Refresh token not updated in user document after issuing new one in  refreshAccessToken method

## Description

In the `refreshAccessToken` method, a new refresh token is generated, but it is not stored back in the user's record in the database.

This results in:
- Old refresh tokens still remaining valid
- New refresh tokens not being persisted
- Potential security issues if the old token is used again (replay attacks)

## Steps to Reproduce
1. Login and get a refresh token.
2. Call the refresh endpoint to generate new tokens.
3. Check the database — the `user.refreshToken` is not updated.

## Suggested Fix
After generating a new refresh token, update the user's document:
```js
user.refreshToken = newRefreshToken;
await user.save({ validateBeforeSave: false });


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Refresh token not updated in user document after issuing new one in refreshAccessToken method #215

Description

Steps to Reproduce

Suggested Fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Refresh token not updated in user document after issuing new one in refreshAccessToken method #215

Description

Description

Steps to Reproduce

Suggested Fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions