From a7dcf98f7edd3786ea281c6ab4b12bfa4735e8d2 Mon Sep 17 00:00:00 2001
From: Ralin Chimev <ralinchimev@users.noreply.github.com>
Date: Sun, 15 May 2016 17:48:12 +0300
Subject: [PATCH] Fix overwriting the remember_token when a valid one already
 exists (#4101)

The remember_token should not get overwritten when a user is
signing in and a valid token already exists.

Fixes #3950.
---
 lib/devise/models/rememberable.rb |  2 +-
 test/models/rememberable_test.rb  | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/devise/models/rememberable.rb b/lib/devise/models/rememberable.rb
index 75217d85..bfb2f3ad 100644
--- a/lib/devise/models/rememberable.rb
+++ b/lib/devise/models/rememberable.rb
@@ -48,7 +48,7 @@ module Devise
       # TODO: We were used to receive a extend period argument but we no longer do.
       # Remove this for Devise 4.0.
       def remember_me!(*)
-        self.remember_token = self.class.remember_token if respond_to?(:remember_token)
+        self.remember_token ||= self.class.remember_token if respond_to?(:remember_token)
         self.remember_created_at ||= Time.now.utc
         save(validate: false) if self.changed?
       end
diff --git a/test/models/rememberable_test.rb b/test/models/rememberable_test.rb
index 055a778b..09db673b 100644
--- a/test/models/rememberable_test.rb
+++ b/test/models/rememberable_test.rb
@@ -16,6 +16,18 @@ class RememberableTest < ActiveSupport::TestCase
     assert user.remember_created_at
   end
 
+  test 'remember_me should not generate a new token if valid token exists' do
+    user = create_user
+    user.singleton_class.send(:attr_accessor, :remember_token)
+    User.to_adapter.expects(:find_first).returns(nil)
+
+    user.remember_me!
+    existing_token = user.remember_token
+
+    user.remember_me!
+    assert_equal existing_token, user.remember_token
+  end
+
   test 'forget_me should not clear remember token if using salt' do
     user = create_user
     user.remember_me!