From b4d3f2e648db3c768cd07cdd42812cbafa7ae59f Mon Sep 17 00:00:00 2001 From: Toby Zerner Date: Sat, 5 Dec 2015 15:24:05 +1030 Subject: [PATCH] Garbage-collect email/password/auth tokens. closes #217 --- framework/core/src/Http/AbstractServer.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/framework/core/src/Http/AbstractServer.php b/framework/core/src/Http/AbstractServer.php index e85f93d61..a2d5cd5d8 100644 --- a/framework/core/src/Http/AbstractServer.php +++ b/framework/core/src/Http/AbstractServer.php @@ -10,6 +10,9 @@ namespace Flarum\Http; +use Flarum\Core\AuthToken; +use Flarum\Core\EmailToken; +use Flarum\Core\PasswordToken; use Flarum\Foundation\Application; use Zend\Diactoros\Server; use Flarum\Foundation\AbstractServer as BaseAbstractServer; @@ -45,6 +48,12 @@ abstract class AbstractServer extends BaseAbstractServer { if ($this->hitsLottery()) { AccessToken::whereRaw('last_activity <= ? - lifetime', [time()])->delete(); + + $earliestToKeep = date('Y-m-d H:i:s', time() - 24 * 60 * 60); + + EmailToken::where('created_at', '<=', $earliestToKeep)->delete(); + PasswordToken::where('created_at', '<=', $earliestToKeep)->delete(); + AuthToken::where('created_at', '<=', $earliestToKeep)->delete(); } }