up having 10 tokens (the default max_number_of_devices) with an expiry slightly too far into the future. That in itself is still a mystery. But it caused a situation where the user couldn't log in, because the newly created token (with a proper expiry) was the one being ejected in clean_old_tokens. I think we should change that logic to never eject the token that was just created, otherwise the user can't sign in. Barring my odd situation, you might do something like change token_lifespan to be earlier.

[dalima-dev]

Got same problem here, me and my team suspect of this year being a leap year is causing that behavior.

[theblang]

me and my team suspect of this year being a leap year is causing that behavior.

Ahh, that's a good thought!

[pedroara]

Although I think we should focus on cause of the tokens that get generated with a larger expiry than the configured lifespan the changes you suggest could solve the problem

[MaicolBen]

I could know how to fix it but I wasn't able to reproduce it with a test, so any more reproduction info is useful.

[javaharut]

I also faced such weird issue during my work so solved it and created pr, hope it will fix it.
#1643