Some ImpersonationTokens are not cleaned up

[nodra-vr]

Bug description

If aborts happen in UserImpersonation::makeResponse the token records are never cleaned up.

Steps to reproduce

Create an error state, or cause a timeout on redirects and trigger make response.

Expected behavior

A method or job that cleans up old token.

Laravel version

12.9.2

stancl/tenancy version

3.9.1

Ref.

tenancy/src/Features/UserImpersonation.php

Line 43 in d98a170

abort(403);

[stancl]

The abort probably isn't even necessary for this to happen, simply generating the URLs too generously where not all get visited (and therefore consumed) would cause this.

Probably going to add a command that cleans these up, where the created_at is older than some configurable interval (probably a CLI arg with some reasonable default/static property) which can then be scheduled as needed.

[nodra-vr]

To me users not hitting the URL is outside the scope of the library, documentation is key here. A cleanup Command or Task would be a nice feature to have.

The aborts on the other hand, something like the example below feels cleaner and may solve those leaks:

        $token = $token instanceof ImpersonationToken ? $token : ImpersonationToken::findOrFail($token);
        try {
            if (((string) $token->tenant_id) !== ((string) tenant()->getTenantKey())) {
                abort(403);
            }
            if ($token->created_at->diffInSeconds(Carbon::now()) > ($ttl ?? static::$ttl)) {
                abort(403);
            }
            Auth::guard($token->auth_guard)->loginUsingId($token->user_id);
            return redirect($token->redirect_url);
        } finally {
            $token->delete();
        }