fix: use exact timestamp comparison for API key expiry check#29756
Open
prathamesh04 wants to merge 1 commit into
Open
fix: use exact timestamp comparison for API key expiry check#29756prathamesh04 wants to merge 1 commit into
prathamesh04 wants to merge 1 commit into
Conversation
The previous implementation used setHours(0, 0, 0, 0) which truncated both dates to midnight for day-level granularity comparison. This caused: 1. Keys expired at any time during the day to be accepted until midnight 2. The expiresAt Date object to be mutated (time zeroed to midnight) Fixes calcom#29728
Contributor
|
Welcome to Cal.diy, @prathamesh04! Thanks for opening this pull request. A few things to keep in mind:
A maintainer will review your PR soon. Thanks for contributing! |
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe API key authentication strategy now compares 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
API keys with an
expiresAttimestamp that has already passed are still accepted by the API v2 authentication layer. The expiry comparison uses day-level granularity viasetHours(0, 0, 0, 0), causing:expiresAtDate object to be mutated (time zeroed to midnight)Fixes #29728
Solution
Changed the comparison to use exact timestamps instead of day-level granularity:
This ensures:
expiresAttime has passedexpiresAtDate object is not mutated