From 09ae9e49bdcc536349c1f8e41663bdad1f0165e1 Mon Sep 17 00:00:00 2001
From: gerhardqux <gerhard@qux.nl>
Date: Thu, 1 Oct 2020 01:16:28 +0200
Subject: [PATCH] Do not remove users with API tokens (#12162)

* Do not remove users with API tokens

* Use eloquent

* Fix missing namespace and convert fully to Eloquent

* fix bug in purge

Co-authored-by: Tony Murray <murraytony@gmail.com>
---
 daily.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/daily.php b/daily.php
index e7954fcdc7..70fe113acf 100644
--- a/daily.php
+++ b/daily.php
@@ -310,12 +310,13 @@ if ($options['f'] === 'purgeusers') {
             $purge = \LibreNMS\Config::get('active_directory.users_purge');
         }
         if ($purge > 0) {
-            foreach (dbFetchRows('SELECT DISTINCT(`user`) FROM `authlog` WHERE `datetime` >= DATE_SUB(NOW(), INTERVAL ? DAY)', [$purge]) as $user) {
-                $users[] = $user['user'];
-            }
+            $users = \App\Models\AuthLog::where('datetime', '>=', \Carbon\Carbon::now()->subDays($purge))
+                ->distinct()->pluck('user')
+                ->merge(\App\Models\User::has('apiToken')->pluck('username')) // don't purge users with api tokens
+                ->unique();
 
-            if (dbDelete('users', 'username NOT IN ' . dbGenPlaceholders(count($users)), $users)) {
-                echo "Removed users that haven't logged in for $purge days";
+            if (\App\Models\User::thisAuth()->whereNotIn('username', $users)->delete()) {
+                echo "Removed users that haven't logged in for $purge days\n";
             }
         }
     } catch (LockException $e) {