From 70b37d47d9dcafe272d51072848a57f210a31b8e Mon Sep 17 00:00:00 2001
From: JediKev <kevin@enhancesoft.com>
Date: Wed, 15 Aug 2018 14:00:47 -0500
Subject: [PATCH] cron: Clean Expired Passwd Resets

This adds functionality to clean expired password reset tokens on cron runs.
---
 include/class.config.php | 14 ++++++++++++++
 include/class.cron.php   |  6 ++++++
 2 files changed, 20 insertions(+)

diff --git a/include/class.config.php b/include/class.config.php
index 6ce3716b9..32f5ca702 100644
--- a/include/class.config.php
+++ b/include/class.config.php
@@ -176,6 +176,20 @@ extends VerySimpleModel {
             $this->updated = SqlFunction::NOW();
         return parent::save($this->dirty || $refetch);
     }
+
+    // Clean password reset tokens that have expired
+    static function cleanPwResets() {
+        global $cfg;
+
+        if (!$cfg || !($period = $cfg->getPwResetWindow())) // In seconds
+            return false;
+
+        return ConfigItem::objects()
+             ->filter(array(
+                'namespace' => 'pwreset',
+                'updated__lt' => SqlFunction::NOW()->minus(SqlInterval::SECOND($period)),
+            ))->delete();
+    }
 }
 
 class OsticketConfig extends Config {
diff --git a/include/class.cron.php b/include/class.cron.php
index 232d6bf2b..5db0a5b7b 100644
--- a/include/class.cron.php
+++ b/include/class.cron.php
@@ -56,6 +56,11 @@ class Cron {
         DbSessionBackend::cleanup();
     }
 
+    function CleanPwResets() {
+        require_once(INCLUDE_DIR.'class.config.php');
+        ConfigItem::cleanPwResets();
+    }
+
     function MaybeOptimizeTables() {
         // Once a week on a 5-minute cron
         $chance = rand(1,2000);
@@ -106,6 +111,7 @@ class Cron {
         self::TicketMonitor();
         self::PurgeLogs();
         self::CleanExpiredSessions();
+        self::CleanPwResets();
         // Run file purging about every 10 cron runs
         if (mt_rand(1, 9) == 4)
             self::CleanOrphanedFiles();
-- 
GitLab