Skip to content

fix(policy): treat malformed expiresAt as expired, not active#92

Open
forgou37 wants to merge 1 commit into
profullstack:masterfrom
forgou37:fix/policy-date-parse-nan
Open

fix(policy): treat malformed expiresAt as expired, not active#92
forgou37 wants to merge 1 commit into
profullstack:masterfrom
forgou37:fix/policy-date-parse-nan

Conversation

@forgou37

@forgou37 forgou37 commented Jul 3, 2026

Copy link
Copy Markdown

Fixes a bug where a policy grant with an invalid (NaN/null) expiresAt value was treated as active instead of expired. Now falls back to treating it as already expired, which is the safe default.

Found via QA testing for /bug-fixes gig.

Date.parse() returns NaN for invalid date strings. Previously, a grant
with expiresAt set to a malformed value (e.g. 'invalid') would pass the
expiry check (NaN > Date.now() === false, but the falsy NaN would skip
the check due to how the condition was written—or more precisely, would
evaluate incorrectly).

Now, if expiresAt is present but cannot be parsed, the grant is treated
as expired/invalid rather than silently allowing access.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant