fix(login): improve duration undefined check (#10949)

# Which Problems Are Solved In the login we often check if a GRPC Duration is not defined however it can also be set to 0. Using the API it's possible to set the password check lifetime to zero which broke the login v2. # How the Problems Are Solved Also check if the GRPC Duration seconds field is not 0 # Additional Context - May help if the issue here is actually accidentally setting password lifetime check to 0 using the API #10865 Co-authored-by: Max Peintner <max@caos.ch>
2025-12-27 13:16:43 +00:00 · 2025-10-27 16:03:32 +08:00
parent 44b7f1013f
commit 16b21569db
5 changed files with 6 additions and 6 deletions
--- a/apps/login/src/lib/server/cookie.ts
+++ b/apps/login/src/lib/server/cookie.ts
@@ -50,7 +50,7 @@ export async function createSessionAndUpdateCookie(command: {

  let sessionLifetime = command.lifetime;

-  if (!sessionLifetime) {
+  if (!sessionLifetime || !sessionLifetime.seconds) {
    console.warn("No session lifetime provided, using default of 24 hours.");

    sessionLifetime = {
@@ -123,7 +123,7 @@ export async function createSessionForIdpAndUpdateCookie({

  let sessionLifetime = lifetime;

-  if (!sessionLifetime) {
+  if (!sessionLifetime || !sessionLifetime.seconds) {
    console.warn("No IDP session lifetime provided, using default of 24 hours.");

    sessionLifetime = {
--- a/apps/login/src/lib/server/passkeys.ts
+++ b/apps/login/src/lib/server/passkeys.ts
@@ -283,7 +283,7 @@ export async function sendPasskey(command: SendPasskeyCommand) {
      ? loginSettings?.secondFactorCheckLifetime
      : undefined;

-  if (!lifetime) {
+  if (!lifetime || !lifetime.seconds) {
    console.warn("No passkey lifetime provided, defaulting to 24 hours");

    lifetime = {
--- a/apps/login/src/lib/server/password.ts
+++ b/apps/login/src/lib/server/password.ts
@@ -160,7 +160,7 @@ export async function sendPassword(command: UpdateSessionCommand): Promise<{ err

    let lifetime = loginSettings.passwordCheckLifetime;

-    if (!lifetime) {
+    if (!lifetime || !lifetime.seconds) {
      console.warn("No password lifetime provided, defaulting to 24 hours");
      lifetime = {
        seconds: BigInt(60 * 60 * 24), // default to 24 hours
--- a/apps/login/src/lib/server/session.ts
+++ b/apps/login/src/lib/server/session.ts
@@ -148,7 +148,7 @@ export async function updateSession(options: UpdateSessionCommand) {
      ? loginSettings?.secondFactorCheckLifetime
      : undefined;

-  if (!lifetime) {
+  if (!lifetime || !lifetime.seconds) {
    console.warn("No lifetime provided for session, defaulting to 24 hours");
    lifetime = {
      seconds: BigInt(60 * 60 * 24), // default to 24 hours
--- a/console/src/app/modules/policies/login-policy/login-policy.component.ts
+++ b/console/src/app/modules/policies/login-policy/login-policy.component.ts
@@ -23,7 +23,7 @@ import { WarnDialogComponent } from '../../warn-dialog/warn-dialog.component';
 import { PolicyComponentServiceType } from '../policy-component-types.enum';
 import { LoginMethodComponentType } from './factor-table/factor-table.component';
 import { map, takeUntil } from 'rxjs/operators';
-import { LoginPolicyService } from '../../../services/login-policy.service';
+import { LoginPolicyService } from 'src/app/services/login-policy.service';

 const minValueValidator = (minValue: number) => (control: AbstractControl) => {
  const value = control.value;