PRUNplanner · jplacht · Apr 21, 2026 · Apr 20, 2026 · Apr 21, 2026
diff --git a/backend/tests/user/test_auth_apikey.py b/backend/tests/user/test_auth_apikey.py
@@ -88,7 +88,8 @@ def test_timestamp_update_logic(self, auth, factory, user, offset_minutes, shoul
             assert api_key_obj.last_used != initial_time
         else:
             assert user.last_login == initial_time
-            assert api_key_obj.last_used == initial_time
+            # api key will always get the last_used update
+            assert api_key_obj.last_used != initial_time
 
     def test_authenticate_extract_from_header_format(self, auth, factory, user):
         _, plain_key = UserAPIKey.objects.create_key(name='test', user=user)

diff --git a/backend/user/auth_apikey.py b/backend/user/auth_apikey.py
@@ -39,9 +39,9 @@ def authenticate(self, request):
                 user.last_login = now
                 user.save(update_fields=['last_login'])
 
-            if api_key.last_used is None or api_key.last_used < one_hour_ago:
-                api_key.last_used = now
-                api_key.save(update_fields=['last_used'])
+            # always update apikey last_used
+            api_key.last_used = now
+            api_key.save(update_fields=['last_used'])
 
             return (api_key.user, None)