[bug] increase time before expired requests are garbage collected to 1 week

[kbond]

Fix for #100.

[jrushlow]

I'm in favor of the concept of this change, but it will break manual garbage collection runs. I think that using reset-password:remove-expired should remove requests that are expired at the time the command is run. This allows for a more customized garbage collection implementation.

But if we merge this PR in now, it forces the command to leave expired requests in persistence.

[weaverryan]

Hmm, good point. Do you have some ideas how to do this @jrushlow? We could add an optional \DateTimeInterface $since argument to removeExpiredResetPasswordRequests(), but then we would still need to call that with different arguments from ResetPasswordCleaner:: handleGarbageCollection() based on the context.

Whatever we do, let's try to get it done as quickly as we can. This could contain a BC break... and I don't want to release a v2 for an internal interface change. So we might be able to "get away with it" if we have a fast release - I can take the blame :)

[kbond]

I would want the garbage collection command to follow the same logic as the auto (or at least be configurable). If running the cron nightly, I wouldn't want to prevent people who requested the day before to not get the expired token message if they click the link the day after the cron job.

[weaverryan]

Fair point :).

So, I'm guessing that we probably need to make this "1 week ago" part configurable. Which means:

A) Add an argument to removeExpiredResetPasswordRequests() for the Date
B) Pass the correct DateTime in from ResetPasswordCleaner:: handleGarbageCollection()
C) Add a Configuration option to default it to -1 week

Thoughts?

[weaverryan]

Going to merge and keep it simple for now. Thanks @kbond!