Skip to content

[4.x] Clean up expired impersonation tokens instead of just aborting, add command for cleaning up expired tokens #1387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

[4.x] Clean up expired impersonation tokens instead of just aborting, add command for cleaning up expired tokens #1387

wants to merge 4 commits into from

Conversation

lukinovec
Copy link
Contributor

This PR makes the expired/invalid tenant impersonation tokens get deleted instead of just aborting with 403.

The PR also adds a command (ClearExpiredImpersonationTokens) used like php artisan tenants:clear-expired-impersonation-tokens. As the name suggests, it clears all expired impersonation tokens. By default, all tokens older than UserImpersonation::$ttl are deleted, but you can pass the --ttl=X option to override this (e.g. php artisan tenants:clear-expired-impersonation-tokens --ttl=10` will delete all tokens older than 10 seconds.

Resolves #1348

@codecov Codecov
Copy link

codecov bot commented Aug 6, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.01%. Comparing base (3984d64) to head (d2f55e6).

Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #1387      +/-   ##
============================================
+ Coverage     85.95%   86.01%   +0.06%     
- Complexity     1098     1102       +4     
============================================
  Files           178      179       +1     
  Lines          3204     3218      +14     
============================================
+ Hits           2754     2768      +14     
  Misses          450      450

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

stancl
stancl reviewed Aug 25, 2025
View reviewed changes
src/Commands/ClearExpiredImpersonationTokens.php
Comment on lines +11 to +14
* This command clears expired impersonation tokens.
* By default, all tokens older than UserImpersonation::$ttl (60 seconds by default)
* are deleted. To override this, you can use the --ttl option, for example
* --ttl=120, all tokens older than 120 seconds will be deleted, ignoring the default.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a use case for wanting to keep expired tokens?

@stancl stancl marked this pull request as draft August 25, 2025 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stancl stancl stancl left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Some ImpersonationTokens are not cleaned up
2 participants
@lukinovec @stancl