Prune expires_at tokens (#385)

* Prune expires_at tokens

* Fix missing test for when expires_at is null

* Always prune by expires_at

* StyleCI fixes

* formatting

Co-authored-by: Taylor Otwell <taylor@laravel.com>

src/Console/Commands/PruneExpired.php

@@ -28,20 +28,26 @@ class PruneExpired extends Command
      */
     public function handle()
     {
-        if ($expiration = config('sanctum.expiration')) {
-            $model = Sanctum::$personalAccessTokenModel;
-
-            $hours = $this->option('hours');
+        $model = Sanctum::$personalAccessTokenModel;
 
-            $model::where('created_at', '<', now()->subMinutes($expiration + ($hours * 60)))->delete();
+        $hours = $this->option('hours');
 
-            $this->components->info("Tokens expired for more than [$hours hours] pruned successfully.");
+        $this->components->task(
+            'Pruning tokens with expired expires_at timestamps',
+            fn () => $model::where('expires_at', '<', now()->subHours($hours))->delete()
+        );
 
-            return 0;
+        if ($expiration = config('sanctum.expiration')) {
+            $this->components->task(
+                'Pruning tokens with expired expiration value based on configuration file',
+                fn () => $model::where('created_at', '<', now()->subMinutes($expiration + ($hours * 60)))->delete()
+            );
+        } else {
+            $this->components->warn('Expiration value not specified in configuration file.');
         }
 
-        $this->components->warn('Expiration value not specified in configuration file.');
+        $this->components->info("Tokens expired for more than [$hours hours] pruned successfully.");
 
-        return 1;
+        return 0;
     }
 }

tests/PruneExpiredTest.php

@@ -94,6 +94,51 @@ public function test_cant_delete_expired_tokens_with_null_expiration()
         $this->assertDatabaseHas('personal_access_tokens', ['name' => 'Test']);
     }
 
+    public function test_can_delete_expired_tokens_with_expires_at_expiration()
+    {
+        $this->loadLaravelMigrations(['--database' => 'testbench']);
+        $this->artisan('migrate', ['--database' => 'testbench'])->run();
+
+        config(['sanctum.expiration' => 60]);
+
+        $user = UserForPruneExpiredTest::forceCreate([
+            'name' => 'Taylor Otwell',
+            'email' => 'taylor@laravel.com',
+            'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi',
+        ]);
+
+        $token_1 = PersonalAccessToken::forceCreate([
+            'tokenable_id' => $user->id,
+            'tokenable_type' => get_class($user),
+            'name' => 'Test_1',
+            'token' => hash('sha256', 'test_1'),
+            'expires_at' => now()->subMinutes(121),
+        ]);
+
+        $token_2 = PersonalAccessToken::forceCreate([
+            'tokenable_id' => $user->id,
+            'tokenable_type' => get_class($user),
+            'name' => 'Test_2',
+            'token' => hash('sha256', 'test_2'),
+            'expires_at' => now()->subMinutes(119),
+        ]);
+
+        $token_3 = PersonalAccessToken::forceCreate([
+            'tokenable_id' => $user->id,
+            'tokenable_type' => get_class($user),
+            'name' => 'Test_3',
+            'token' => hash('sha256', 'test_3'),
+            'expires_at' => null,
+        ]);
+
+        $this->artisan('sanctum:prune-expired --hours=2')
+            ->expectsOutputToContain('Tokens expired for more than [2 hours] pruned successfully.');
+
+        $this->assertDatabaseMissing('personal_access_tokens', ['name' => 'Test_1']);
+        $this->assertDatabaseHas('personal_access_tokens', ['name' => 'Test_2']);
+        $this->assertDatabaseHas('personal_access_tokens', ['name' => 'Test_3']);
+    }
+
     protected function getPackageProviders($app)
     {
         return [SanctumServiceProvider::class];