Purge command using wrong query for expired tokens #1770
Description
Passport Version
12.2.0
Laravel Version
11.10
PHP Version
8.3.7
Database Driver & Version
MySQL 8.3.0
Description
When you use the command passport:purge to purge all the revoked and expired tokens, if you use the argument --hours; the tokens that expire the same day as today; are not going to expire until the next day.
The problem is in the PurgeCommand class, that the query for controlling the expired tokens, is using whereDate and orWhereDate; instead of where and orWhere. With this condition, the hours argument is not taken into account, so, tokens that expired one hour ago, are going to work all day, because, there is an another error, that the expired tokens, still work and are not revoked.
Apart from this version of the library, there is a Laravel 9.52.5, with Passport 11.8.4, PHP 8.1.16 and MySQL 5.7.11 with the same error.
Steps To Reproduce
- Create a token with a expires_at date of today.
- Change the date manually or wait until the token is expired.
- Use the
passport:purge --hours=1command to purge all revoked and expired tokens for more than 1 hour. - Check that the revoked tokens are purged, but the expired token not.
Creating a scheduled task to execute this instead of the purge command, works:
$expired = Carbon::now();
Passport::token()->where('revoked', 1)->orWhere('expires_at', '<', $expired)->delete();
Passport::authCode()->where('revoked', 1)->orWhere('expires_at', '<', $expired)->delete();
Passport::refreshToken()->where('revoked', 1)->orWhere('expires_at', '<', $expired)->delete();The queries are the same as the PurgeCommand class, lines 41-43. The change has to be done also in lines 55-57.