went over most of the changed attributes from the other pr

src/User/AuthToken.php

@@ -11,12 +11,14 @@
 
 namespace Flarum\User;
 
-use DateTime;
+use Carbon\Carbon;
 use Flarum\Database\AbstractModel;
 use Flarum\User\Exception\InvalidConfirmationTokenException;
 
 /**
- * @todo document database columns with @property
+ * @property string $token
+ * @property \Carbon\Carbon $created_at
+ * @property string $payload
  */
 class AuthToken extends AbstractModel
 {
@@ -37,10 +39,15 @@ class AuthToken extends AbstractModel
      */
     public $incrementing = false;
 
+    /**
+     * {@inheritdoc}
+     */
+    protected $primaryKey = 'token';
+
     /**
      * Generate an email token for the specified user.
      *
-     * @param string $email
+     * @param string $payload
      *
      * @return static
      */
@@ -48,7 +55,7 @@ class AuthToken extends AbstractModel
     {
         $token = new static;
 
-        $token->id = str_random(40);
+        $token->token = str_random(40);
         $token->payload = $payload;
         $token->created_at = time();
 
@@ -80,17 +87,18 @@ class AuthToken extends AbstractModel
      * Find the token with the given ID, and assert that it has not expired.
      *
      * @param \Illuminate\Database\Eloquent\Builder $query
-     * @param string $id
+     * @param string $token
      *
-     * @throws \Flarum\User\Exception\InvalidConfirmationTokenException
+     * @throws InvalidConfirmationTokenException
      *
-     * @return static
+     * @return AuthToken
      */
-    public function scopeValidOrFail($query, $id)
+    public function scopeValidOrFail($query, string $token)
     {
-        $token = $query->find($id);
+        /** @var AuthToken $token */
+        $token = $query->find($token);
 
-        if (! $token || $token->created_at < new DateTime('-1 day')) {
+        if (! $token || $token->created_at->lessThan(Carbon::now()->subDay())) {
             throw new InvalidConfirmationTokenException;
         }
 

src/User/Command/RequestPasswordResetHandler.php

@@ -107,7 +107,7 @@ class RequestPasswordResetHandler
 
         $data = [
             '{username}' => $user->display_name,
-            '{url}' => $this->url->to('forum')->route('resetPassword', ['token' => $token->id]),
+            '{url}' => $this->url->to('forum')->route('resetPassword', ['token' => $token->token]),
             '{forum}' => $this->settings->get('forum_title'),
         ];
 

src/User/PasswordToken.php

@@ -14,7 +14,9 @@ namespace Flarum\User;
 use Flarum\Database\AbstractModel;
 
 /**
- * @todo document database columns with @property
+ * @property string $token
+ * @property \Carbon\Carbon $created_at
+ * @property int $user_id
  */
 class PasswordToken extends AbstractModel
 {
@@ -35,17 +37,22 @@ class PasswordToken extends AbstractModel
      */
     public $incrementing = false;
 
+    /**
+     * {@inheritdoc}
+     */
+    protected $primaryKey = 'token';
+
     /**
      * Generate a password token for the specified user.
      *
      * @param int $userId
      * @return static
      */
-    public static function generate($userId)
+    public static function generate(int $userId)
     {
         $token = new static;
 
-        $token->id = str_random(40);
+        $token->token = str_random(40);
         $token->user_id = $userId;
         $token->created_at = time();
 

src/User/User.php

@@ -39,6 +39,7 @@ use Symfony\Component\HttpFoundation\Session\SessionInterface;
 /**
  * @property int $id
  * @property string $username
+ * @property string $display_name
  * @property string $email
  * @property bool $is_email_confirmed
  * @property string $password