From c6e35cb8b57bf5f4fd7c016e7560c2025a85b7c5 Mon Sep 17 00:00:00 2001
From: William Panting <willtp87@hotmail.com>
Date: Mon, 10 Dec 2012 12:27:58 -0400
Subject: [PATCH] better docs, implemented cron to remove expired
 authentication tokens from the database

---
 README                            |  8 ++++++++
 includes/islandora_authtokens.inc | 10 ++++++++++
 islandora.module                  | 10 ++++++++++
 3 files changed, 28 insertions(+)

diff --git a/README b/README
index 1a3479e8..c9784a95 100644
--- a/README
+++ b/README
@@ -38,6 +38,14 @@ INSTALLATION
 CONFIGURATION
 -------------
 
+The islandora_drupal_filter passes the username of 'anonymous' through to 
+Fedora for unauthenticated Drupal Users.  A user with the name of 'anonymous'
+may have XACML policies applied to them that are meant to be applied to Drupal
+users that are not logged in or vice-versa.  This is a potential security issue
+that can be plugged by creating a user named 'anonymous' and restricting access
+to the account.
+
+Drupal's cron will can be ran to remove expired authentication tokens.
 
 CUSTOMIZATION
 -------------
diff --git a/includes/islandora_authtokens.inc b/includes/islandora_authtokens.inc
index 44b02578..f7861a0b 100644
--- a/includes/islandora_authtokens.inc
+++ b/includes/islandora_authtokens.inc
@@ -110,3 +110,13 @@ function islandora_validate_object_token($pid, $dsid, $token) {
     return FALSE;
   }
 }
+
+/**
+ * Will remove any expired authentication tokens.
+ */
+function islandora_remove_expired_tokens() {
+  $time = time();
+  db_delete("islandora_authtokens")
+    ->condition('time', $time - TOKEN_TIMEOUT, '<')
+    ->execute();
+}
diff --git a/islandora.module b/islandora.module
index 388b2895..a67efcf3 100644
--- a/islandora.module
+++ b/islandora.module
@@ -872,3 +872,13 @@ function islandora_post_delete_datastream(FedoraObject $object, $datastream_id)
     module_invoke_all($hook, $object, $datastream_id);
   }
 }
+
+/**
+ * Implements hook_cron()
+ * 
+ * Removes expired authentication tokens.
+ */
+function islandora_cron() {
+  module_load_include('inc', 'islandora', 'includes/islandora_authtokens');
+  islandora_remove_expired_tokens();
+}