{2.x] feat(gdpr): port confirmation token invalidation, IP logging and IP purge#4423
Merged
{2.x] feat(gdpr): port confirmation token invalidation, IP logging and IP purge#4423
Conversation
…urge (#4419) Ports flarum/gdpr PR #70 (1.x) to 2.x: - Token invalidation: verification_token set to null on confirmation, making email links true one-time links - Processed-request guard: re-visiting a confirmation link for a processed/manual request returns 422 - Confirmation IP logging: client IP stored in new confirmation_ip column on gdpr_erasure - 90-day IP purge: new gdpr:clear-confirmation-ips console command (scheduled daily) nulls confirmation_ip on records where user_confirmed_at is older than 90 days - Modal timestamps: ProcessErasureRequestModal now shows requested-at, confirmed-at, and eligible-for-auto-processing dates Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Extract createdAt/userConfirmedAt to local consts so TypeScript's truthiness narrowing resolves Date | null | undefined to Date, avoiding any non-null assertions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
imorland
changed the title
gdpr_erasure has a unique constraint on user_id. Each test fixture row needs a distinct user. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ports flarum/gdpr PR #70 (1.x) to 2.x. No controller API layer changes were needed — the existing PSR-7
RequestHandlerInterfaceandIlluminate\Console\Commandpatterns are identical between versions.verification_tokenis set tonullon confirmation so the email link is a true one-time linkprocessedormanualrequest returns 422 instead of silently resetting its status$request->getAttribute('ipAddress')) is stored in a newconfirmation_ipcolumn ongdpr_erasuregdpr:clear-confirmation-ipsconsole command (scheduled daily) nullsconfirmation_ipon records whereuser_confirmed_atis older than 90 daysProcessErasureRequestModalnow shows requested-at, confirmed-at, and eligible-for-auto-processing dates;ErasureRequestsListshowsuserConfirmedAtas the datetimeTest plan
vendor/bin/phpunit tests/integration/forum/ConfirmErasureTest.php— all tests pass including new token nullification, IP storage, and processed/manual guard testsvendor/bin/phpunit tests/integration/console/ClearConfirmationIpsTest.php— all tests passprocessedrequest returns 422php flarum gdpr:clear-confirmation-ipsand verify IPs older than 90 days are cleared from DBphp flarum schedule:listshows the new command scheduled dailyCloses #4419
🤖 Generated with Claude Code