From 98e41180044c6a62aafec2d341f7fd8af02109ec Mon Sep 17 00:00:00 2001 From: Julian Pufler Date: Wed, 25 Sep 2024 21:03:29 +0200 Subject: [PATCH] fix(core): Correctly parse numeric sessionDuration and verificationTokenDuration values (#3080) --- .../verification-token-generator.ts | 9 +++++++-- packages/core/src/service/services/session.service.ts | 6 +++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/packages/core/src/service/helpers/verification-token-generator/verification-token-generator.ts b/packages/core/src/service/helpers/verification-token-generator/verification-token-generator.ts index de390227ee..6d27f60374 100644 --- a/packages/core/src/service/helpers/verification-token-generator/verification-token-generator.ts +++ b/packages/core/src/service/helpers/verification-token-generator/verification-token-generator.ts @@ -28,11 +28,16 @@ export class VerificationTokenGenerator { * as specified in the VendureConfig. */ verifyVerificationToken(token: string): boolean { - const duration = ms(this.configService.authOptions.verificationTokenDuration as string); + const { verificationTokenDuration } = this.configService.authOptions; + const verificationTokenDurationInMs = + typeof verificationTokenDuration === 'string' + ? ms(verificationTokenDuration) + : verificationTokenDuration; + const [generatedOn] = token.split('_'); const dateString = Buffer.from(generatedOn, 'base64').toString(); const date = new Date(dateString); const elapsed = +new Date() - +date; - return elapsed < duration; + return elapsed < verificationTokenDurationInMs; } } diff --git a/packages/core/src/service/services/session.service.ts b/packages/core/src/service/services/session.service.ts index 1b46aa28f7..13c4568329 100644 --- a/packages/core/src/service/services/session.service.ts +++ b/packages/core/src/service/services/session.service.ts @@ -37,7 +37,11 @@ export class SessionService implements EntitySubscriberInterface { private orderService: OrderService, ) { this.sessionCacheStrategy = this.configService.authOptions.sessionCacheStrategy; - this.sessionDurationInMs = ms(this.configService.authOptions.sessionDuration as string); + + const { sessionDuration } = this.configService.authOptions; + this.sessionDurationInMs = + typeof sessionDuration === 'string' ? ms(sessionDuration) : sessionDuration; + // This allows us to register this class as a TypeORM Subscriber while also allowing // the injection on dependencies. See https://docs.nestjs.com/techniques/database#subscribers this.connection.rawConnection.subscribers.push(this);